Bypassing Frida detection in Android

Рет қаралды 15,968

Жыл бұрын

#frida #rootdetection #fridadetection #android #pentest #r2pay
Hello everyone, in this video we are going to learn some new techniques which are used in android app for detecting frida based on some frida artifacts in the memory and filesystem.
For learning purpose we have used the application from MSTG crackme i.e r2pay.
You can download this app directly from their github page: github.com/OWASP/owasp-mastg/...
It has lot of detections like root detection, frida detection, hook detection for protecting the app from being reversed. This app uses libc functions to detect 2 artifacts one is "/proc/self/task/*/status" and the other is "/proc/self/fd/*".
As always feel free to comment down below in case you have any queries and i will reply as soon as i can.
Also, dont forget to hit a like button and subscribe to this channel to show your support. You can also follow us on twitter at @SecFatal.

Пікірлер: 66

@souravrouth5333 5 ай бұрын

Best Frida tutorial I have found till this date. Loved it. Please make more videos on Frida

@Fuddifadu Жыл бұрын

Awesome info, looking forward to your next video! Already subscribed!

@fatalsec Жыл бұрын

Thanks for the sub!

@ochacora3239 4 ай бұрын

@@fatalsecsir, can you make video why we can't inject Frida gadget in it..

@asadakhlaq1298 Жыл бұрын

Thankyou ! For sharing the knowledge.

@mhamademad Жыл бұрын

upload more quality content, subscribed / liked

@fatalsec Жыл бұрын

Thanks, sure more contents are coming soon.

@berkedel Жыл бұрын

Good presentation. Looking forward for next content

@fatalsec Жыл бұрын

Thanks for your feedback.

@P0K0 Жыл бұрын

Keep the good work

@ananthakrishnaner9807 Жыл бұрын

Well presented 😊

@fatalsec Жыл бұрын

Thanks man

@sumitKumar-pf9xo Жыл бұрын

Great informative video

@fatalsec Жыл бұрын

Thanks

@akki6094 Жыл бұрын

Amazing 🤩

@AkshayJain-fr3hf Жыл бұрын

Amazing video :)

@fatalsec Жыл бұрын

Thanks

@BeBarOfficial Жыл бұрын

very helpful

@alissonbezerra7 Жыл бұрын

Very good, my friend.

@fatalsec Жыл бұрын

Thanks

@kishorbal8070 Жыл бұрын

Hy bruh ..that was sooo good like your all other videos, Btw i would like to know what should i refer for making my own custom frida scripts?? As of now,all i do is just copying someone else' scripts from internet..😂.. I just wanted make my own frida scripts (I have the basics of JS coding). Also i would suggest you to share the frida scripts that you are making for your videos, just under their description section.

@fatalsec Жыл бұрын

Hi, thanks for the suggestion. I have already started maintaining a repository: github.com/fatalSec

@abhishekbandivadekar3999 Жыл бұрын

Would be really helpful if you could share resources to get deeper understanding of this. How to use Frida apis and stuff.

@fatalsec Жыл бұрын

You can get started with this resource it’s very good and useful. learnfrida.info

@wojiaowangjiaming 2 ай бұрын

Hey! Awesome videos thanks ! I’m trying to adapt your method on other apps unfortunately I’m not able to see the lib where the error come from, I don’t have the same stack trace as yours. Mine is juste Java runtime stuff and i don’t have the backtrace at the end for example. Do you have any clues why ?

@fatalsec 2 ай бұрын

Hi, this could be because there are no native libraries present in the app and the detection is being done on the java layer itself. You can use the Process.setExceptionHandler() to catch exceptions and backtrace from there.

@trantrungkien2790 10 ай бұрын

amazing content i love it

@fatalsec 10 ай бұрын

Thank you! More content is on the way. Stay tuned.

@ontheweek559 Жыл бұрын

Please upload more about Frida...

@fatalsec Жыл бұрын

Sure, more videos are coming soon.

@still_alive02 4 ай бұрын

This is physical rooted device? I've heard frida doesn't works normally with emulators

@kurdm1482 Жыл бұрын

super fucking sueful thanks a ton

@KundonGautam 5 ай бұрын

sir do you have your own courses for your videos or only release here in youtube

@fatalsec 5 ай бұрын

No courses yet. But I do provide one to one trainings. If you are interested you can contact me on: secfatal@proton.me

@kundangautam6528 5 ай бұрын

@@fatalsec i have left you a message sir

@LEGENDSAHILL Жыл бұрын

Very useful video sir ............ Can you kill resso manually latest version

@fatalsec Жыл бұрын

You can connect with me on telegram to discuss more in detail. Are you on telegram?

@LEGENDSAHILL Жыл бұрын

@@fatalsec yes

@rachitbedi1 Жыл бұрын

Hi can you share the frida detection logic used in the app

@fatalsec Жыл бұрын

You mean the java/native code used to detect the logic?

@rachitbedi1 Жыл бұрын

@@fatalsec yeah the logic you are trying to bypass

@ayushmauryars 4 ай бұрын

Bro you're Indian na?

@exploitplays3835 Жыл бұрын

Is this mobxeler u r using?

@fatalsec Жыл бұрын

No, it’s my own customised Kali machine

@halshs1790 Жыл бұрын

Learn Course full Frida for android

@methadonmanfred2787 9 ай бұрын

unfortunatly this doesnt work for all apps. frida is still being detected

@fatalsec 9 ай бұрын

Yes, there are many ways to detect frida and every app is different. Until unless they are using the same protection libraries. So you have to understand the concept and work your way through it.

@user-fd8gb9qq6e Жыл бұрын

What is the android version of the emulator ?

@fatalsec Жыл бұрын

This is google pixel 4 running android 11.

@user-fd8gb9qq6e Жыл бұрын

@@fatalsec Thank you, can you share your telegram ID?

@BeBarOfficial Жыл бұрын

Can it crack anti frida libdexprotector?

@fatalsec Жыл бұрын

Well not out of the box. I am sure there are other checks as well in libdexprptector. You can try using these techniques and try to bypass.

@BeBarOfficial Жыл бұрын

Yes libxexrpotector checks on the cmdline, I tried the hex patch on the frida server lib tried to change the main name entered on the cmdline and it worked, so in conclusion the check is on the cmdline, but the lib is obscured so it's difficult.

@BeBarOfficial Жыл бұрын

@@fatalsec Can we continue chatting on telegram?

@fatalsec Жыл бұрын

Yes, let me know your telegram ID I will ping you.

@BeBarOfficial Жыл бұрын

@@fatalsec @ibadifal

@mistake262 Жыл бұрын

Accha😁😆😁😆😁😆😁😆😁😆😁

@trickshindi100 Жыл бұрын

Bhai Please Hindi Me Video Banao.... 😭 English Barrier ban chuki hai coding sikhne me.

@fatalsec Жыл бұрын

Jarur bhai kyu nahi! Hindi me b start karenge jaldi.

@jayedsadiq Жыл бұрын

Bro it shows failed to spawn: need gadget to attach with jailed Android. What should i do??

@fatalsec Жыл бұрын

It seems your frida server is not running on the device. Make sure that frida server is running as root.

@jayedsadiq Жыл бұрын

@@fatalsec drive.google.com/file/d/1kbnsXhj5iNIOrOfqcnLR35HOMrFGX_6S/view?usp=drivesdk here is the problem bro. I have installed server&gadget both on the emulator /data/local/tmp and granted chmod permission. But still facing the problem.

@ayaanalam4217 Жыл бұрын

At backtrace it showing /system/lib/libhoudini[dot]so and also it showing nothing on interceptor script after executing I am using genymotion emulator android 8 and Frida 16.0.8

@ayaanalam4217 Жыл бұрын

Can I connect with you on telegram?

@fatalsec Жыл бұрын

It might be possible that the app is having emulator detection and when you are running it in emulator that detection is causing this crash, but I cannot say much without looking at the complete backtrace.

@ayaanalam4217 Жыл бұрын

I can share full backtrace can I connect with you in telegram?