I'm working on react native project that require SSL Pinning and Root Detection to be implemented, i've tried using the SSL pinner factory in okhttp method and android security config method for the SSL Pinning, as for the root detection i've tried jail-monkey in js side and rootbeer in native side, but despite all of that the SSL still can be bypassed using this frida script and shows that TrustManager (Android < 7) successfully bypassed, the root detection could not detect magisk that runs zygisk / MagiskHide, does anybody have any tips or example how to solve this vulnerability ?
Asked
Active
Viewed 2,818 times
0
-
You're running on uncontrolled user hardware. No matter what you implement, someone will work around it. If nothing else they could run a custom version of ASOP that does whatever they want. I'd question your requirements and what level of threat you're actually trying to avoid, and whether it's worth the additional effort for a battle you will eventually lose. – Gabe Sechan Aug 10 '22 at 16:09
-
I'm very aware of that, unfortunately my app wouldn't pass the pentest because of this, i'll try to talk with my pm then, thanks for the advice – Ananda Farhan Aug 11 '22 at 12:24
2 Answers
2
You can detect Zygisk. MagiskHide has been removed since v24. Zygisk provides DenyList to revoke Magisk modifications but has no hidden method and can be detected eventhough on DenyList.
DeadBolts Gamer
- 21
- 2
0
You could block Frida by using the detections methods used by darvincisec: Frida detector
By using this, Frida scripts and also tracing can be detected (only in non-stalker mode, if I'm not wrong), so SSL Pinning bypass shouldn't perform on the device. The main drawback you can find in this example is that there's a lot readable and also patchable. So you must do some work to "avoid" easy patching (integrity checks on the NDK side, obfuscation, or some sort).
Aside from Frida, Magisk Hide and Zygisk deny list can be detected through his method as well: Magisk Hide detector. By using Isolated Processes you could test for Magisk and Zygisk. Although, I think Zygisk can be bypassed if you don't use ZygotePreload while spawning the Isolated Process.
Regards!
Fuad Nazal
- 1
- 1
- 1