stackoom
  简体   繁体   中英

There is way to counteract frida toolkit in android app?

 原文  2020-04-10 10:55:14       android/ frida/ public-key-pinning/ android-network-security-config

Question

in app i use native network security config for public key pinning.

using frida toolkit our security team can bypass pinning.

the question is simple: there is any way to protect against that or not?

1 answers

solution1
 2 ACCPTED  2020-04-10 11:19:03

Short answer - "yes... but"

Long answer(s)

https://github.com/darvincisec/DetectFrida

https://www.vantagepoint.sg/blog/90-the-jiu-jitsu-of-detecting-frida

https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05j-testing-resiliency-against-reverse-engineering

For each one of them there is a way to bypass as @JensV said, for example;

Detecting Frida by scanning local ports and or doing the D-Bus auth dance? Start "frida-server with --listen=unix:/path/to/sock" and then forward the socket to a local TCP port with adb forward tcp:27042 localabstract:/path/to/sock . Credit: t@leonjza

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Frida - list Android processes android app that accesses the sim toolkit Frida spawn process failed on Android Attach a frida on a paused app startup (waiting for debug) BruteForce login method on android using Frida How to get ANDROID_ID with Frida How to change frida server port in android? Android Frida Error When A Process is Attached Android Frida script able to bypass root detection Scrolling Banno Digital Toolkit within Android Mobile App
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM