BreachDetector icon indicating copy to clipboard operation
BreachDetector copied to clipboard
verified publisher icon nmilcoff

The root detection in application can be bypassed using Magisk Hide option

Open dimustriz opened this issue 5 years ago • 1 comments

Hi Team,

The Magisk Hide option allows to bypass the root check.

Please find a description from our Penetration test result:

  1. Open the Magisk Manager application and navigate to "Settings" option. https://www.xda-developers.com/how-to-use-magisk/
  2. Enable "Magisk Hide" option and restart the application.
  3. Checkmark the application under "Magisk Hide" activity.
  4. Now, open the application, log in and browse all the functionalities. Now, connect your rooted Android device with local system.
  5. Run the following command using adb:

adb shell $ su # ps | grep com.deloitte.dnmobile.deloitteconnect.uat # id

Observe that the application is running on the rooted device as a process.

I have found a suggestion on this: https://darvincitech.wordpress.com/2019/11/04/detecting-magisk-hide/ (see the implementation here: https://github.com/darvincisec/DetectMagiskHide/blob/master/app/src/main/c/native-lib.c)

Could you try to check and fix the issue?

Thank you in advance, Dmitry

dimustriz avatar Sep 30 '20 08:09 dimustriz

@nmilcoff

mina5500 avatar Oct 05 '20 17:10 mina5500