Performing Emulator Detection Bypass and Access Control Bypass

<aside> 💡

The Application that I'm using today is AndroGoat

NOTE

You can View the Source code Using JADX-gui)

</aside>

One of the best techniques to Bypass emulator detection is to modify the RETRUN_VALUE of the function that check for Emulator Activities. In AndroGoat Application There is a Function (isEmulator) Responsible for emulator detection inside EmulatorDetectionActivity Activity.

EmulatorDetectionActivity:

isEmulator Function:

I will be Using Objection Tool to Modify the RETURN_VALUE of the isEmulator Function by hooking the Objection tool to the function call.

1. First I'll start the application using Objection tool.

   • objection -g owasp.sat.agoat explore

2. Modifying the RETURN_VALUE

   • android hooking set return_valuowasp.sat.agoat.EmulatorDetectionActivity.isEmulator true (single line command)

3. Check for emulation Detection in AndroGoat App

Access Control Bypass

AndroGoat App Contains a section called "Unprotected Android Components" which a has PIN Security feature hiding some secret file maybe who knows?... to bypass this security check we scan the app with drozer to scan for any insecure Android Activities