Frida pass hookDetected and isJailBroken methods on Android

[poPaTheGuru]

Hello!

We are working on a react native app that uses "jail-monkey": "^2.7.0", and at the initialisation of the app we check if the device is jail broken or in case there are any hooking methods attached to our app with JailMonkey.hookDetected() || JailMonkey.isJailBroken() so we can throw a warning message to the user, but the problem is that just by doing that, a pentest team achieved to use the Android app without getting the warning message using Frida.

My question: should we add something else beside that? Is there any known issue where Frida can penetrate these methods?

Thank you for your time!

[arpansharma7474]

Hi
I am facing the same issue. Is there any update on this?

@poPaTheGuru Did you find a fix?

Thanks

[poPaTheGuru]

Hello @arpansharma7474 , we did not find a fix yet, but at this moment, the pen test team categorized this issue just as informational so we are waiting for any updates from the jail-monkey team

[RogerBrusamarello]

Any updates in this topic?

[zuhairkareem]

We also had our pentest team bypass using Frida, Did anybody find any solution, Thanks

[pradsirwt]

Hi Team,

Do we have any progress here ?

Many thanks
Pradeep

[sumi-svmx]

Ended up going with https://github.com/darvincisec/DetectFrida

[pradsirwt]

Hi @sumi-svmx How did you implement this in React native?

[sumi-svmx]

Copy the code from c directory from https://github.com/darvincisec/DetectFrida to your project. Add this to app build.gradle

    externalNativeBuild {
        cmake {
            path "src/main/c/CMakeLists.txt"
            version "3.10.2"
        }
    }

Modify void detectfrida() as JNI method

JNIEXPORT void JNICALL
Java_com_example_package_FridaDetectClass_fridaDetect(JNIEnv *env, jobject thiz, jobject listener) {
    char *filePaths[NUM_LIBS];

    parse_proc_maps_to_fetch_path(filePaths);
    for (int i = 0; i < NUM_LIBS; i++) {
        bool checksum = fetch_checksum_of_library(filePaths[i], &elfSectionArr[i]);
        if ((filePaths[i] != NULL) && checksum){
            free(filePaths[i]);
        }
    }
    (*env)->GetJavaVM(env, &g_VM);
    jobject callback = (*env)->NewGlobalRef(env, listener);
    pthread_t t;
    pthread_create(&t, NULL, (void *) detect_frida_loop, callback);
}

Wherever "..Act Now" is, replace it with code to return the value. Invoke the listener on java side in MainActivity

[pradsirwt]

Thanks so much @sumi-svmx , but Where do I change the detectfrida function? I can see that function in native-lib.c, Should I change there?

Could you share a sample repo of the integration if you don't mind?

[GaneshGK34]

Can someone explain this . I am also facing the same

[mvn-cuongle-dn]

Hi, I facing this issue. I tried to replace by Google Play Integrity API and it worked perfect. I think this's the best solution to check rooted device Android
https://developer.android.com/google/play/integrity/overview?hl=en

[imanshul]

Please use below library to detect Frida and avoid frida to bypass root checks

react-native-detect-frida

If you find this library helpful, please consider giving it a star ⭐

@mvn-cuongle-dn @GaneshGK34 @pradsirwt