2

in app i use native network security config for public key pinning.

using frida toolkit our security team can bypass pinning.

the question is simple: there is any way to protect against that or not ?

Alessandro Scarozza
  • 4,273
  • 6
  • 31
  • 39
  • 4
    There's always protection against some tampering and then there's always more tampering to circumvent the protection. It's a cat and mouse game and this question is a bit broad to give a clear answer. – JensV Apr 10 '20 at 11:04
  • 1
    @JensV yes, which are the cat against frida ? i do not want invulnerable app, bug to protect against basic use of frida – Alessandro Scarozza Apr 10 '20 at 11:16

1 Answers1

4

Short answer - "yes... but"

Long answer(s)

https://github.com/darvincisec/DetectFrida

https://www.vantagepoint.sg/blog/90-the-jiu-jitsu-of-detecting-frida

https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05j-testing-resiliency-against-reverse-engineering

For each one of them there is a way to bypass as @JensV said, for example;

Detecting Frida by scanning local ports and or doing the D-Bus auth dance? Start "frida-server with --listen=unix:/path/to/sock" and then forward the socket to a local TCP port with adb forward tcp:27042 localabstract:/path/to/sock. Credit: t@leonjza

whoopdedoo
  • 2,815
  • 23
  • 46
  • thanks so much, there is any library like "rootbeer" for detect frida? each of this 3 link seams require long implementation. i don'n need a complete shiled against frida but like rootbeer a basic detection – Alessandro Scarozza Apr 10 '20 at 11:41
  • @Xan As a rule of thumb you can say that a "basic Frida detection" also requires only "basic measurements" to bypass this check - hence it is next to useless especially if it comes form an well known library. For such libraries within days standard Frida bypass scripts will be available. – Robert Apr 10 '20 at 12:28
  • @Robert correct but library like rootbeer exists anyway. – Alessandro Scarozza Apr 10 '20 at 13:55
  • what do you mean by library ? use of them, wrap the JNI and invoke the detection method/s before any pinning occurs. – whoopdedoo Apr 10 '20 at 14:12
  • @JimWest for library i mean something like rootbeer make for root detection. i'm not expert for this specific situation, i like something (if it exists) that can be easy used and (for the best) mantained and updated with improvement over detection. like rootbeer..... – Alessandro Scarozza Apr 10 '20 at 14:20
  • 1
    I think there isn't any open source lib that does detect frida like rootbeer does with detecting root. – FEBRYAN ASA PERDANA Feb 21 '21 at 02:27