root Detection Bypass

Android App Root Detection Bypass by Reverse Engineering

In this Article we will learn about one of the ways to bypass Root Detection Techniques for Android Application. Now days many applications such as financial, banking applications do not work on the rooted device. Pen testing requires root permission to install various tools to compromise the security of the application and it is very painful job for any pen tester because these root detection technique implemented over any app restrict the tester from performing various test cases.

There are many ways to bypass the root detection technique. We would be focusing on one of the technique used and bypass those by Reverse Engineering (Decompiling) APK and building the apk with root detection evasion, signing technique and running them on the rooted device.

we would need various tools (Mentioned Below) at various stages to bypass the root detection Logic used in android application.

  • Apktool : Tool for reverse engineering Android apk files. In this case we are using to extract files from apk and rebuild.
  • Dex2jar : Converts Android dex files to class/jar files.
  • JDGui : To view java code
  • Sublime/Notepad++ : To edit Root detection logic.
  • Keytool : Java tool for creating keys/certs, that comes with the JDK.
  • Jarsigner : Java tool for signing JAR/APK files, that comes with the JDK.
  • Zipalign : Archive alignment tool, that comes with the Android SDK.

Now, we will reverse engineer the application by decompiling the APK file to verify which techniques application is utilizing for root access detection. Here, we will use the d2j-dex2jar tool to decompile the APK file and get the java code.

Decompile the Test.apk file as illustrated in the below screenshot

d2j-dex2jar.bat <apk_file_path>

d2j-dex2jar output

We got the decompiled version of the APK file, i.e., Test_dex2jar.jar file. We will now use JD-GUI tool to read the jar file and find & understand the root detection logic used in the application.


Further, using JD-GUI we are going to search for the keywords like isDeviceRooted, root, rootUtils, /sys, /system, superuser, /su, Superuser, Supersu, /sbin etc. to get the exact java methods and functions.

Searching for Root Detection Logic

As illustrated in the above screenshot we can see that JD-GUI search has identified class RootDetector.class having string “/system.” We will go through the class and look at Java code.

Root Detection Logic

Yupp!! As we can see application root detection logic is implemented within RootDetector.class where application at runtime verifying if any root access files and packages are present on the device such as Superuser.apk and su binaries. If application found any of these files on the device, it will stop running.

Now we will decompile the apk file with apktool using below command.

apktool d <apk_file_path>

Now we will Open the decompiled file and search for the RootDetector.smali file. once we find the Smali code, we will open the file with Sublime Text editor and rename all the strings to something else as shown in the below screenshot.

changed smali file

Now, save the changes and rebuild the application with apktool using below command.

apktool b <decompiled_apk_folder_path>

The new apk will be rebuilt inside the Dist folder 📂 . Now generate the key with keytool using the below command.

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Now sign the apk with generated Key with the help of Jarsignerusing the below command.

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore Test.apk alias_name

Finally, the apk must be aligned for optimal loading which can be done with Zipalign using the below command.

zipalign -v 4 Test.apk Test-aligned.apk

Now install the application on the rooted device and it will work.

Thank you!!!

Spread the love
  • 0
  • 2
  • 3

Leave a Reply

Your email address will not be published. Required fields are marked *