FORUMS
Remove All Ads from XDA

[GUIDE] Remove Root Detection and App Protection from an APK

3,630 posts
Thanks Meter: 5,612
 
Post Reply Email Thread
Hi all! I've been using USAA mobile app for a while now but a recent updated added root detection in which the app would immediately close itself. It was incredibly annoying but I figured out how to remove it and thought I would share it here since the general process is pretty much the same with all apks. I'll use it as an example. Since not all apps have built in modification protection, I'll split this into 2 parts

I use Notepad++ for pretty much this whole thing. It's ability to search through multiple files for a string is incredibly useful

1. How to remove root detection
  1. Decompile the apk (I use APK Easy Tool)
  2. Search the apk for any files containing "superuser" (you can change this to whatever you think will be a likely hit such as "supersu")
    Ex: smali_classes2\com\rsa\mobilesdk\sdk\RootedDeviceC hecker.smali
  3. Then change all of the const-string entries with any root related apks or directories to something that doesn't exist:
  4. Recompile and sign the app (just have the "sign apk after compile" checkbox ticked) and you're done! Pretty easy huh?
If you find that upon doing this, you get some kind of a message about the app being modified (like with USAA app - you'd hope it'd have some kind of tampering protection considering it's a banking app), then you'll need to remove the tamper protection.
2. How to remove tamper protection:
This is much more complicated than root removal for obvious reasons and so you're mileage will likely vary. You'll just need to use your head for this one
  1. Search the main strings file: (for example: "res\values\strings.xml") for the message that pops up when you something triggers the protective measures. Ex: "The application appears to have been modified or corrupted"
  2. Take note of the string name. Ex: "tamper_block_message_default"
  3. Then search the public.xml file (typically in the same place as the strings.xml) for the string name.
  4. Take note of the hexadecimal id
  5. Now for the fun part: Search the apk for the hex string. Ex: 0x7f100b15
    In the case of the USAA app it was found in: smali_classes2/com/usaa/mobile/android/app/core/protection/TamperActions.smali
  6. Go to the line in that file that has it. This is the section that's triggering the protection problem.
  7. Scroll up until you find what it's housed in (like an if statement or try block).
  8. Then find a way to make sure that problem block never executes. In this case, it was an if statement. The problem block occured when v0 was set to something other than 0.
    The solution here would then be to make sure that v0 always equals 0. So add this above it: const/4 v0, 0x0
  9. Recompile and sign the app (just have the "sign apk after compile" checkbox ticked) and you're done!

Note that due to potentially dangerous nature of these kinds of modifications, I'm kindly asking that nobody shares any apks that they modified and if any moderators see any modified apks floating around on this thread, that they're deleted
The reasons for this should be obvious. In disabling the protection the developer added to the app, malicious code could easily be added to the app and in the case of an app that deals with sensitive information like the USAA banking app, the results could be catastrophic.
Not that anyone here would do that but it'd be too easy for some two-bit hacker on another site to claim to be hosting an apk here when it's in fact not.
So just share what you did/how you did it so others can do the same (this is a developers forum after all)
Attached Thumbnails
Click image for larger version

Name:	root.png
Views:	4830
Size:	121.0 KB
ID:	4549949   Click image for larger version

Name:	strings.png
Views:	4890
Size:	179.1 KB
ID:	4549950   Click image for larger version

Name:	public.png
Views:	4800
Size:	173.3 KB
ID:	4549951   Click image for larger version

Name:	tamper.png
Views:	4726
Size:	111.5 KB
ID:	4549952   Click image for larger version

Name:	tamper2.png
Views:	4688
Size:	105.8 KB
ID:	4549953   Click image for larger version

Name:	tamper3.png
Views:	4558
Size:	99.0 KB
ID:	4549954  
The Following 28 Users Say Thank You to Zackptg5 For This Useful Post: [ View ] Gift Zackptg5 Ad-Free
 
 
24th August 2018, 10:58 AM |#2  
Senior Member
Thanks Meter: 47
 
More
Can you please help to disable root detection in this app?
https://www.apkmirror.com/apk/applis...-apk-download/
The Following User Says Thank You to nextheart For This Useful Post: [ View ] Gift nextheart Ad-Free
24th August 2018, 12:24 PM |#3  
OP Senior Member
Thanks Meter: 5,612
 
More
Quote:
Originally Posted by nextheart

Can you please help to disable root detection in this app?
https://www.apkmirror.com/apk/applis...-apk-download/

What part of the guide didn't work for you? I'm assuming you're not using magisk?
25th August 2018, 01:50 PM |#4  
Senior Member
Thanks Meter: 47
 
More
Quote:
Originally Posted by Zackptg5

What part of the guide didn't work for you? I'm assuming you're not using magisk?

I can't find anything like superuser or supersu inside apk.
3rd September 2018, 02:34 PM |#5  
Senior Member
Thanks Meter: 101
 
More
Probably wants LP support. Don't bother.
23rd December 2018, 05:17 AM |#6  
Junior Member
Flag Raigarh
Thanks Meter: 3
 
More
Maadhaar app
Can you please remove the root detection of maadhaar app https://play.google.com/store/apps/d...i.mAadhaarPlus
And upload it for me.
Thanks in advance.
23rd December 2018, 01:37 PM |#7  
OP Senior Member
Thanks Meter: 5,612
 
More
Quote:
Originally Posted by prabhatpatel93

Can you please remove the root detection of maadhaar app https://play.google.com/store/apps/d...i.mAadhaarPlus
And upload it for me.
Thanks in advance.

Nope. Reread the OP again. I made it clear why posting modified apks here is a bad idea. This is also a guide so you can do it yourself not a place for ppl to request me to do it for them. This is a developers forum. Now if you were trying to follow the guide and got stuck on something I'd be happy to help. That's what this forum is all about
The Following 7 Users Say Thank You to Zackptg5 For This Useful Post: [ View ] Gift Zackptg5 Ad-Free
24th December 2018, 02:51 PM |#8  
thedeadfish59's Avatar
Senior Member
Flag Saudi Arabia
Thanks Meter: 2,053
 
Donate to Me
More
Its a DIY thread, people arent supposed to ask for modded apks, that'd be illegal

@Zackptg5 nice guide brother, it'd be fun to try it out
The Following 3 Users Say Thank You to thedeadfish59 For This Useful Post: [ View ] Gift thedeadfish59 Ad-Free
5th February 2019, 05:03 AM |#9  
amit000in's Avatar
Member
Thanks Meter: 26
 
More
@Zackptg5

i Have tried ,but got this error
---------------------------
Decompile failed. Please check the log
Try clear framework if you got decompile error often
---------------------------
OK
---------------------------
20th March 2019, 10:10 AM |#10  
@Zackptg5
Hey, do you know other methods banking apps use to detect root? I use a banking app called DnB that somehow detect root but there is no devicerootchecker file there, they have an another app that has that file and I have managed to stop it from detection root but this one I don't understand? Any help would be appreciated.
20th March 2019, 02:23 PM |#11  
OP Senior Member
Thanks Meter: 5,612
 
More
Quote:
Originally Posted by Dns94

@Zackptg5
Hey, do you know other methods banking apps use to detect root? I use a banking app called DnB that somehow detect root but there is no devicerootchecker file there, they have an another app that has that file and I have managed to stop it from detection root but this one I don't understand? Any help would be appreciated.

Did you follow the instructions on the OP? The smali file can be named whatever they want and in many cases, the apk may be obfuscated so the smali file names don't even make sense (such as a.smali, b.smali, etc.). That's why I suggest using notepad++ or some other tool in which you can search all smali files for common root entries like supersu or superuser

Check smali/com/dynatrace/android/agent/RootDetector.smali
The Following User Says Thank You to Zackptg5 For This Useful Post: [ View ] Gift Zackptg5 Ad-Free
Post Reply Subscribe to Thread

Tags
app protection removal, root detection removal

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes