I use Notepad++ for pretty much this whole thing. It's ability to search through multiple files for a string is incredibly useful
1. How to remove root detection
- Decompile the apk (I use APK Easy Tool)
- Search the apk for any files containing "superuser" (you can change this to whatever you think will be a likely hit such as "supersu")
Ex: smali_classes2\com\rsa\mobilesdk\sdk\RootedDeviceC hecker.smali
- Then change all of the const-string entries with any root related apks or directories to something that doesn't exist:
- Recompile and sign the app (just have the "sign apk after compile" checkbox ticked) and you're done! Pretty easy huh?
2. How to remove tamper protection:
This is much more complicated than root removal for obvious reasons and so you're mileage will likely vary. You'll just need to use your head for this one
- Search the main strings file: (for example: "res\values\strings.xml") for the message that pops up when you something triggers the protective measures. Ex: "The application appears to have been modified or corrupted"
- Take note of the string name. Ex: "tamper_block_message_default"
- Then search the public.xml file (typically in the same place as the strings.xml) for the string name.
- Take note of the hexadecimal id
- Now for the fun part: Search the apk for the hex string. Ex: 0x7f100b15
In the case of the USAA app it was found in: smali_classes2/com/usaa/mobile/android/app/core/protection/TamperActions.smali
- Go to the line in that file that has it. This is the section that's triggering the protection problem.
- Scroll up until you find what it's housed in (like an if statement or try block).
- Then find a way to make sure that problem block never executes. In this case, it was an if statement. The problem block occured when v0 was set to something other than 0.
The solution here would then be to make sure that v0 always equals 0. So add this above it: const/4 v0, 0x0
- Recompile and sign the app (just have the "sign apk after compile" checkbox ticked) and you're done!
Note that due to potentially dangerous nature of these kinds of modifications, I'm kindly asking that nobody shares any apks that they modified and if any moderators see any modified apks floating around on this thread, that they're deleted
The reasons for this should be obvious. In disabling the protection the developer added to the app, malicious code could easily be added to the app and in the case of an app that deals with sensitive information like the USAA banking app, the results could be catastrophic.
Not that anyone here would do that but it'd be too easy for some two-bit hacker on another site to claim to be hosting an apk here when it's in fact not.
So just share what you did/how you did it so others can do the same (this is a developers forum after all)