FORUMS
Remove All Ads from XDA

[GUIDE] Remove Root Detection and App Protection from an APK

3,634 posts
Thanks Meter: 5,617
 
Post Reply Email Thread
20th March 2019, 02:23 PM |#11  
OP Senior Member
Thanks Meter: 5,617
 
More
Quote:
Originally Posted by Dns94

@Zackptg5
Hey, do you know other methods banking apps use to detect root? I use a banking app called DnB that somehow detect root but there is no devicerootchecker file there, they have an another app that has that file and I have managed to stop it from detection root but this one I don't understand? Any help would be appreciated.

Did you follow the instructions on the OP? The smali file can be named whatever they want and in many cases, the apk may be obfuscated so the smali file names don't even make sense (such as a.smali, b.smali, etc.). That's why I suggest using notepad++ or some other tool in which you can search all smali files for common root entries like supersu or superuser

Check smali/com/dynatrace/android/agent/RootDetector.smali
The Following User Says Thank You to Zackptg5 For This Useful Post: [ View ] Gift Zackptg5 Ad-Free
 
 
20th March 2019, 04:13 PM |#12  
Quote:
Originally Posted by Zackptg5

Did you follow the instructions on the OP? The smali file can be named whatever they want and in many cases, the apk may be obfuscated so the smali file names don't even make sense (such as a.smali, b.smali, etc.). That's why I suggest using notepad++ or some other tool in which you can search all smali files for common root entries like supersu or superuser

Check smali/com/dynatrace/android/agent/RootDetector.smali

Oh my... Im so stupid, I used Notepad++ but I used it wrongly (used windows explorer to find smali file,then use N++ to edit *facepalm*) , the other app I managed to modify looked exactly as your screenshots so it was easy to modify that one, but this was a bit different, anyways back to the problem I did find it under "smali/com/dynatrace/android/agent/RootDetector.smali", but there isnt any "const-strings" to edit there. What do I do then?
The Following User Says Thank You to Dns94 For This Useful Post: [ View ] Gift Dns94 Ad-Free
20th March 2019, 04:52 PM |#13  
OP Senior Member
Thanks Meter: 5,617
 
More
Quote:
Originally Posted by Dns94

Oh my... Im so stupid, I used Notepad++ but I used it wrongly (used windows explorer to find smali file,then use N++ to edit *facepalm*) , the other app I managed to modify looked exactly as your screenshots so it was easy to modify that one, but this was a bit different, anyways back to the problem I did find it under "smali/com/dynatrace/android/agent/RootDetector.smali", but there isnt any "const-strings" to edit there. What do I do then?

Looks like this one won't be as straightforward as USAA. You'll need to do some outside the box thinking now. So you could search the apk for any instances of "RootDetector" to see how it's used. I found 1 entry in smali_classes2/com/dynatrace/android/agent/metrics/AndroidMetrics.smali
This makes it easier since we only have 1 place to look:

Code:
invoke-static {}, Lcom/dynatrace/android/agent/RootDetector;->isDeviceRooted()Z
move-result v0
iput-boolean v0, p0, Lcom/dynatrace/android/agent/metrics/AndroidMetrics;->deviceRooted:Z
new-instance v0, Ljava/lang/StringBuilder;
So it appears that it calls the isDeviceRooted function in the RootDetector.smali (which in turn calls the other functions in that file) and assigns the value to v0. The functions runs either 0 or 1 ultimately. I'd suggest trying to set the value to 0 first, and if that doesn't work, 1. Easiest way I can think of doing this would be to change the
Code:
move-result v0
line to
Code:
const/4 v0, 0x0
in the AndroidMetrics file.

So try making that one line change and see what happens. To change it to 1, just change the 0x0 to 0x1. It looked like a lot of this is outputted to the log too so following the logcat might help
The Following User Says Thank You to Zackptg5 For This Useful Post: [ View ] Gift Zackptg5 Ad-Free
20th March 2019, 05:30 PM |#14  
Quote:
Originally Posted by Zackptg5

Looks like this one won't be as straightforward as USAA. You'll need to do some outside the box thinking now. So you could search the apk for any instances of "RootDetector" to see how it's used. I found 1 entry in smali_classes2/com/dynatrace/android/agent/metrics/AndroidMetrics.smali
This makes it easier since we only have 1 place to look:

Code:
invoke-static {}, Lcom/dynatrace/android/agent/RootDetector;->isDeviceRooted()Z
move-result v0
iput-boolean v0, p0, Lcom/dynatrace/android/agent/metrics/AndroidMetrics;->deviceRooted:Z
new-instance v0, Ljava/lang/StringBuilder;
So it appears that it calls the isDeviceRooted function in the RootDetector.smali (which in turn calls the other functions in that file) and assigns the value to v0. The functions runs either 0 or 1 ultimately. I'd suggest trying to set the value to 0 first, and if that doesn't work, 1. Easiest way I can think of doing this would be to change the
Code:
move-result v0
line to
Code:
const/4 v0, 0x0
in the AndroidMetrics file.

So try making that one line change and see what happens. To change it to 1, just change the 0x0 to 0x1. It looked like a lot of this is outputted to the log too so following the logcat might help

Thank you so much for your help, but it seems that I cannot compile it back since it uses "AndResGuard" thing, so I cannot test wether it worked or not. As you might have noticed I have almost no clue what I am doing and this is getting too complicated it seems, or I am a complete moron. Anyways dont wanna waste time. Again thanks!
25th March 2019, 03:09 PM |#15  
Member
Thanks Meter: 3
 
More
@Zackptg5 I'm using phh treble 9.0 and it doesn't allow me to use magisk. I'm trying to use Snapchat but it gives me a login error. I tried following your guide but I can't get the darn thing to decompile. Is there any way possible you can remove them for me? I would greatly appreciate it.

https://download.apkpure.com/b/apk/Y...y4wJnZjPTE5MDk
25th March 2019, 03:24 PM |#16  
OP Senior Member
Thanks Meter: 5,617
 
More
Quote:
Originally Posted by Donavonn

@Zackptg5 I'm using phh treble 9.0 and it doesn't allow me to use magisk. I'm trying to use Snapchat but it gives me a login error. I tried following your guide but I can't get the darn thing to decompile. Is there any way possible you can remove them for me? I would greatly appreciate it.

https://download.apkpure.com/b/apk/Y...y4wJnZjPTE5MDk

Nope but I got it (https://www.apkmirror.com/apk/snap-i...2-3-0-release/) to decompile no problem with apk easy tool (https://forum.xda-developers.com/and...s-gui-t3333960)
The Following User Says Thank You to Zackptg5 For This Useful Post: [ View ] Gift Zackptg5 Ad-Free
25th March 2019, 03:48 PM |#17  
Member
Thanks Meter: 3
 
More
Quote:
Originally Posted by Zackptg5

Nope but I got it (https://www.apkmirror.com/apk/snap-i...2-3-0-release/) to decompile no problem with apk easy tool (https://forum.xda-developers.com/and...s-gui-t3333960)

That's the tool I used but when I clicked decompile it gave me some error about framework? I don't know the exact error cause I'm at work on my phone. I did try installing the framework in the requirements but during installation it said I had it installed already.
25th March 2019, 05:17 PM |#18  
OP Senior Member
Thanks Meter: 5,617
 
More
Quote:
Originally Posted by Donavonn

That's the tool I used but when I clicked decompile it gave me some error about framework? I don't know the exact error cause I'm at work on my phone. I did try installing the framework in the requirements but during installation it said I had it installed already.

You'll want to clear all framework cache and start clean
15th April 2019, 05:30 PM |#19  
Junior Member
Thanks Meter: 0
 
More
I get this instead of RootedDeviceChecker and I have no idea what am I supposed to do...


D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali\softax\hce\feedback\HceFeedbackRec eiverTransaction$TRANSACTION_RESULT.smali (5 hits)
Line 43: .field public static final enum DEVICE_PROBABLY_ROOTED:Lsoftax/hce/feedback/HceFeedbackReceiverTransaction$TRANSACTION_RESULT;
Line 294: const-string v1, "DEVICE_PROBABLY_ROOTED"
Line 300: sput-object v0, Lsoftax/hce/feedback/HceFeedbackReceiverTransaction$TRANSACTION_RESULT;->DEVICE_PROBABLY_ROOTED:Lsoftax/hce/feedback/HceFeedbackReceiverTransaction$TRANSACTION_RESULT;
Line 534: sget-object v1, Lsoftax/hce/feedback/HceFeedbackReceiverTransaction$TRANSACTION_RESULT;->DEVICE_PROBABLY_ROOTED:Lsoftax/hce/feedback/HceFeedbackReceiverTransaction$TRANSACTION_RESULT;
Line 704: sget-object p0, Lsoftax/hce/feedback/HceFeedbackReceiverTransaction$TRANSACTION_RESULT;->DEVICE_PROBABLY_ROOTED:Lsoftax/hce/feedback/HceFeedbackReceiverTransaction$TRANSACTION_RESULT;
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali\softax\hce\feedback\NativeFeedback Card.smali (3 hits)
Line 263: sget-object v2, Lsoftax/hce/feedback/HceFeedbackReceiverCard;->onHceClearOnRooted:Lsoftax/hce/property/Event;
Line 265: new-instance v3, Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;
Line 267: invoke-direct {v3, v0, v1}, Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;-><init>(Lsoftax/hce/feedback/HceFeedbackReceiverCard;Lsoftax/hce/feedback/OPERATION_RESULT;)V
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\bcu.smali (5 hits)
Line 100: "Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;",
Line 166: sget-object v0, Lsoftax/hce/feedback/HceFeedbackReceiverCard;->onHceClearOnRooted:Lsoftax/hce/property/Event;
Line 1773: .method public a(Ljava/lang/Object;Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;)V
Line 3664: invoke-static {}, Lsoftax/hce/core/HceControl03;->systemIsProbablyRooted()Z
Line 3681: invoke-static {}, Lsoftax/hce/core/HceControl03;->systemIsProbablyRootedMethods()Ljava/lang/String;
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\bcv.smali (5 hits)
Line 10: "Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;",
Line 47: .method public a(Ljava/lang/Object;Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;)V
Line 63: invoke-virtual {v0, p1, p2}, Liko/bcu;->a(Ljava/lang/Object;Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;)V
Line 84: check-cast p2, Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;
Line 86: invoke-virtual {p0, p1, p2}, Liko/bcv;->a(Ljava/lang/Object;Lsoftax/hce/feedback/HceFeedbackReceiverCard$HceFeedbackDataHceClearOnR ooted;)V
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\bdb.smali (2 hits)
Line 100: const-string v1, ", probablyRooted="
Line 108: const-string v1, ", probablyRootedMethods=\'"
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\eby$a.smali (1 hit)
Line 55: const-string v1, "DEVICE_ROOTED"
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\efs.smali (1 hit)
Line 166: const-string v0, "Device is considered as rooted or downgrade was detected"
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\efw$a.smali (1 hit)
Line 53: const-string v1, "ROOTED"
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\ega.smali (2 hits)
Line 47: const-string p0, "Trying to init profile in rooted mode"
Line 62: const-string v0, "Error while performing profile init in rooted mode"
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\egq.smali (7 hits)
Line 24: const-string v0, "Should not update profile on rooted device"
Line 49: const-string v1, "Should not read settings on rooted device"
Line 66: const-string v0, "Should not modify settings on rooted device"
Line 79: const-string v0, "Should not modify settings on rooted device"
Line 100: const-string v0, "Should not modify settings on rooted device"
Line 121: const-string v0, "Should not modify settings on rooted device"
Line 142: const-string v1, "Should not touch set default service on rooted device"
D:\PROGRAMY\Android\APK Tool\1-Decompiled APKs\base\smali_classes2\iko\egs$a.smali (1 hit)
Line 51: const-string v1, "ROOTED"
25th May 2019, 11:04 AM |#20  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by Dns94

@Zackptg5
Hey, do you know other methods banking apps use to detect root? I use a banking app called DnB that somehow detect root but there is no devicerootchecker file there, they have an another app that has that file and I have managed to stop it from detection root but this one I don't understand? Any help would be appreciated.

Hi, I suggest you Dex2jar to convert ” .dex” files to “.class” files and then use JD-GUI tool to read the jar file and use search function to search for any string in all the files. Then, follow the instructions from the post.

https://java-decompiler.github.io/
https://github.com/pxb1988/dex2jar/blob/2.x/README.md
The Following User Says Thank You to randomanonymousname For This Useful Post: [ View ] Gift randomanonymousname Ad-Free
26th May 2019, 07:50 PM |#21  
Quote:
Originally Posted by randomanonymousname

Hi, I suggest you Dex2jar to convert ” .dex” files to “.class” files and then use JD-GUI tool to read the jar file and use search function to search for any string in all the files. Then, follow the instructions from the post.

https://java-decompiler.github.io/
https://github.com/pxb1988/dex2jar/blob/2.x/README.md

Thanks for the tip, but with Zacks help I manage to find the string, but I was unable to compile it back again.
Post Reply Subscribe to Thread

Tags
app protection removal, root detection removal

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes