[GUIDE] Remove Root Detection and App Protection from an APK

Search This thread

Dns94

Senior Member
Dec 29, 2013
147
46
Hi, I suggest you Dex2jar to convert ” .dex” files to “.class” files and then use JD-GUI tool to read the jar file and use search function to search for any string in all the files. Then, follow the instructions from the post.

https://java-decompiler.github.io/
https://github.com/pxb1988/dex2jar/blob/2.x/README.md

Thanks for the tip, but with Zacks help I manage to find the string, but I was unable to compile it back again.
 

USHERROB

Senior Member
Aug 13, 2009
352
211
Orlando, FL
OnePlus 7 Pro
Attempting to remove check on the LG SmartThinQ app, but having issues figuring out the right values to change. Magisk Hide USED to work so now i'm trying this way.

I applied the notes from Post 13 in different variations but still getting the "Cannot use rooted phone" message.

APK is here: APK Mirror

smali file once decompiled is here: \smali_classes2\com\lgeha\nuts\sharedlib\RootChecker.smali

Any help would be greatly appreciated.
 
Attempting to remove check on the LG SmartThinQ app, but having issues figuring out the right values to change. Magisk Hide USED to work so now i'm trying this way.

I applied the notes from Post 13 in different variations but still getting the "Cannot use rooted phone" message.

APK is here: APK Mirror

smali file once decompiled is here: \smali_classes2\com\lgeha\nuts\sharedlib\RootChecker.smali

Any help would be greatly appreciated.
Use MagiskHide Props Config module in Magisk Manager than reboot.
Sorry cant remember where I found this trick on XDA Forum (lost thread link), but you can read more here
https://forum.xda-developers.com/apps/magisk/module-magiskhide-props-config-t3789228/page1
and here
https://didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps

Good luck

Sent from my whyred using XDA Labs
 
Last edited:

robrazil

Senior Member
Nov 6, 2010
75
14
This method didn't work for me.
This is the bank app on play store
I cannot find nothing with "RootedDeviceChecker" or "supersu". I only found some "root_not_allowed" strings assossiated a restriction message in my language, but nothing else.
Any help is welcome.
 

Mr.Mk legend

New member
Mar 11, 2020
1
0
please help me bro.

Hi all! I've been using USAA mobile app for a while now but a recent updated added root detection in which the app would immediately close itself. It was incredibly annoying but I figured out how to remove it and thought I would share it here since the general process is pretty much the same with all apks. I'll use it as an example. Since not all apps have built in modification protection, I'll split this into 2 parts

I use Notepad++ for pretty much this whole thing. It's ability to search through multiple files for a string is incredibly useful :)

1. How to remove root detection
  1. Decompile the apk (I use APK Easy Tool)
  2. Search the apk for any files containing "superuser" (you can change this to whatever you think will be a likely hit such as "supersu")
    Ex: smali_classes2\com\rsa\mobilesdk\sdk\RootedDeviceChecker.smali
  3. Then change all of the const-string entries with any root related apks or directories to something that doesn't exist:
    attachment.php
  4. Recompile and sign the app (just have the "sign apk after compile" checkbox ticked) and you're done! Pretty easy huh?
If you find that upon doing this, you get some kind of a message about the app being modified (like with USAA app - you'd hope it'd have some kind of tampering protection considering it's a banking app), then you'll need to remove the tamper protection.
2. How to remove tamper protection:
This is much more complicated than root removal for obvious reasons and so you're mileage will likely vary. You'll just need to use your head for this one
  1. Search the main strings file: (for example: "res\values\strings.xml") for the message that pops up when you something triggers the protective measures. Ex: "The application appears to have been modified or corrupted"
  2. Take note of the string name. Ex: "tamper_block_message_default"
    attachment.php
  3. Then search the public.xml file (typically in the same place as the strings.xml) for the string name.
  4. Take note of the hexadecimal id
    attachment.php
  5. Now for the fun part: Search the apk for the hex string. Ex: 0x7f100b15
    In the case of the USAA app it was found in: smali_classes2/com/usaa/mobile/android/app/core/protection/TamperActions.smali
  6. Go to the line in that file that has it. This is the section that's triggering the protection problem.
    attachment.php
  7. Scroll up until you find what it's housed in (like an if statement or try block).
    attachment.php
  8. Then find a way to make sure that problem block never executes. In this case, it was an if statement. The problem block occured when v0 was set to something other than 0.
    The solution here would then be to make sure that v0 always equals 0. So add this above it: const/4 v0, 0x0
    attachment.php
  9. Recompile and sign the app (just have the "sign apk after compile" checkbox ticked) and you're done!

Note that due to potentially dangerous nature of these kinds of modifications, I'm kindly asking that nobody shares any apks that they modified and if any moderators see any modified apks floating around on this thread, that they're deleted
The reasons for this should be obvious. In disabling the protection the developer added to the app, malicious code could easily be added to the app and in the case of an app that deals with sensitive information like the USAA banking app, the results could be catastrophic.
Not that anyone here would do that but it'd be too easy for some two-bit hacker on another site to claim to be hosting an apk here when it's in fact not.
So just share what you did/how you did it so others can do the same (this is a developers forum after all) :good:







Hi bro can you please help me in removing root detecting in an app named as MPL its a gaming app in India and very hard to remove root detection and app is also tempered with protection please help me in doing so or please do it yourself for me and send me the apk.
 
Mar 11, 2020
5
3
Root Odys Pace 10

need help with this device i have tried to rooted but it is not possible, I have the system image download from the provider. How can I root the device, should I make a Custom rom from the Image that they provide me ? I have no Idea how to make it can someone Help
Here the Details of the Tab
Add ibb co to BHJRHTP
Thanks and God Bless U in Jesus Name
 

dmf84

New member
May 12, 2018
2
0
could you help me get my banking app to work with root?
from public.xml
I got here but I don't know how

<public type="string" name="error_integrity" id="0x7f100060" />

<public type="string" name="error_rooted" id="0x7f100065" />




.method private ᐝ()V
.locals 5

goto/16 :goto_b

:goto_0
sget v0, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ʾ:I

add-int/lit8 v0, v0, 0xd

rem-int/lit16 v1, v0, 0x80

sput v1, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ˈ:I

rem-int/lit8 v0, v0, 0x2

if-eqz v0, :cond_0

goto/16 :goto_c

:cond_0
goto/16 :goto_f

:catch_0
move-exception v0

throw v0

:goto_1
:try_start_0
sget v0, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ˈ:I
:try_end_0
.catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0

add-int/lit8 v0, v0, 0x15

rem-int/lit16 v1, v0, 0x80

:try_start_1
sput v1, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ʾ:I

rem-int/lit8 v0, v0, 0x2
:try_end_1
.catch Ljava/lang/Exception; {:try_start_1 .. :try_end_1} :catch_1

if-nez v0, :cond_1

goto/16 :goto_e

:cond_1
goto :goto_3

:catch_1
move-exception v0

throw v0

:goto_2
const/16 v0, 0x28

goto :goto_6

.line 412
:goto_3
invoke-static {}, Lcom/entrust/identityGuard/mobile/sdk/PlatformDelegate;->isDeviceRooted()Z

move-result v0

if-eqz v0, :cond_2

goto :goto_7

:cond_2
goto/16 :goto_12

:goto_4
sget-object v0, Landroid/os/Build;->DEVICE:Ljava/lang/String;

if-eqz v0, :cond_3

goto :goto_5

:cond_3
goto/16 :goto_8

:goto_5
const/16 v0, 0x36

goto/16 :goto_a

:sswitch_0
sget v0, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ˈ:I

add-int/lit8 v0, v0, 0x41

rem-int/lit16 v1, v0, 0x80

sput v1, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ʾ:I

rem-int/lit8 v0, v0, 0x2

if-nez v0, :cond_4

goto/16 :goto_11

:cond_4
goto :goto_4

.line 415
:sswitch_1
const-string v0, "item_id"

sget-object v1, Landroid/os/Build;->DEVICE:Ljava/lang/String;

invoke-virtual {v4, v0, v1}, Landroid/os/Bundle;->putString(Ljava/lang/String;Ljava/lang/String;)V

.line 416
const-string v0, "model_device"

sget-object v1, Landroid/os/Build;->MODEL:Ljava/lang/String;

invoke-virtual {v4, v0, v1}, Landroid/os/Bundle;->putString(Ljava/lang/String;Ljava/lang/String;)V

.line 417
const-string v0, "versione_app"

const-string v1, "5.09"

invoke-virtual {v4, v0, v1}, Landroid/os/Bundle;->putString(Ljava/lang/String;Ljava/lang/String;)V

goto/16 :goto_13

:goto_6
sparse-switch v0, :sswitch_data_0

goto :goto_10

.line 413
:goto_7
new-instance v4, Landroid/os/Bundle;

invoke-direct {v4}, Landroid/os/Bundle;-><init>()V

.line 414
sget-object v0, Landroid/os/Build;->MODEL:Ljava/lang/String;

if-eqz v0, :cond_5

goto/16 :goto_2

:cond_5
nop

const/16 v0, 0x4f

goto :goto_6

:goto_8
const/16 v0, 0x4a

goto :goto_a

:goto_9
goto/16 :goto_0

:goto_a
sparse-switch v0, :sswitch_data_1

goto :goto_10

:goto_b
const/4 v0, 0x2

rem-int/lit8 v0, v0, 0x2

goto/16 :goto_1

:goto_c
goto :goto_f

:goto_d
const/4 v0, 0x2

rem-int/lit8 v0, v0, 0x2

goto :goto_9

:goto_e
goto/16 :goto_3

:goto_f
return-void

.line 419
:goto_10
:sswitch_2
const-string v0, "item_id"

const-string v1, "sconosciuto"

invoke-virtual {v4, v0, v1}, Landroid/os/Bundle;->putString(Ljava/lang/String;Ljava/lang/String;)V

.line 420
const-string v0, "model_device"

const-string v1, "sconosciuto"

invoke-virtual {v4, v0, v1}, Landroid/os/Bundle;->putString(Ljava/lang/String;Ljava/lang/String;)V

.line 421
const-string v0, "versione_app"

const-string v1, "5.09"

invoke-virtual {v4, v0, v1}, Landroid/os/Bundle;->putString(Ljava/lang/String;Ljava/lang/String;)V

goto :goto_13

:goto_11
goto/16 :goto_4

.line 426
:goto_12
invoke-virtual {p0}, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ˋ()V

goto :goto_9

.line 423
:goto_13
iget-object v0, p0, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ʻॱ:Lcom/google/firebase/analytics/FirebaseAnalytics;

const-string v1, "rooted_event"

invoke-virtual {v0, v1, v4}, Lcom/google/firebase/analytics/FirebaseAnalytics;->logEvent(Ljava/lang/String;Landroid/os/Bundle;)V

.line 424
invoke-virtual {p0}, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->getResources()Landroid/content/res/Resources;

move-result-object v0

const v1, 0x7f100042

invoke-virtual {v0, v1}, Landroid/content/res/Resources;->getString(I)Ljava/lang/String;

move-result-object v0

invoke-virtual {p0}, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->getResources()Landroid/content/res/Resources;

move-result-object v1

const v2, 0x7f100065

invoke-virtual {v1, v2}, Landroid/content/res/Resources;->getString(I)Ljava/lang/String;

move-result-object v1

invoke-virtual {p0}, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->getResources()Landroid/content/res/Resources;

move-result-object v2

const v3, 0x7f100032

invoke-virtual {v2, v3}, Landroid/content/res/Resources;->getString(I)Ljava/lang/String;

move-result-object v2

const/4 v3, 0x1

invoke-static {v3}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;

move-result-object v3

invoke-direct {p0, v0, v1, v2, v3}, Lit/copergmps/rt/pf/android/sp/bmps/activity/WelcomeActivity;->ˎ(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/Boolean;)V

congratulations for the guide
 
Last edited by a moderator:

tremalo86

New member
Nov 27, 2019
4
0
Wow, i dont know how you deal with some people its hard to teach this stuff to people who cant barely open device manager, but this makes sense i appreciate the walkthrough....
 

BryanHafidz

Senior Member
Jun 30, 2020
141
18
can this be done in the HTTP Injector application? because I use magisk hide still detected ?
 

Suakey

Member
Mar 3, 2020
21
0
I know this thread is old but could someone help me with S-Push TAN App?
I searched the whole .mali files and nothing found with "magisk, twrp, root, superuser, supersu, super".
 

yujinloh

Senior Member
Oct 15, 2015
55
21
Google Pixel 6 Pro
I'm following this tutorial and I found the .smali file that is checking for rooted devices but there isnt const-string in the file , only const v1,
Can anyone point me in the right direction?
Code:
.class public Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;
.super Ljava/lang/Object;
.source "RootedDeviceChecker.java"


# static fields
.field private static final APK_BLACKLIST:[Ljava/lang/String;

.field private static PACKAGE_BLACKLIST:Ljava/util/Set;
    .annotation system Ldalvik/annotation/Signature;
        value = {
            "Ljava/util/Set<",
            "Ljava/lang/String;",
            ">;"
        }
    .end annotation
.end field

.field private static final SU_DIR:[Ljava/lang/String;


# direct methods
.method public static constructor <clinit>()V
    .locals 7

    const v0, 0x2074

    invoke-static {v0}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v0

    const v1, 0x2075

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    .line 16
    filled-new-array {v0, v1}, [Ljava/lang/String;

    move-result-object v0

    sput-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->APK_BLACKLIST:[Ljava/lang/String;

    const v1, 0x2076

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    const v2, 0x2077

    invoke-static {v2}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v2

    const v3, 0x2078

    invoke-static {v3}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v3

    const v4, 0x2079

    invoke-static {v4}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v4

    const v5, 0x207a

    invoke-static {v5}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v5

    const v6, 0x207b

    invoke-static {v6}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v6

    .line 19
    filled-new-array/range {v1 .. v6}, [Ljava/lang/String;

    move-result-object v0

    sput-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->SU_DIR:[Ljava/lang/String;

    .line 22
    new-instance v0, Ljava/util/HashSet;

    invoke-direct {v0}, Ljava/util/HashSet;-><init>()V

    sput-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    .line 25
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x207c

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    .line 26
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x207d

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    .line 27
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x207e

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    .line 28
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x207f

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    .line 29
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x2080

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    .line 30
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x2081

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    .line 31
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x2082

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    .line 32
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x2083

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    .line 33
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    const v1, 0x2084

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-interface {v0, v1}, Ljava/util/Set;->add(Ljava/lang/Object;)Z

    return-void
.end method

.method private constructor <init>()V
    .locals 0

    .line 36
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    return-void
.end method

.method private static checkPackages(Landroid/content/Context;)Z
    .locals 2

    .line 77
    invoke-virtual {p0}, Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager;

    move-result-object p0

    const/16 v0, 0x80

    .line 78
    invoke-virtual {p0, v0}, Landroid/content/pm/PackageManager;->getInstalledApplications(I)Ljava/util/List;

    move-result-object p0

    if-eqz p0, :cond_1

    .line 80
    invoke-interface {p0}, Ljava/util/List;->iterator()Ljava/util/Iterator;

    move-result-object p0

    :cond_0
    invoke-interface {p0}, Ljava/util/Iterator;->hasNext()Z

    move-result v0

    if-eqz v0, :cond_1

    invoke-interface {p0}, Ljava/util/Iterator;->next()Ljava/lang/Object;

    move-result-object v0

    check-cast v0, Landroid/content/pm/ApplicationInfo;

    .line 81
    sget-object v1, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->PACKAGE_BLACKLIST:Ljava/util/Set;

    iget-object v0, v0, Landroid/content/pm/ApplicationInfo;->packageName:Ljava/lang/String;

    invoke-interface {v1, v0}, Ljava/util/Set;->contains(Ljava/lang/Object;)Z

    move-result v0

    if-eqz v0, :cond_0

    const/4 p0, 0x1

    return p0

    :cond_1
    const/4 p0, 0x0

    return p0
.end method

.method private static checkPresenceOfsuspiciosAPKs()Z
    .locals 6

    .line 59
    :try_start_0
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->APK_BLACKLIST:[Ljava/lang/String;

    invoke-static {v0}, Ljava/util/Arrays;->asList([Ljava/lang/Object;)Ljava/util/List;

    move-result-object v0

    .line 61
    invoke-interface {v0}, Ljava/util/List;->iterator()Ljava/util/Iterator;

    move-result-object v0

    :cond_0
    invoke-interface {v0}, Ljava/util/Iterator;->hasNext()Z

    move-result v1

    if-eqz v1, :cond_1

    invoke-interface {v0}, Ljava/util/Iterator;->next()Ljava/lang/Object;

    move-result-object v1

    check-cast v1, Ljava/lang/String;

    .line 62
    new-instance v2, Ljava/io/File;

    new-instance v3, Ljava/lang/StringBuilder;

    invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V

    const v5, 0x2085

    invoke-static {v5}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v4

    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v3, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v1

    invoke-direct {v2, v1}, Ljava/io/File;-><init>(Ljava/lang/String;)V

    .line 63
    invoke-virtual {v2}, Ljava/io/File;->exists()Z

    move-result v1
    :try_end_0
    .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0

    if-eqz v1, :cond_0

    const/4 v0, 0x1

    return v0

    :catch_0
    :cond_1
    const/4 v0, 0x0

    return v0
.end method

.method private static checkSUFileExist()Z
    .locals 4

    .line 94
    sget-object v0, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->SU_DIR:[Ljava/lang/String;

    invoke-static {v0}, Ljava/util/Arrays;->asList([Ljava/lang/Object;)Ljava/util/List;

    move-result-object v0

    .line 96
    invoke-interface {v0}, Ljava/util/List;->iterator()Ljava/util/Iterator;

    move-result-object v0

    :cond_0
    invoke-interface {v0}, Ljava/util/Iterator;->hasNext()Z

    move-result v1

    if-eqz v1, :cond_1

    invoke-interface {v0}, Ljava/util/Iterator;->next()Ljava/lang/Object;

    move-result-object v1

    check-cast v1, Ljava/lang/String;

    .line 97
    new-instance v2, Ljava/io/File;

    new-instance v3, Ljava/lang/StringBuilder;

    invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V

    invoke-virtual {v3, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const v1, 0x2086

    invoke-static {v1}, Lltayyncr/▅;->─(I)Ljava/lang/String;

    move-result-object v1

    invoke-virtual {v3, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v1

    invoke-direct {v2, v1}, Ljava/io/File;-><init>(Ljava/lang/String;)V

    .line 98
    invoke-virtual {v2}, Ljava/io/File;->exists()Z

    move-result v1

    if-eqz v1, :cond_0

    const/4 v0, 0x1

    return v0

    :cond_1
    const/4 v0, 0x0

    return v0
.end method

.method public static isDeviceRooted(Landroid/content/Context;)I
    .locals 4

    const/4 v0, 0x3

    .line 45
    new-array v0, v0, [Ljava/lang/Boolean;

    invoke-static {p0}, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->checkPackages(Landroid/content/Context;)Z

    move-result p0

    invoke-static {p0}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;

    move-result-object p0

    const/4 v1, 0x0

    aput-object p0, v0, v1

    invoke-static {}, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->checkPresenceOfsuspiciosAPKs()Z

    move-result p0

    invoke-static {p0}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;

    move-result-object p0

    const/4 v2, 0x1

    aput-object p0, v0, v2

    invoke-static {}, Lcom/rsa/mobilesdk/sdk/RootedDeviceChecker;->checkSUFileExist()Z

    move-result p0

    invoke-static {p0}, Ljava/lang/Boolean;->valueOf(Z)Ljava/lang/Boolean;

    move-result-object p0

    const/4 v2, 0x2

    aput-object p0, v0, v2

    .line 46
    array-length p0, v0

    move v2, v1

    :goto_0
    if-ge v1, p0, :cond_0

    aget-object v3, v0, v1

    invoke-virtual {v3}, Ljava/lang/Boolean;->booleanValue()Z

    move-result v3

    shl-int/lit8 v2, v2, 0x1

    add-int/2addr v2, v3

    add-int/lit8 v1, v1, 0x1

    goto :goto_0

    :cond_0
    return v2
.end method
[/HIDE]
 
Last edited by a moderator:

Top Liked Posts

  • There are no posts matching your filters.
  • 43
    Hi all! I've been using USAA mobile app for a while now but a recent updated added root detection in which the app would immediately close itself. It was incredibly annoying but I figured out how to remove it and thought I would share it here since the general process is pretty much the same with all apks. I'll use it as an example. Since not all apps have built in modification protection, I'll split this into 2 parts

    I use Notepad++ for pretty much this whole thing. It's ability to search through multiple files for a string is incredibly useful :)

    1. How to remove root detection
    1. Decompile the apk (I use APK Easy Tool)
    2. Search the apk for any files containing "superuser" (you can change this to whatever you think will be a likely hit such as "supersu")
      Ex: smali_classes2\com\rsa\mobilesdk\sdk\RootedDeviceChecker.smali
    3. Then change all of the const-string entries with any root related apks or directories to something that doesn't exist:
      attachment.php
    4. Recompile and sign the app (just have the "sign apk after compile" checkbox ticked) and you're done! Pretty easy huh?
    If you find that upon doing this, you get some kind of a message about the app being modified (like with USAA app - you'd hope it'd have some kind of tampering protection considering it's a banking app), then you'll need to remove the tamper protection.
    2. How to remove tamper protection:
    This is much more complicated than root removal for obvious reasons and so you're mileage will likely vary. You'll just need to use your head for this one
    1. Search the main strings file: (for example: "res\values\strings.xml") for the message that pops up when you something triggers the protective measures. Ex: "The application appears to have been modified or corrupted"
    2. Take note of the string name. Ex: "tamper_block_message_default"
      attachment.php
    3. Then search the public.xml file (typically in the same place as the strings.xml) for the string name.
    4. Take note of the hexadecimal id
      attachment.php
    5. Now for the fun part: Search the apk for the hex string. Ex: 0x7f100b15
      In the case of the USAA app it was found in: smali_classes2/com/usaa/mobile/android/app/core/protection/TamperActions.smali
    6. Go to the line in that file that has it. This is the section that's triggering the protection problem.
      attachment.php
    7. Scroll up until you find what it's housed in (like an if statement or try block).
      attachment.php
    8. Then find a way to make sure that problem block never executes. In this case, it was an if statement. The problem block occured when v0 was set to something other than 0.
      The solution here would then be to make sure that v0 always equals 0. So add this above it: const/4 v0, 0x0
      attachment.php
    9. Recompile and sign the app (just have the "sign apk after compile" checkbox ticked) and you're done!

    Note that due to potentially dangerous nature of these kinds of modifications, I'm kindly asking that nobody shares any apks that they modified and if any moderators see any modified apks floating around on this thread, that they're deleted
    The reasons for this should be obvious. In disabling the protection the developer added to the app, malicious code could easily be added to the app and in the case of an app that deals with sensitive information like the USAA banking app, the results could be catastrophic.
    Not that anyone here would do that but it'd be too easy for some two-bit hacker on another site to claim to be hosting an apk here when it's in fact not.
    So just share what you did/how you did it so others can do the same (this is a developers forum after all) :good:
    10
    Can you please remove the root detection of maadhaar app https://play.google.com/store/apps/details?id=in.gov.uidai.mAadhaarPlus
    And upload it for me.
    Thanks in advance.
    Nope. Reread the OP again. I made it clear why posting modified apks here is a bad idea. This is also a guide so you can do it yourself not a place for ppl to request me to do it for them. This is a developers forum. Now if you were trying to follow the guide and got stuck on something I'd be happy to help. That's what this forum is all about
    7
    Its a DIY thread, people arent supposed to ask for modded apks, that'd be illegal

    @Zackptg5 nice guide brother, it'd be fun to try it out :)
    3
    Oh my... Im so stupid, I used Notepad++ but I used it wrongly (used windows explorer to find smali file,then use N++ to edit *facepalm*) , the other app I managed to modify looked exactly as your screenshots so it was easy to modify that one, but this was a bit different, anyways back to the problem I did find it under "smali/com/dynatrace/android/agent/RootDetector.smali", but there isnt any "const-strings" to edit there. What do I do then?

    Looks like this one won't be as straightforward as USAA. You'll need to do some outside the box thinking now. So you could search the apk for any instances of "RootDetector" to see how it's used. I found 1 entry in smali_classes2/com/dynatrace/android/agent/metrics/AndroidMetrics.smali
    This makes it easier since we only have 1 place to look:

    Code:
    invoke-static {}, Lcom/dynatrace/android/agent/RootDetector;->isDeviceRooted()Z
    move-result v0
    iput-boolean v0, p0, Lcom/dynatrace/android/agent/metrics/AndroidMetrics;->deviceRooted:Z
    new-instance v0, Ljava/lang/StringBuilder;

    So it appears that it calls the isDeviceRooted function in the RootDetector.smali (which in turn calls the other functions in that file) and assigns the value to v0. The functions runs either 0 or 1 ultimately. I'd suggest trying to set the value to 0 first, and if that doesn't work, 1. Easiest way I can think of doing this would be to change the
    Code:
    move-result v0
    line to
    Code:
    const/4 v0, 0x0
    in the AndroidMetrics file.

    So try making that one line change and see what happens. To change it to 1, just change the 0x0 to 0x1. It looked like a lot of this is outputted to the log too so following the logcat might help