Bypassing Root Detection, Frida Detection, and Emulator Detection in Damn Vulnerable Bank APK
2 min readMay 30, 2024
In this tutorial, we will cover how to bypass root detection, Frida detection, and emulator detection in the Damn Vulnerable Bank APK. Before proceeding, ensure you have Frida installed and set up. If not, you can follow my previous guide on [automating Frida installation](https://medium.com/@r0x5r/automate-frida-installation-722171076612).
Prerequisites
- **Frida**: Ensure Frida is installed.
- **Tools**:
— `apktool` for decompiling and recompiling the APK.
— `uber-apk-signer` for signing the APK.
— `adb` for interacting with the Android device/emulator.
— `Genymotion` for running the emulator.
— `NotSoSecure/android_application_analyzer` for tool
Step 1: Bypass GPU Detection
Decompile the APK
apktool d com.app.damnvulnerablebank.apk -o dvb-decompiledModify `AndroidManifest.xml`
- Locate `AndroidManifest.xml` in the `dvb-decompiled` directory.
- Change `android:hardwareAccelerated=”true”` to `android:hardwareAccelerated=”false”`.
Recompile the APK
apktool b dvb-decompiled -o dvba-no-gpu.apkSign the APK
java -jar uber-apk-signer.jar - apks dvba-no-gpu.apkUninstall the Existing APK and Install the Modified APK
adb uninstall com.app.damnvulnerablebank
adb install dvba-no-gpu-aligned-debugSigned.apkStep 2: Create Bypass Scripts
bypass-detection.js
setTimeout(function() {
Java.perform(function() {
var className = "a.a.a.a.a"; // Ensure this is the correct class name
try {
var targetClass = Java.use(className);
console.log('Class loaded:', className); // Confirmation that the class is loaded
if (targetClass.R) {
var originalMethod = targetClass.R.implementation;
targetClass.R.implementation = function() {
var originalReturnValue = this.R();
console.log("Original return value =", originalReturnValue); // Debug for original value
return !originalReturnValue; // Negate the original return value
};
console.log("Method 'R' has been successfully hooked.");
} else {
console.log("Method 'R' not found in class " + className);
}
} catch (e) {
console.log("Error while trying to hook the class or method:", e);
}
});
}, 10);`bypass-frida-check.js`
Java.perform(function () {
console.log("looking for FridaCheckJNI.fridaCheck()");
try {
const FridaCheckJNI = Java.use('com.app.damnvulnerablebank.FridaCheckJNI');
FridaCheckJNI.fridaCheck.implementation = function() {
console.log("hooking fridaCheck().");
var value = this.fridaCheck.call(this);
console.log("fridaCheck() returned " + value);
console.log("switching fridaCheck() to 0");
return 0; // Always return 0 to bypass checks
};
} catch (e) {
console.log("Failed to hook fridaCheck: " + e.message);
}
});Step 3: Execute Frida Scripts
Frida Server in the Emulator Device Run It
adb shell
cd /data/local/tmp/
./frida-server &Run the Frida Scripts this should run from main machine
frida -U -l bypass-detection.js -l bypass-frida-check.js -f com.app.damnvulnerablebank Reference
you can download damn vulnerable bank by this github link
Any query DM ME
https://www.linkedin.com/in/r0x5r/
I’m also looking for a full-time job. If you know of any opportunities, please reach out!
p.s im not content writer
