Using Frida to bypass checks

[sha3rawi33]

I could create a simple Frida script that hooks on this package returns, which allowed me to have all checks show "SAFE".

a simple script does the following in your code:

 public static boolean b(){
       new Socket().connect(new InetSocketAddress("127.0.0.1", 0x69a2), 200);
       boolean b = true;
       return b; // hook on this and return false
    }

this will hook the return and show hooks as SAFE

hope you can improve/add more checks to prevent this.

good luck!

[theDeniZ]

Thank you for the question. We are working on a solution to prevent easy Frida hooks. Did you by any chance also test iOS part of the app?

[theDeniZ]

Update: version 1.0.2 does include some improvements for hook detection. Future updates will also contain a better API (see #24)
An additional possible improvement would be to try to implement some of the threat detection functions in dart, to have a fallback strategy if native library or communication with it is compromised.