Platform

android

Last updated: September 29, 2023

Dynamic Analysis on Non-Rooted Devices

Non-rooted devices have the benefit of replicating an environment that the application is intended to run on.

Thanks to tools like objection, you can patch the app in order to test it like if you were on a rooted device (but of course being jailed to that one app). To do that you have to perform one additional step: patch the APK to include the Frida gadget library.

Now you can use objection to dynamically analyze the application on non-rooted devices.

The following commands summarize how to patch and start dynamic analysis using objection using the UnCrackable App for Android Level 1 as an example:

# Download the Uncrackable APK
$ wget https://raw.githubusercontent.com/OWASP/owasp-mastg/master/Crackmes/Android/Level_01/UnCrackable-Level1.apk
# Patch the APK with the Frida Gadget
$ objection patchapk --source UnCrackable-Level1.apk
# Install the patched APK on the android phone
$ adb install UnCrackable-Level1.objection.apk
# After running the mobile phone, objection will detect the running frida-server through the APK
$ objection explore

Resources

• Frida Gadget
• patching - patching an APK