Platform

android

MASVS v1 MSTG-RESILIENCE-6

MASVS v2 MASVS-RESILIENCE-2

Last updated: May 08, 2023

Testing Runtime Integrity Checks

Effectiveness Assessment

Make sure that all file-based detection of reverse engineering tools is disabled. Then, inject code by using Xposed, Frida, and Substrate, and attempt to install native hooks and Java method hooks. The app should detect the "hostile" code in its memory and respond accordingly.

Work on bypassing the checks with the following techniques:

1. Patch the integrity checks. Disable the unwanted behavior by overwriting the respective bytecode or native code with NOP instructions.
2. Use Frida or Xposed to hook the APIs used for detection and return fake values.

Refer to the "Tampering and Reverse Engineering on Android" chapter for examples of patching, code injection, and kernel modules.