User:Spvzone

What is Rooting?
Rooting is the process of allowing users of smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems. As Android uses the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.

Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices. Thus, rooting gives the ability (or permission) to alter or replace system applications and settings, run specialized applications ("apps") that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user. On Android, rooting can also facilitate the complete removal and replacement of the device's operating system, usually with a more recent release of its current operating system.

Root access is sometimes compared to jailbreaking devices running the Apple iOS operating system. However, these are different concepts: Jailbreaking is the bypass of several types of Apple prohibitions for the end user, including modifying the operating system (enforced by a "locked bootloader"), installing non-officially approved (not available on Google Play) applications via sideloading, and granting the user elevated administration-level privileges (rooting). Many vendors such as HTC, Sony, Asus and Google explicitly provide the ability to unlock devices, and even replace the operating system entirely. Similarly, the ability to sideload applications is typically permissible on Android devices without root permissions. Thus, it is primarily the third aspect of iOS jailbreaking (giving users administrative privileges) that most directly correlates to Android rooting.

How to Root an Android Device?
There are multiple ways to root an android device depending upon vendor.Few methods are

Using ADB and TWRP recovery

Kingoroot,Oneclickroot and few other tools

Installing a custom Firmware

Advantages and Disadvantages of Rooting?
Advantages:

Running special Apps

Free up Memory

Install Custom ROMS

Tamper Internal Memory and data

Read/Modify Internal Databases

Used for Hacking Games and Credits

Ad-blocking for all apps

Removing pre-installed OEM apps

Installing incompatible apps
More display options and internal storage

Greater battery life and speed

Making full device backups

Access to root files

More tweaking

Dis-Advantages:

Voids Warranty

More Vulnerable to attacks and Hacking

Brick Your device

No Updates from Vendor

False Assumptions of Mobile Application Penetration Testing by Product Managers
Product managers will share the application for penetration testing.They assume that they need to Pentest on Non rooted mobile as their developers implemented the root check for the application using some logic in code.

But a Penetration Tester should never do on Non Rooted devices.Always try to install application on rooted mobile.If developers enabled checks to detect the root check try to bypass the roots using various logics mentioned below.

When will developers detects whether handset is rooted or not?
1.While installing APK (Similar to Compile time errors)

Some applications wont even install on mobile if it was rooted.

2.After Installation (Similar to run time errors)

Some applications will install on mobile but will crash or force quit when user tries to open the application.

3. Play store

Some applications in play store will show directly as incompatible device,where you cannot install it.

How Developers will detect whether mobile was rooted or not ?
Installed Packages: Check for the any of the below-installed packages on the mobile device at runtime

supersu.apk

Busybox

Root Cloak

Xpose framework

Cydia

Substrate

Installed Files: Check for the installed files and directories on the device and its permissions

Superuser

Supersu

/su

/system/app/Superuser.apk

/system/bin

/system/bin/su

/system/sd/xbin

/system/xbin/su

/system/xbin

/data/local

/data/local/bin

/data/local/xbin

/sbin

/system/bin/failsafe"/vendor/bin"

How to Bypass Root Detection Check?
There are many methods for bypassing root check for android mobile,however the below methods are more successful methods. = 1.Root Cloak (Xposed Installer) = Instructions:

1) Make sure you have Xposed Framework

2) Install RootCloak.

3) Enable RootClock in the Xposed Installer app. Do this by opening Xposed Installer, going to Modules, and pressing the check box next to RootClock.

4) Reboot your phone.

5) Open RootClock settings (just open the app from the launcher), and then go to Add/Remove. This is where you will change which apps RootCloak hides root from.

6) If the app you want is not among the default apps, press the + button to add it. Find the app in the list, and press it to add it to the list.

7) Exit RootCloak settings. If the app you just added was already running, either FORCE CLOSE it, or reboot your phone.

8) Run the app to see if root was successfully hidden. = 2.Frida Hooking = java.perform(function{

console.log("\nRoot detection bypass with Frida");

var DeviceUtils = Java.use("utils.DeviceUtils");

console.log("\nHijacking isDeviceRooted function in DeviceUtils class");

DeviceUtils.isDeviceRooted.implementation = function{

console.log("\nInside the isDeviceRooted function");

return false;

};

console.log("\nRoot detection bypassed");

});

frida -l root-detection-bypass.js -U -f com.redacted.app --no-pause = 3.Repacking = In Repacking we will modify the source code of the application and build a new application