Mobile Apps Pentesting : Root and Emulator Bypass

Mobile pentest .apk apps

Findings :
1. Bypass Root Detection
2. Bypass Emulator Detection
3. Bypass Login Screen
4. Get Admin Screen (Not Flag)

Tools :
1. MobSF — Static Analysis
2. RMS — Dynamic Analysis

Poc (Proof of Concept)

1. install .apk on android emulator

2. Apps can detect Root and Emulator Environment.

3. Do Static Analysis using MobSF to analysis java code, find function that detect environment root and emulator.

4. examine MainActivity because this activity will executed fist. and find function l() and isEmulator() function return boolean at…