[vazolumegui]

Hello everyone. I was trying to break certificate pinning used by an android app with frida, but as soon as frida is loaded, the app crashes. Investigating further, I realized that the app has some kind of code injection detection and when it detects that frida is trying to inject the a new thread in the main process it kills itself. This type of detection can be seen when launching momo with frida, as shown below:



Does anyone know the inner works of this code injection detection and how to bypass it? (the more technical the answer, the better). Thanks in advance

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[delasminas]

Hello everyone. I was trying to break certificate pinning used by an android app with frida, but as soon as frida is loaded, the app crashes. Investigating further, I realized that the app has some kind of code injection detection and when it detects that frida is trying to inject the a new thread in the main process it kills itself. This type of detection can be seen when launching momo with frida, as shown below:



Does anyone know the inner works of this code injection detection and how to bypass it? (the more technical the answer, the better). Thanks in advance

I am working on something similar but with a different app. In my case, the app understands if something is off by fetching the apk signature, sending it to the server and then reading the server's reply on the foreign signature. It can be bypassed by "signature spoofing", but I find it kinda difficult to implement. Especially with the official Android.

In the Java code, the signature is fetched with a call to 

getPackageInfo(...).Signatures

. If you can spoof it with smali, you are done