I’m working on react native project that require SSL Pinning and Root Detection to be implemented, i’ve tried using the SSL pinner factory in okhttp method and android security config method for the SSL Pinning, as for the root detection i’ve tried jail-monkey in js side and rootbeer in native side, but despite all of that the SSL still can be bypassed using this frida script and shows that TrustManager (Android < 7) successfully bypassed, the root detection could not detect magisk that runs zygisk / MagiskHide, does anybody have any tips or example how to solve this vulnerability ?
2
Answers
You could block Frida by using the detections methods used by darvincisec: Frida detector
By using this, Frida scripts and also tracing can be detected (only in non-stalker mode, if I’m not wrong), so SSL Pinning bypass shouldn’t perform on the device. The main drawback you can find in this example is that there’s a lot readable and also patchable. So you must do some work to "avoid" easy patching (integrity checks on the NDK side, obfuscation, or some sort).
Aside from Frida, Magisk Hide and Zygisk deny list can be detected through his method as well: Magisk Hide detector. By using Isolated Processes you could test for Magisk and Zygisk. Although, I think Zygisk can be bypassed if you don’t use ZygotePreload while spawning the Isolated Process.
Regards!
You can detect Zygisk. MagiskHide has been removed since v24. Zygisk provides DenyList to revoke Magisk modifications but has no hidden method and can be detected eventhough on DenyList.