└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Emulator Detection Bypass steps 2 | Download and setup emulator with any SDK version 12 or below with playstore of x86_64 arch. 3 | 4 | # Magisk image flashing[^1] 5 | * Download and extract rootAVD repo from this [Link](https://github.com/newbit1/rootAVD) 6 | * Open terminal on your pc and navigate to above extracted dir. 7 | * trigger command as 8 | ``` 9 | ./rootAVD.sh 10 | ``` 11 | * This will list you commands that you need to trigger. 12 | * Trigger command 13 | ``` 14 | ./rootAVD.sh ListAllAVDs 15 | ``` 16 | and select the image matching your emulators matching arch type. 17 | * Once flashing is done it should reboot your emulator. 18 | * Trigger command 19 | ``` 20 | ./rootAVD.sh InstallApps 21 | ``` 22 | * Once done your emulator will have magisk installed in it,start the application it will ask permission which will then reboot your device. 23 | * Once device has rebooted go to magisk settings and enable zygisk setting and reboot your device from magisk options. 24 | * You are now done flashing/rooting your deivce. 25 | # Setting up termux on device. 26 | * Download latest apk from termux repo release section based on your emulator arch type [Link](https://github.com/termux/termux-app/releases) 27 | * Open the app and enter command 28 | ``` 29 | pkg update 30 | ``` 31 | * Once above is done enter command 32 | ``` 33 | pkg upgrade 34 | ``` 35 | * Enter command 36 | ``` 37 | termux-setup-storage 38 | ``` 39 | and grant storage permission. 40 | * Your termux is not ready to use. 41 | 42 | # Additional Apps/tools that are needed 43 | * Download and install root explorer apk. 44 | 45 | # Setting up frida and other packages in termux[^2] 46 | * Enter command 47 | ``` 48 | pkg install build-essential python python-pip git wget binutils openssl 49 | ``` 50 | * Download Frida Core DevKit according to device architecture from [Link](https://github.com/frida/frida/releases) 51 | * Extract the zip and move the fils in your emulator (there will be 4 files) 52 | * Open root explorer and navigate to root->sdcard->downloads you will be able to locate your files that you had recently copied to this device. 53 | * Move these files to root->sdcard->devkit(make a new dir). 54 | * Open termux and enter command 55 | ``` 56 | export FRIDA_CORE_DEVKIT=/sdcard/devkit/ 57 | ``` 58 | if you extracted it on some other location, use that path.make sure you run above command without root/su. 59 | * Install frida and its commandline tools from pip 60 | ``` 61 | pip install frida frida-tools 62 | ``` 63 | ![image](https://user-images.githubusercontent.com/27184655/218310575-89d7d2c0-028d-4942-a5ea-edc96461d55f.jpg) 64 | Now Frida is available to use from commandline.you can check version by typeing ``` frida-ps --version ``` 65 | * Optional steps if with above frida is giving error. 66 | ``` 67 | pkg install root-repo 68 | ``` 69 | ``` 70 | pkg install frida-python 71 | ``` 72 | # Frida server installation flow 73 | * Download latest version of frida-server based on device arc type(file name containes server and android) [Link](https://github.com/frida/frida/releases) 74 | * Extract the zip and move the file in you emulator by draging and droping. 75 | * Open root explorer and navigate to root->sdcard->download where you will be able to locate your file. 76 | * Move the file to root->data->local->tmp. 77 | * Rename to file to frida-server 78 | * Long press on the file and select additional options from the top left and select permissions and enable execution rights to all user types. 79 | 80 | image 81 | * open termux and enter folling commands (When run su command, If App ask for the super permission allow it with press on Grant) 82 | * Goto your app permissions->Additional permmisions->allow Run command in termux terminal(Check below screenshots) 83 | Additional permissions permissions image 84 | * Now to start the server entering following commands. 85 | ``` 86 | su 87 | ``` 88 | ``` 89 | cd /data/local/tmp 90 | ``` 91 | ``` 92 | ls (It will shows you a dir and files of the tmp dir) 93 | ``` 94 | ``` 95 | ./frida-server -l 127.0.0.1 96 | ``` 97 | once above command is entered your cursor will move to next line and continue blinking.Leave this session of termux as it is and dont close it. 98 | To open a new session in termux swipe from the left edge to open a draw and select new session. 99 | * Move emulator bypass js file to root->data->local->tmp 100 | * Now to check if you are able to connect with the server from your new termux session enter below command to list all device process 101 | ``` 102 | frida-ps -H 127.0.0.1 103 | ``` 104 | or you can run acutal bypass command as 105 | ``` 106 | frida -H 127.0.0.1 -f your.packagename -l /data/local/tmp/bypass.js 107 | ``` 108 | 109 | * If working that our termux setup is complete. 110 | 111 | # Termux setup to accept external commands. 112 | * Making termux accept external commands[^3]. 113 | ``` 114 | value="true"; key="allow-external-apps"; file="/data/data/com.termux/files/home/.termux/termux.properties"; mkdir -p "$(dirname "$file")"; chmod 700 "$(dirname "$file")"; if ! grep -E '^'"$key"'=.*' $file &>/dev/null; then [[ -s "$file" && ! -z "$(tail -c 1 "$file")" ]] && newline=$'\n' || newline=""; echo "$newline$key=$value" >> "$file"; else sed -i'' -E 's/^'"$key"'=.*/'"$key=$value"'/' $file; fi 115 | ``` 116 | * Before your app can transmit commands to termux you will have to enable certain permission and make the user grant them. 117 | ``` 118 | 119 | ``` 120 | ``` 121 | 122 | 123 | 124 | 125 | 126 | 127 | ``` 128 | * Sending commands from your app to termux[^4]. 129 | ``` 130 | intent.setClassName("com.termux", "com.termux.app.RunCommandService") 131 | intent.action = "com.termux.RUN_COMMAND" 132 | intent.putExtra("com.termux.RUN_COMMAND_PATH", "/data/data/com.termux/files/usr/bin/frida") 133 | intent.putExtra( 134 | "com.termux.RUN_COMMAND_ARGUMENTS", 135 | arrayOf("-H", "127.0.0.1", "-f", "your app package name", "-l", "/data/local/tmp/bypass.js") 136 | ) 137 | intent.putExtra("com.termux.RUN_COMMAND_BACKGROUND", true) 138 | intent.putExtra("com.termux.RUN_COMMAND_SESSION_ACTION", "4") 139 | startService(intent) 140 | ``` 141 | # Additional step 142 | * In case you encounter error while running frida command as below 143 | ``` 144 | File "/data/data/com.termux/files/usr/lib/python3.11/re/_parser.py", line 455, in _parse_sub itemsappend(_parse(source, state, verbose, nested + 1 145 | ``` 146 | you can enter following command as mentioned here [Link](https://github.com/frida/frida/issues/2372#issuecomment-1374208979) 147 | > silverbullet-herr commented Jan 7, 2023 148 | > 149 | > try this: 150 | > pip uninstall pygments && pip install pygments 151 | > to install the latest version instead of the required version that's how it worked for me 152 | 153 | 154 | *References* 155 | [^1]: [Rooting emulator](https://avicoder.me/2021/09/02/Root-AVD-and-install-Magisk/) 156 | [^2]: [Frida setup on termux](https://github.com/frida/frida/discussions/2411) 157 | [^3]: [termux property edit](https://github.com/termux/termux-tasker#allow-external-apps-property-optional) 158 | [^4]: [Frida run commands](https://github.com/termux/termux-app/wiki/RUN_COMMAND-Intent) 159 | 160 | 161 | --------------------------------------------------------------------------------