1. Hi @UIDAI and @KhoslaLabs
! Let me show you how to bypass the protection mechanism you set up and run the #Aadhaar #Android app on a rooted phone.
-
Show this thread
-
2. When an user start the
#Aadhaar#Android app on a rooted phone, he will obtain a toast with the following message: "Your device is rooted. For security purpose you can not use this application"pic.twitter.com/Mb0Qypqqe4
1 reply 20 retweets 34 likesShow this thread -
3. In the splash screen activity you are checking if the device is rooted with 3 different methods.pic.twitter.com/GLIR1hWzML
1 reply 19 retweets 29 likesShow this thread -
4. In the CheckRootUtil class, you implemented 5 different methods to check if the device is rooted but only 3 are used
https://gist.github.com/fs0c131y/b8e3d3f16d2cb9df46707e8fd1f65217 …1 reply 18 retweets 40 likesShow this thread -
5. I guess the
@UIDAI and@KhoslaLabs developers are working with emulators when they developed the app. So they implemented a way to bypass this root check...
If the flag isEmulator is set to true, the method will always return false and you bypass the root check
pic.twitter.com/D2yivWbgF2
2 replies 57 retweets 96 likesShow this thread -
6. You just have to: - unpack the
#Aadhaar#Android app with#apktool - change v1 to v0 in one line - repack the app with apktool - resign the app You can run the app on a rooted phone!pic.twitter.com/Hay77rX3EA
2 replies 32 retweets 63 likesShow this thread -
7. A basic protection against this unpack/repack is to check if the apk certificate had been modified. If this mechanism detect that your app had been modified, it will not start the app. They have a getApkCertificateDigestSha256 method in their app but it's not used...
pic.twitter.com/bTecaOtm2z
4 replies 21 retweets 67 likesShow this thread -
cc
@AndroidAuth@AndroidPolice@androidcentral@androidandme@Androidheadline@xdadevelopers@AndroidSPIN@TheHackersNews@verge@CNET@VICE@WIRED@JAMESWT_MHT@malwrhunterteam@hackerfantastic@LukasStefanko@ANDROIDPIT@FigaroTech@virqdroid@twandroid1 reply 2 retweets 17 likesShow this thread -
@reporteric@OmarBelkaab@OtaXou@gkallenborn@LucieRonfaut@LucieRonfaut@MishaalRahman@Numerama@bviglia@SriramVSharma@zpring@stshank@campuscodi@lilyhnewman3 replies 0 retweets 8 likesShow this thread
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.