Root Detection and SSL Pinning Bypass Using Xposed Framework

What is Root Detection in Android?

Root-detection process is used in Android to prevent users from using their app on a rooted device. An app/apk will implement different checks to determine whether the device is rooted or nonrooted, if the phone is rooted then the APK will display some message like “This device is rooted, you cannot use this app”

What is SSL Pinning in Android?

SSL Pinning is a technique that we use in the client side to avoid man-in-the-middle attack by validating the server certificates again even after SSL handshaking. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime. If there is a mismatch between the server and the local copy of certificates, the connection will simply be disrupted, and no further user data will be even sent to that server. This enforcement ensures that the user devices are communicating only to the dedicated trustful servers.

How to bypass Root detection with Xposed Installer using RootCloak module?

You can use below steps to bypass root detection with Xposed Installer Framework.

1. Download and install Xposed Installer Framework

Xposed Installer | Xposed Module Repository

Apk Name: de.robv.android.xposed.installer_v33_36570c.apk

2. Download and Install Module RootCloak of Xposed Installer Framework

https://repo.xposed.info/module/com.devadvance.rootcloak2

Apk Name: com.devadvance.rootcloak2_v18_c43b61.apk

3. Open Xposed Installer and click on Modules

How to Bypass SSL Pinning with Xposed Installer using SSLUnpinning 2.0 module?

You can use below steps to bypass SSL Pinning using Xposed Framework.

1. Download and install Xposed Installer Framework

https://repo.xposed.info/module/de.robv.android.xposed.installer

Apk Name: de.robv.android.xposed.installer_v33_36570c.apk

2. Download and Install Module SSLUnpinning 2.0 of Xposed Installer Framework

https://repo.xposed.info/module/mobi.acpm.sslunpinning

Apk Name: mobi.acpm.sslunpinning_v2_37f44f.apk

3. Open Xposed Installer and then enable SSLUnpinning 2.0 app

4. Click on checkbox to Enable SSLUnpinning 2.0.

5. Open SSLUnpinning 2.0 app. To unpin click on the app and unpinned text will be highlighted in green color

6. Do proxy step up to capture the traffic in Burp Suite.

https://portswigger.net/support/configuring-an-android-device-to-work-with-burp

7. Fill required details and click on Get OTP and capture request in Burp Suite.

8. We are able to capture https request in burp suite using SSL Unpinning.