, 23 tweets, 7 min read Read on Twitter
Thread: I'm back from lunch, it's time to show you how to remove the root detection and the anti tampering mechanism from the mAadhaar app, the official #Android app of @UIDAI. 1/n
Like yesterday, I will work on version 1.1.4 of the application 2/n
Looking at AndroidManifest.xml, we can see that the "Launcher" activity is the activity called "SplashScreenActivity". We have our entry point. 4/n
According to the official documentation, the 1st method called when an activity is launched is the "onCreate" method. Let's look at this 5/n
First observation: the finish() method is called at the end of the method. According to the documentation, the finish() is called "when your activity is done and should be closed".

So, if you go in the if or the else if conditions your app will close automatically 6/n
This means that the "normal execution" of the app is when the code is going in the else if loop. Now, we want to understand when v4 = 0 and new b(((Context)this)).a() is equals to true 7/n
v4 is equals to 0 when f.a(((Context)this) or f.b(((Context)this) are false 8/n
As you can see these 2 methods are coming from the same f class. This class is clearly a homemade anti-tampering mechanism. By comparing the sha-256 signature of the app with a hardcoded sha-256, they want to prevent people from modifying and redistributing the app... 9/n
There is 2 ways to remove this anti-tampering mechanism. Updating the hardcoded sha-256 in the in . gov . uidai . mAadhaarPlus . h . a with the sha-256 of your signature or simply remove the check in the onCreate method 10/n
Time to understand, what is this "new b(((Context)this)).a()" 11/n
This method is coming from a package called "com.scottyab.rootbeer". The @uidai developers used the rootbeer library to detect if the device is rooted github.com/scottyab/rootb… 12/n
According to the doc, you just have to add these 4 lines to use the library. Look similar to something no? Yes, this is our "new b(((Context)this)).a()" 13/n
To bypass this check, we will remove this check in the smali code 14/n
Now we understood the whole thing, it's time to create our custom mAadhaar app! 15/n
Thanks to apktool, we can decompile the app to obtain the smali code ibotpeaches.github.io/Apktool/ 16/n
Open the file SplashScreenActivity.smali and remove the correct lines of code 17/n
When you open the app, you have the photo of a kid in the splash screen, let's replace that with the photo of my choice 😈 18/n
In the res/drawable folder, I replaced the photo splash_bg.jpg, I recompiled and resigned the app 19/n
And voila, we have our custom mAadhaar app!
I only change the background image in the splash screen because I'm a nice guy but imagine if I added malicious code inside?

A malicious actor can create a malware based on the mAadhaar app without any problems🤦‍♂️ 21/n
It took me 5 minutes to bypass these limitations. @uidai if you want to secure your app and so the data of you fellow citizens, hire some real professionals 22/22
I should write a blog post on this 😄
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Elliot Alderson
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!