Bypass Biometric Authentication (Android)

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Method 1 – Bypassing with No Crypto Object Usage

Mwelekeo hapa ni kwenye onAuthenticationSucceeded callback, ambayo ni muhimu katika mchakato wa uthibitishaji. Watafiti kutoka WithSecure walitengeneza Frida script, inayowezesha kupita CryptoObject ya NULL katika onAuthenticationSucceeded(...). Script hii inalazimisha kupita kiotomatiki kwa uthibitishaji wa alama za vidole wakati wa wito wa njia hiyo. Hapa chini kuna kipande kilichorahisishwa kinachoonyesha kupita katika muktadha wa Alama za Vidole za Android, huku programu kamili ikipatikana kwenye GitHub.

biometricPrompt = new BiometricPrompt(this, executor, new BiometricPrompt.AuthenticationCallback() {
@Override
public void onAuthenticationSucceeded(@NonNull BiometricPrompt.AuthenticationResult result) {
Toast.makeText(MainActivity.this,"Success",Toast.LENGTH_LONG).show();
}
});

Amri ya kuendesha skripti ya Frida:

frida -U -f com.generic.insecurebankingfingerprint --no-pause -l fingerprint-bypass.js

Method 2 – Njia ya Kushughulikia Makosa

Nyingine Frida script kutoka WithSecure inashughulikia kupita matumizi yasiyo salama ya kitu cha crypto. Script inaita onAuthenticationSucceeded na CryptoObject ambayo haijathibitishwa na alama ya vidole. Ikiwa programu inajaribu kutumia kitu tofauti cha cipher, itasababisha makosa. Script inajiandaa kuita onAuthenticationSucceeded na kushughulikia javax.crypto.IllegalBlockSizeException katika darasa la Cipher, kuhakikisha vitu vinavyotumika na programu vinashughulikiwa kwa ufunguo mpya.

Amri ya kuendesha script ya Frida:

frida -U -f com.generic.insecurebankingfingerprint --no-pause -l fingerprint-bypass-via-exception-handling.js

Upon reaching the fingerprint screen and the initiation of authenticate(), type `bypass()`` in the Frida console to activate the bypass:

Wakati unafika kwenye skrini ya alama za vidole na kuanzishwa kwa authenticate(), andika `bypass()`` kwenye console ya Frida ili kuanzisha bypass:

Spawning com.generic.insecurebankingfingerprint...
[Android Emulator 5554::com.generic.insecurebankingfingerprint]-> Hooking BiometricPrompt.authenticate()...
Hooking BiometricPrompt.authenticate2()...
Hooking FingerprintManager.authenticate()...
[Android Emulator 5554::com.generic.insecurebankingfingerprint]-> bypass()

Method 3 – Instrumentation Frameworks

Instrumentation frameworks kama Xposed au Frida zinaweza kutumika kuingilia njia za programu wakati wa utendaji. Kwa uthibitisho wa alama za vidole, mifumo hii inaweza:

Kufanya Kazi za Uthibitishaji: Kwa kuingilia katika onAuthenticationSucceeded, onAuthenticationFailed, au onAuthenticationError njia za BiometricPrompt.AuthenticationCallback, unaweza kudhibiti matokeo ya mchakato wa uthibitisho wa alama za vidole.
Kupita SSL Pinning: Hii inaruhusu mshambuliaji kukamata na kubadilisha trafiki kati ya mteja na seva, kwa uwezekano kubadilisha mchakato wa uthibitisho au kuiba data nyeti.

Mfano wa amri kwa Frida:

frida -U -l script-to-bypass-authentication.js --no-pause -f com.generic.in

Method 4 – Uhandisi wa Kinyume & Marekebisho ya Kanuni

Vifaa vya uhandisi wa kinyume kama APKTool, dex2jar, na JD-GUI vinaweza kutumika kubadilisha programu ya Android, kusoma kanuni yake, na kuelewa mfumo wake wa uthibitishaji. Hatua kwa ujumla zinajumuisha:

Kuharibu APK: Badilisha faili ya APK kuwa muundo unaoweza kusomwa na binadamu zaidi (kama kanuni ya Java).
Kuchambua Kanuni: Tafuta utekelezaji wa uthibitishaji wa alama za vidole na tambua udhaifu wa uwezekano (kama mifumo ya kurudi nyuma au ukaguzi usio sahihi).
Kurekebisha APK: Baada ya kubadilisha kanuni ili kupita uthibitishaji wa alama za vidole, programu inarekebishwa, kusainiwa, na kufungwa kwenye kifaa kwa ajili ya majaribio.

Method 5 – Kutumia Vifaa vya Uthibitishaji vya Kijadi

Kuna vifaa maalum na skripti zilizoundwa ili kujaribu na kupita mifumo ya uthibitishaji. Kwa mfano:

Moduli za MAGISK: MAGISK ni chombo cha Android kinachowaruhusu watumiaji ku-root vifaa vyao na kuongeza moduli ambazo zinaweza kubadilisha au kudanganya taarifa za kiwango cha vifaa, ikiwa ni pamoja na alama za vidole.
Skripti zilizojengwa kwa kawaida: Skripti zinaweza kuandikwa ili kuingiliana na Daraja la Udebugu la Android (ADB) au moja kwa moja na nyuma ya programu ili kuiga au kupita uthibitishaji wa alama za vidole.

References

https://securitycafe.ro/2022/09/05/mobile-pentesting-101-bypassing-biometric-authentication/

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAVD - Android Virtual Device Nextcontent:// protocol

Last updated 7 days ago