René Bisperink
René Bisperink is an Ethical hacker & security specialist at Kiwa, focussing on various types of security assessment / penetration testing and training on Mobile, web, cloud, IoT and OT assessments.
Session
This talk starts off with the basics and ends with mobile applications that adopt sophisticated anti-tampering protections and how to bypass those protections.
When testing mobile applications, penetration testers face a growing challenge: how to dynamically analyze targets that actively resist inspection through code obfuscation, anti root and anti debug mechanisms. This talk dives into practical, real-world techniques for using Frida in hostile environments where root detection, debugger checks, and anti-instrumentation mechanisms are deliberately deployed to block your efforts, with some real-life examples in demo context, including how to write scripts to learn more about what to patch.
We begin with a concise overview of common defensive controls, including root detection heuristics (such as filesystem checks, system properties, SafetyNet-style signals), anti-debugging techniques (such as ptrace checks, timing discrepancies, signal traps), and Frida detection strategies (process scanning, memory inspection, and syscall monitoring). From there, we shift into demonstrating how to identify, analyze, and neutralize these protections by hooking the relevant functions and overriding them.
In short, the talk wil cover how to:
- Bypass common root detection using both static patching and dynamic instrumentation
- Defeat debugger detection and tracing restrictions in live processes/apps
- Evade and disable Frida detection mechanisms, including anti-hooking logic
By the end of this talk, participants will be equipped with knowledge of bypass strategies and a deeper understanding of the cat-and-mouse dynamics between mobile defenses and Frida.