1. Home
  2. poseidontor
  3. Android VPN detection bypass

Android VPN detection bypass

by
12 views c38fe27a...

Description

This script can be used to bypass VPN detection in Android.

How to Use

Download the script and run it with Frida CLI:

Download Script

Then run with Frida:

frida -U -f YOUR_PACKAGE_NAME -l android-vpn-detection-bypass.js

Replace YOUR_PACKAGE_NAME with the target app's package name.

Source Code

JavaScript 
/*
    Authur: Vighesh Raje (@poseidotor)
    Organization: XYSec Labs (Appknox)

*/

setTimeout( function(){
    Java.perform(function() {

        /* API level 28 or below */
        var TYPE_VPN = 0x00000011
        var connectivityManager = Java.use('android.net.ConnectivityManager')
        connectivityManager.getNetworkInfo.overload('int').implementation = function(netType) {
            if(netType && TYPE_VPN == 0x00000011) {
                var TYPE_ETHERNET = 0x00000009
                var ret = this.getNetworkInfo(TYPE_ETHERNET) 
                //This will work assuming that one is not connected to ethernet
                console.log(`[*] Called ConnectivityManager.getNetworkInfo(TYPE_VPN)`);
                console.log(`[*] Bypassing VPN detection check..`)
                return ret;
            }
            else{
                var ret = this.getNetworkInfo(netType);
                return ret;
            }
        }

        /* API level 29 and above */
        var TRANSPORT_VPN = 0x00000004
        var networkCapabilities = Java.use('android.net.NetworkCapabilities');
        networkCapabilities.hasTransport.overload('int').implementation = function(transportType) {
            if(transportType && TRANSPORT_VPN == 0x00000004){
                console.log(`[*] Called NetworkCapabilities.hasTransport(TRANSPORT_VPN)`);
                console.log(`[*] Bypassing VPN detection check..`)
                return false;
            }
            else{
                return true;
            }
        }
    });

    /* Using NetworkInterface */
    var networkIterface = Java.use('java.net.NetworkInterface');
    var interface_list = ['tun', 'tun0', 'utun0',  'utun1', 'utun2', 'utun3', 'utun4', 'ppp0', 'ppp' , 'pptp'];
    networkIterface.getByName.overload('java.lang.String').implementation = function(name) {
        if(interface_list.includes(name)){
            console.log(`[*] Called NetworkInterface.getByName(${name})`);
            console.log(`[*] Bypassing VPN detection check..`)
            var ret = this.getByName('ZZEIADONN');
            return ret;
        }
        else{
            var ret = this.getByName(name);
            return ret;
        }
    }

    networkIterface.getDisplayName.overload().implementation = function() {
        var ret = this.getDisplayName();
        if(interface_list.includes(ret)){
            console.log(`[*] Called NetworkInterface.getDisplayName()`);
            console.log(`[*] Bypassing VPN detection check..`)
            return 'ZDUABIDBWA';
        }
        else{
            return ret;
        }
    }

    networkIterface.getName.overload().implementation = function() {
        var ret = this.getDisplayName();
        if(interface_list.includes(ret)){
            console.log(`[*] Called NetworkInterface.getName()`);
            console.log(`[*] Bypassing VPN detection check..`)
            return 'ZDUABIDBWA';
        }
        else{
            return ret;
        }
    }

}, 0);
Share this script:
Twitter LinkedIn

Comments

Login or Sign up to leave a comment.
Loading comments...