Skip to content

Port MASTG-TEST-0045 (Root Detection) from v1 to v2 #3604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Port MASTG-TEST-0045 (Root Detection) from v1 to v2 #3604

Copilot wants to merge 3 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Dec 21, 2025
edited
Loading

Splits the v1 root detection test into separate static and dynamic v2 tests with supporting technique, demos, and best practices.

Structure

Tests

  • MASTG-TEST-0289: Static analysis for root detection code patterns
  • MASTG-TEST-0290: Dynamic analysis using runtime bypass to identify detection mechanisms

Technique

  • MASTG-TECH-0142: Documents bypass methods using objection and Frida for root detection evasion

Best Practice

  • MASTG-BEST-0028: Implementation guidance covering file-based, package, process, and system property checks

Demos

  • MASTG-DEMO-0040: Static demo with working Kotlin/Java samples and 5 semgrep rules detecting:
    • File existence checks (new File($PATH).exists())
    • Package manager queries (getPackageInfo())
    • Build.TAGS inspection for test-keys
    • System property reads via getprop
    • Runtime.exec() command execution
  • MASTG-DEMO-0041: Dynamic demo with Frida script hooking common root detection APIs and logging bypass activity

Semgrep Rules

New rules in rules/mastg-android-root-detection.yaml:

- id: mastg-android-root-detection-file-checks
  message: "[MASVS-RESILIENCE-1] File existence check may be root detection"
  pattern: new File($PATH).exists()

- id: mastg-android-root-detection-test-keys
  message: "[MASVS-RESILIENCE-1] Checks Build.TAGS for test-keys"
  pattern: Build.TAGS.contains("test-keys")

Metadata

All components reference:

  • Weakness: MASWE-0097
  • Knowledge: MASTG-KNOW-0027
  • Profile: [R]

The original MASTG-TEST-0045 is marked deprecated with covered_by: [MASTG-TEST-0289, MASTG-TEST-0290].

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • mas.owasp.org
    • Triggering command: /usr/bin/curl curl -s REDACTED git conf�� unset --global /snap/bin/git user.email (dns block)
  • semgrep.dev
    • Triggering command: /home/REDACTED/.local/bin/pysemgrep osemgrep --config ../../../../rules/mastg-android-root-detection.yaml ./MastgTest_reversed.java --text k/mastg/mastg/best-practices/android/MASVS-RESILIENCE/ -TEST-0036.md nfig/composer/vendor/bin/grep (dns block)
    • Triggering command: /home/REDACTED/.local/bin/pysemgrep osemgrep --config ../../../../rules/mastg-android-root-detection.yaml ./MastgTest_reversed.java --text --noprofile STG-TEST-0020.md p/bin/grep (dns block)
    • Triggering command: /home/REDACTED/.local/bin/pysemgrep osemgrep --config test_rule.yaml ./MastgTest_reversed.java --text --noprofile STG-TEST-0021.md./techniques/android/MASTG-TECH-0041.md x-gnu.so (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>MASTG v1->v2 MASTG-TEST-0045: Testing Root Detection (android)</issue_title>
<issue_description>
Create a new MASTG v2 test covering for":

Follow the guidelines
</issue_description>

<agent_instructions>- split into one static and dynamic v2 test

  • create one MASTG-TECH for bypassing root detection (it can be used in the dynamic test and demo to "bypass in order to determine if the detection is there", e.g. using objection)
  • create one demo for each v2 test
  • add a best practice and link it to the test
  • add knowledge: [MASTG-KNOW-0027] to the test and best practice
    </agent_instructions>

Comments on the Issue (you are @copilot in this section)

@cpholguera As a reference, see https://github.com//pull/3073/files

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 2 commits December 21, 2025 09:58
@cpholguera
Create MASTG v2 components for root detection testing
5435a0f 
- Add MASTG-TECH-0142: Bypassing Root Detection technique
- Add MASTG-TEST-0289: Static test for root detection in code
- Add MASTG-TEST-0290: Dynamic test for runtime root detection
- Add MASTG-BEST-0028: Best practice for implementing root detection
- Add MASTG-DEMO-0040: Static demo with semgrep rules
- Add MASTG-DEMO-0041: Dynamic demo with Frida bypass script
- Add semgrep rules for detecting root detection patterns
- Deprecate old MASTG-TEST-0045 with references to new tests

Co-authored-by: cpholguera <[email protected]>
@cpholguera
Remove temporary test file from demo
86f3b40 
Co-authored-by: cpholguera <[email protected]>
Copilot AI changed the title [WIP] Create MASTG v2 tests for root detection Port MASTG-TEST-0045 (Root Detection) from v1 to v2 Dec 21, 2025
Copilot AI requested a review from cpholguera December 21, 2025 10:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpholguera cpholguera Awaiting requested review from cpholguera

At least 1 approving review is required to merge this pull request.

Assignees

@cpholguera cpholguera

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

MASTG v1->v2 MASTG-TEST-0045: Testing Root Detection (android)

2 participants

@cpholguera