MASWE-0103 demo (by @talsec)

demos/android/MASVS-RESILIENCE/MASTG-DEMO-0021/MASTG-DEMO-0021.md

@@ -0,0 +1,31 @@
+---
+title: Demonstration of RASP Presence in a Mobile Application
+platform: android
+code:   [kotlin]
+id: MASTG-DEMO-0021
+test: MASTG-TEST-0228
+---
+
+### Sample
+
+The following code snippet demonstrates the implementation of the freeRASP security library SDK. freeRASP periodically scans the device for threats, monitors its state, and gathers data to generate detailed threat reports. Threats are detected and communicated to the app via listeners. In this example, the root detection scenario is simulated.
+
+{{ MastgTest.kt }}
+
+### Steps
+Start the device, in this case, the Android emulator:
+```bash
+emulator -avd Pixel_3a_API_33_arm64-v8a -writable-system
+```
+
+**Note:** The snippet implements a simulated test for the freeRASP security library's root detection feature. The MastgTest class, which implements the ThreatDetected interface, includes various threat detection methods such as root detection, debugger detection, and emulator detection. The test specifically focuses on mocking the root detection functionality by invoking the onRootDetected() method, which logs the detection event and simulates app termination using the closeApp() method.
+
+Launch the app from Android Studio and check the log. The snippet will log the “freeRASP Threat: onRootDetected”.
+
+
+### Observation
+The RASP policy is only configured for root detection, other threats are not evaluated. The threat was detected immediately after app start. Sample includes commented-out code to forcefully terminate the app.
+
+
+### Evaluation
+The app didn’t utilise all the available security checks. It would be possible to bypass freeRASP API with Frida script or disable the termination method.

demos/android/MASVS-RESILIENCE/MASTG-DEMO-0021/MastgTest.kt

@@ -0,0 +1,91 @@
+package org.owasp.mastestapp
+
+
+import android.content.Context
+import android.util.Log
+
+
+// mock: freeRASP ThreatDetected interface
+interface ThreatDetected {
+    fun onRootDetected()
+    fun onDebuggerDetected()
+    fun onEmulatorDetected()
+    fun onTamperDetected()
+    fun onUntrustedInstallationSourceDetected()
+    fun onHookDetected()
+    fun onDeviceBindingDetected()
+    fun onObfuscationIssuesDetected()
+}
+
+
+// MastgTest class implementing ThreatDetected
+class MastgTest(private val context: Context) : ThreatDetected {
+
+
+    companion object {
+        const val FREERASP_THREAT_TAG = "freeRASP Threat: "
+    }
+
+
+    fun mastgTest(): String {
+        return simulateThreatDetection()
+    }
+
+
+    // Simulate a test by calling onRootDetected
+    fun simulateThreatDetection() : String {
+        onRootDetected() // mock root was detected by freeRASP
+
+
+        return "freeRASP Threat:  onRootDetected"
+    }
+
+
+    fun closeApp() {
+        // finishAffinity() // Closes all screens of the app
+        // System.exit(0) // Completely exits the app process
+    }
+
+
+
+
+    override fun onRootDetected() {
+        Log.d(FREERASP_THREAT_TAG, "onRootDetected")
+        closeApp() // Standard method to forcefully terminate the app
+    }
+
+
+    override fun onDebuggerDetected() {
+        Log.d(FREERASP_THREAT_TAG, "onDebuggerDetected")
+    }
+
+
+    override fun onEmulatorDetected() {
+        Log.d(FREERASP_THREAT_TAG, "onEmulatorDetected")
+    }
+
+
+    override fun onTamperDetected() {
+        Log.d(FREERASP_THREAT_TAG, "onTamperDetected")
+    }
+
+
+    override fun onUntrustedInstallationSourceDetected() {
+        Log.d(FREERASP_THREAT_TAG, "onUntrustedInstallationSourceDetected")
+    }
+
+
+    override fun onHookDetected() {
+        Log.d(FREERASP_THREAT_TAG, "onHookDetected")
+    }
+
+
+    override fun onDeviceBindingDetected() {
+        Log.d(FREERASP_THREAT_TAG, "onDeviceBindingDetected")
+    }
+
+
+    override fun onObfuscationIssuesDetected() {
+        Log.d(FREERASP_THREAT_TAG, "onObfuscationIssuesDetected")
+    }
+}