Port MASTG-TEST-0045 (Root Detection) from v1 to v2

[Copilot]

Closes #3021

This PR ports MASTG-TEST-0045 (Testing Root Detection) from v1 to v2, splitting it into separate static and dynamic tests with comprehensive supporting content including techniques, demos, best practices, apps, tools, and Semgrep rules.

Structure

Tests

• MASTG-TEST-0324: Static analysis for root detection code patterns
• MASTG-TEST-0325: Dynamic analysis using runtime bypass to identify detection mechanisms
• MASTG-TEST-0045: Updated to mark as deprecated

Techniques

• MASTG-TECH-0042: Modified/updated existing technique
• MASTG-TECH-0144: Documents bypass methods using objection and Frida for root detection evasion

Best Practices

• MASTG-BEST-0029: Implementation guidance covering file-based, package, process, and system property checks
• MASTG-BEST-0030: Additional best practice for root detection

Demos

• MASTG-DEMO-0087: Static demo with working Kotlin/Java code samples, including AndroidManifest.xml, source code, reversed Java, and Semgrep output
• MASTG-DEMO-0088: Dynamic demo with Frida hooks configuration (hooks.json) and output demonstrating root detection bypass

Apps

• MASTG-APP-0032: Sample app for root detection testing
• MASTG-APP-0033: Additional sample app for root detection testing

Tools

• MASTG-TOOL-0146: Tool documentation for root detection analysis
• MASTG-TOOL-0147: Additional tool documentation

Knowledge

• MASTG-KNOW-0027: Updated knowledge article linked to tests and best practices

Additional Changes

• Added new Semgrep rules in rules/mastg-android-root-detection.yaml
• Marked original MASTG-TEST-0045 as deprecated

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• mas.owasp.org
  • Triggering command: /usr/bin/curl curl -s REDACTED git conf�� unset --global /snap/bin/git user.email (dns block)
• semgrep.dev
  • Triggering command: /home/REDACTED/.local/bin/pysemgrep osemgrep --config ../../../../rules/mastg-android-root-detection.yaml ./MastgTest_reversed.java --text k/mastg/mastg/best-practices/android/MASVS-RESILIENCE/ -TEST-0036.md nfig/composer/vendor/bin/grep (dns block)
  • Triggering command: /home/REDACTED/.local/bin/pysemgrep osemgrep --config ../../../../rules/mastg-android-root-detection.yaml ./MastgTest_reversed.java --text --noprofile STG-TEST-0020.md p/bin/grep (dns block)
  • Triggering command: /home/REDACTED/.local/bin/pysemgrep osemgrep --config test_rule.yaml ./MastgTest_reversed.java --text --noprofile STG-TEST-0021.md./techniques/android/MASTG-TECH-0041.md x-gnu.so (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>MASTG v1->v2 MASTG-TEST-0045: Testing Root Detection (android)</issue_title>
<issue_description>
Create a new MASTG v2 test covering for":

• Title: Testing Root Detection
• ID: MASTG-TEST-0045
• Link: https://mas.owasp.org/MASTG/tests/android/MASVS-RESILIENCE/MASTG-TEST-0045/
• Platform: android
• MASVS v1: ['MSTG-RESILIENCE-1']
• MASVS v2: ['MASVS-RESILIENCE-1']

Follow the guidelines
</issue_description>

<agent_instructions>- split into one static and dynamic v2 test

• create one MASTG-TECH for bypassing root detection (it can be used in the dynamic test and demo to "bypass in order to determine if the detection is there", e.g. using objection)
• create one demo for each v2 test
• add a best practice and link it to the test
• add knowledge: [MASTG-KNOW-0027] to the test and best practice
  </agent_instructions>

Comments on the Issue (you are @copilot in this section)

@cpholguera As a reference, see https://github.com//pull/3073/files

• Fixes MASTG v1->v2 MASTG-TEST-0045: Testing Root Detection (android) #3021

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[serek8]

Added a couple of comments. Not sure what is the current policy about the Test and Demo titles. @cpholguera are they good here?

Should we mention that a user can install e.g. KernelSU to verify if the app can resist more advanced rooting tools. We keep saying about more advanced bypasses but don't really describe what they are and how to test the app against them.

[Copilot]

Pull request overview

Copilot reviewed 17 out of 17 changed files in this pull request and generated 11 comments.

[Copilot]

Pull request overview

Copilot reviewed 23 out of 23 changed files in this pull request and generated 13 comments.

[serek8]

• added a couple of suggestions to make sure we don't miss knowledge from #3136
• added a check for dev-keys to make sure we cover more root setups including AndroidStudio emulators