Android Bypass Root Detection - ssooking
source link: https://ssooking.github.io/2020/09/android-bypass-root-detection/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
RootCloak
RootCloak是非常流行的Xposed模块,可用于隐藏设备的根状态。即使模块的回购页面显示“具有5.x和6.x支持”并且我的设备运行的是Android 9.0,我仍然尝试过。
Bypass Root Check Using Xposed:
*1) Install Xposed* https://repo.xposed.info/module/de.robv.android.xposed.installer*
2) Install “RootCloak” (Xposed Module)
3) Open RootCloak > Add/Remove Apps > (select target app) and tap it.
4) Done! (open app and check if it’s works)*
UnRootBeer
Objection
Objection是由Frida提供支持的运行时工具包。使用命令android root disable
,异议将尝试绕过应用程序的根检测机制。
objection -g "com.navinfo.gw" explore
Magisk隐藏
Magisk的功能之一是Magisk Hide,它可用于绕过根检测和系统完整性检查。
从Magisk v20.4开始,默认情况下将禁用Magisk Hide。要启用此功能,请打开Magisk Manager,在边栏中单击设置,将Magisk Hide选项切换为ON ,然后重新启动应用程序。
将RootBeer Sample添加到Magisk Hide之后,结果是接近完美的分数,通过了11张检查中的10张。
Fridantiroot
下一个工具涉及Frida,它是一个动态的检测工具包,可用于篡改应用程序的过程。在本实验中,使用了公共可用的JS脚本(Fridantiroot)。但是,此脚本在我的设备上不起作用。
幸运的是,我发现了适用于我的设备的Fridantiroot的修改版本。
frida -U --no-pause -f com.xxxx.xxx -l root_bypass.js
手工分析APK
Bypass Root Check Manual Way:
1) Decompile the APK file using “APKTool”
# apktool d /path/to/apk/target.apk -o /path/to/output/
(“d” for “decompile” and “-o” for output dir)
2) Most root detection techniques rely on checking for files on the OS that indicate the device has been rooted. Using GREP, search for any of the follow strings and change them to something random:
- Superuser
- Supersu
- /su
- /system/app/Superuser.apk
- /system/bin
- /system/bin/su
- /system/sd/xbin
- /system/xbin/su
- /system/xbin
- /data/local
- /data/local/bin
- /data/local/xbin
- /sbin
- /system/bin/failsafe
- /vendor/bin
Note: Other detection techniques look for any of the below-installed packages on the mobile device at runtime:
- supersu.apk
- Busybox
- Root Cloak
- Xpose framework
- Cydia
- Substrate
3) Build the new version of APK with APKTool:
# apktool b /path/to/modified apk/target-new.apk -o /path/to/output/
(“b” for “build” and “-o” for output dir)
4) Sign with jarsigner tool
# /path/to/my-key.keystore -storepass password -keypass password target-new.apk alias_name
(You may need to generate the keystore first with keytool:)
# keytool -genkey -v -keystore my-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity10000
5) Finally, install the new version and enjoy!
Comparison of Different Android Root-Detection Bypass Tools
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK