Upgrade to Pro — share decks privately, control downloads, hide ads and more …

RootBeer

Avatar for magiepooh magiepooh
January 11, 2018

 RootBeer

INTRODUCTION: RootBeer
Simple to use root checking Android library and sample app.

Avatar for magiepooh

magiepooh

January 11, 2018
Tweet

More Decks by magiepooh

Other Decks in Technology

Transcript

  1. Root Beer • A tasty root checker library and sample

    app. • Java Check • Native Check
  2. Java Check • CheckRootManagementApps • CheckPotentiallyDangerousAppss • CheckRootCloakingApps • CheckTestKeys

    • checkForDangerousProps • checkForBusyBoxBinary • checkForSuBinary • checkSuExists • checkForRWSystem • checkForSuBinary
  3. detectRootManagementApps • Using the PackageManager, check for a list of

    well known root apps • "com.noshufou.android.su" • "com.noshufou.android.su.elite" • "eu.chainfire.supersu" • "com.koushikdutta.superuser" • "com.thirdparty.superuser" • "com.yellowes.su"
  4. detectPotentiallyDangerousApps • Using the PackageManager, check for a list of

    well known apps that require root • "com.koushikdutta.rommanager" • "com.koushikdutta.rommanager.license" • "com.dimonvideo.luckypatcher" • "com.chelpus.lackypatch" • "com.ramdroid.appquarantine" • "com.ramdroid.appquarantinepro"
  5. detectRootCloakingApps • Using the PackageManager, check for a list of

    well known root cloak apps (not used in isRooted function) • “com.devadvance.rootcloak" • "com.devadvance.rootcloakplus" • "de.robv.android.xposed.installer" • "com.saurik.substrate" • "com.zachspong.temprootremovejb" • "com.amphoras.hidemyroot" • "com.amphoras.hidemyrootadfree" • "com.formyhm.hiderootPremium" • "com.formyhm.hideroot"
  6. checkForBinary("busybox") • busybox • BusyBox combines tiny versions of many

    common UNIX utilities into a single small executable • https://busybox.net/about.html • RootԽͨ͠ޙʹೖΕͨΓ͢ΔΒ͍͠ • ೖͬͨ··ͷ୺຤΋͋ΔΒ͍͠ • RootBeer#isRootedWithoutBusyBoxCheck
  7. checkForRWPaths() • When you're root you can change the permissions

    on common system directories, this method checks if any of these path Const.pathsThatShouldNotBeWrtiable are writable. • "/system" • "/system/bin" • "/system/sbin" • "/system/xbin" • "/vendor/bin" • "/sbin" • "/etc"
  8. detectTestKeys() • Release-Keys and Test-Keys has to do with how

    the kernel is signed when it is compiled. Test-Keys means it was signed with a custom key generated by a third-party developer. • /system/build.prop಺ͷro.build.tags
  9. checkForRootNative() • Native checks are often harder to cloak/trick so

    here we call through to our native root checker • JNI??