From 822434e5f7ea6a15abfef196ccb521196f6f2e5e Mon Sep 17 00:00:00 2001 From: Sergey V Date: Fri, 25 Nov 2016 13:24:41 +0300 Subject: [PATCH 1/2] Update RootCloak against RootBeer checks - Remove tool-checker library hook as it cause crash. - Add hook for RootBeerNative.checkForRoot() native method. - Add hook for exec 'getprop' command. - Update hook for SystemProperties.get("ro.build.selinux"). --- .../devadvance/rootcloak2/DefaultLists.java | 4 ++-- .../com/devadvance/rootcloak2/RootCloak.java | 23 +++++++++++++++---- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/app/src/main/java/com/devadvance/rootcloak2/DefaultLists.java b/app/src/main/java/com/devadvance/rootcloak2/DefaultLists.java index 8602e62..2f9924d 100644 --- a/app/src/main/java/com/devadvance/rootcloak2/DefaultLists.java +++ b/app/src/main/java/com/devadvance/rootcloak2/DefaultLists.java @@ -54,7 +54,7 @@ public class DefaultLists { "root", "busybox", "titanium", ".tmpsu", "su", "rootcloak2"}; - public static final String[] DEFAULT_COMMAND_LIST = new String[]{"su", "which", "busybox", "pm", "am", "sh", "ps"}; + public static final String[] DEFAULT_COMMAND_LIST = new String[]{"su", "which", "busybox", "pm", "am", "sh", "ps", "getprop"}; - public static final String[] DEFAULT_LIBNAME_LIST = new String[]{"tool-checker"}; // RootBearNative + public static final String[] DEFAULT_LIBNAME_LIST = new String[]{}; // off } diff --git a/app/src/main/java/com/devadvance/rootcloak2/RootCloak.java b/app/src/main/java/com/devadvance/rootcloak2/RootCloak.java index f5fef5f..dac9917 100644 --- a/app/src/main/java/com/devadvance/rootcloak2/RootCloak.java +++ b/app/src/main/java/com/devadvance/rootcloak2/RootCloak.java @@ -30,7 +30,6 @@ import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam; import de.robv.android.xposed.callbacks.XCallback; - import static de.robv.android.xposed.XposedHelpers.findAndHookMethod; import static de.robv.android.xposed.XposedHelpers.findConstructorExact; @@ -101,12 +100,12 @@ private void initOther(final LoadPackageParam lpparam) { } } - // Tell the app that SELinux is enforcing, even if it is not. + // Tell the app that SELinux is disabled findAndHookMethod("android.os.SystemProperties", lpparam.classLoader, "get", String.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable { if (((String) param.args[0]).equals("ro.build.selinux")) { - param.setResult("1"); + param.setResult(""); if (debugPref) { XposedBridge.log("SELinux is enforced."); } @@ -128,6 +127,20 @@ protected void beforeHookedMethod(MethodHookParam param) throws Throwable { } } }); + + // RootBear checkForRoot hook + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeerNative", lpparam.classLoader, "checkForRoot", + Object[].class, + new XC_MethodHook() { + @Override + public void beforeHookedMethod(MethodHookParam param) throws Throwable { + param.setResult(0); + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } } /** @@ -248,7 +261,7 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable { // Ho } List packages = (List) param.getResult(); // Get the results from the method call - Iterator iter = packages.iterator(); + Iterator iter = packages.iterator(); ApplicationInfo tempAppInfo; String tempPackageName; @@ -519,6 +532,8 @@ protected void beforeHookedMethod(MethodHookParam param) throws Throwable { param.setThrowable(new IOException()); } else if (commandSet.contains("sh") && (firstParam.equals("sh") || firstParam.endsWith("/sh"))) { param.setThrowable(new IOException()); + } else if (commandSet.contains("getprop") && (firstParam.equals("getprop") || firstParam.endsWith("/getprop"))) { + param.setResult(Runtime.getRuntime().exec("echo")); } else { param.setThrowable(new IOException()); } From 28ae8f9f2d3ba69796b65aed768882d0707b7d65 Mon Sep 17 00:00:00 2001 From: Rowan de Haas Date: Tue, 24 Jan 2017 05:03:38 +1100 Subject: [PATCH 2/2] Add hooks for RootBeer's public methods --- .../com/devadvance/rootcloak2/RootCloak.java | 118 +++++++++++++++++- 1 file changed, 114 insertions(+), 4 deletions(-) diff --git a/app/src/main/java/com/devadvance/rootcloak2/RootCloak.java b/app/src/main/java/com/devadvance/rootcloak2/RootCloak.java index dac9917..d1712eb 100644 --- a/app/src/main/java/com/devadvance/rootcloak2/RootCloak.java +++ b/app/src/main/java/com/devadvance/rootcloak2/RootCloak.java @@ -128,14 +128,124 @@ protected void beforeHookedMethod(MethodHookParam param) throws Throwable { } }); - // RootBear checkForRoot hook + // RootBeer hooks + try { findAndHookMethod("com.scottyab.rootbeer.RootBeerNative", lpparam.classLoader, "checkForRoot", Object[].class, - new XC_MethodHook() { + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "detectRootManagementApps", + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "detectPotentiallyDangerousApps", + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "checkForBinary", + String.class, + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "checkForDangerousProps", + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "checkForRWPaths", + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "detectTestKeys", + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "checkSuExists", + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "checkForRootNative", + new XC_MethodReplacement() { + @Override + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; + } + }); + } catch (XposedHelpers.ClassNotFoundError e) { + e.printStackTrace(); + } + + try { + findAndHookMethod("com.scottyab.rootbeer.RootBeer", lpparam.classLoader, "detectRootCloakingApps", + new XC_MethodReplacement() { @Override - public void beforeHookedMethod(MethodHookParam param) throws Throwable { - param.setResult(0); + protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable { + return false; } }); } catch (XposedHelpers.ClassNotFoundError e) {