search

abcz316 / SKRoot-linuxKernelRoot

新一代SKRoot,挑战全网root检测手段,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,全程不需要暂停SELinux,实现真正的SELinux 0%触碰,通用性强,通杀所有内核,不需要内核源码,直接patch内核,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。
2.82k stars 717 forks source link

支付宝监测到了 #51

Open louhefeng opened 1 year ago

louhefeng commented 1 year ago

支付宝监测到了,公积金无法刷脸了

abcz316 commented 1 year ago

This is impossible because it is theoretically impossible to detect. I am sure you have not studied the source code, please go back and read it again, such as patch_kernel_root.cpp, testRoot.cpp, only after you read it, you will understand that this work is like God from the moment of birth.

Here are a few troubleshooting suggestions I can offer you:

  1. Ensure that the kernel modifications are based on the official original version, rather than being compiled independently or using third-party source code.

  2. If you have ever used Magisk, you should completely reflash your phone, as Magisk might leave residual log files and other information.

  3. Do not install tools that require ROOT permission or applications that involve system environment detection, such as refrigerators, black holes, momos, and key authentication. The existence of these applications may be used as evidence to infer that your device has obtained ROOT permissions. Taking the refrigerator as an example, this application requires ROOT permission to run. If a refrigerator is installed on your device, it may be used to prove that your device is in a ROOT environment. In actual testing, we found that the "X Rent Account" app will perform such environmental testing. Therefore, we strongly recommend not installing these tools. If necessary, please uninstall immediately after use to reduce the risk of abnormal environment judgment.

  4. Android apps are highly likely to be feature-detected. While we only provide app call tutorials here, in actual use, you should hide the app yourself, or try to uninstall the app, switching to using the command-line method with testRoot.cpp.

  5. In older versions of Android, apps can access the /data/local/tmp directory without any permissions. In this case, you need to upgrade your Android system version or uninstall SU.

  6. If your phone sounds an alarm once unlocked, you need to address this issue yourself as it's unrelated to SKRoot.

  7. Check whether the application is detecting the Bootloader lock rather than ROOT permissions. If so, you should install SKRoot's hidden Bootloader lock module.

  8. Please check whether the SELinux status has been disabled by malware.

I hope this information can help you.

For more information, please refer to the website: https://github.com/abcz316/SKRoot-linuxKernelRoot#%E9%97%AE%E9%A2%98%E6%8E%92%E6%9F%A5

Gunkkk commented 10 months ago

只要对它有任何instrusive行为都能被检测到 只保留patch的情况下屏蔽好BL解锁 在应用权限范围内感觉很难有检测思路? 不过大厂往往不光拥有应用权限🤡