search

devadvance / rootcloak

Open source module for Xposed Framework that hides root from specific apps
Other
486 stars 126 forks source link

C More #106

Open Lostish opened 7 years ago

Lostish commented 7 years ago

The app in question, Swedish TV, movie, series video app. https://play.google.com/store/apps/details?id=se.cmore.bonnier

It does not detect root. As it did before Root cloak. But when i try to play a video/series/material, with root cloak. It just gets in the player trying to fetch the video but second later exits back to material selection.

This is a post on another forum that has decompiled the app and gotten one function that checks for root. There may be more.

package hu.accedo.commons.tools;

import android.os.Build;
import java.io.File;

public class RootCheck
{

    public RootCheck()
    {
    }

    private static boolean checkRootMethod1()
    {
        String s = Build.TAGS;
        return s != null && s.contains("test-keys");
    }

    private static boolean checkRootMethod2()
    {
        boolean flag;
        try
        {
            flag = (new File("/system/app/Superuser.apk")).exists();
        }
        catch (Exception exception)
        {
            return false;
        }
        return flag;
    }

    public static boolean isDeviceRooted()
    {
        return checkRootMethod1() || checkRootMethod2();
    }
}

A part of the log,

08-03 14:32:32.848 I/Xposed  (  557): Original build tags: dev-keys
08-03 14:32:32.848 I/Xposed  (  557): New build tags: release-keys
08-03 14:32:32.858 I/Xposed  (  557): File: Found a File constructor: /data/app/se.cmore.bonnier-1/base.apk
08-03 14:32:32.859 I/Xposed  (  557): File: Found a File constructor: /data/theme
08-03 14:32:32.861 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier, with: cache
08-03 14:32:32.862 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier, with: code_cache
08-03 14:32:32.863 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/code_cache, with: com.android.opengl.shaders_cache
08-03 14:32:32.868 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.869 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.870 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.871 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.874 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.875 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.876 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.877 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.879 I/Xposed  (  557): Hooked getPackageInfo
08-03 14:32:32.886 I/Xposed  (  557): File: Found a File constructor: /data/theme
08-03 14:32:32.888 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.889 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.889 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.890 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.892 I/Xposed  (  557): File: Found a File constructor: /data/theme
08-03 14:32:32.901 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.903 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.903 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.904 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.907 I/Xposed  (  557): Hooked getApplicationInfo : se.cmore.bonnier
08-03 14:32:32.909 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.911 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.911 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.912 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.914 I/Xposed  (  557): Hooked getPackageInfo
08-03 14:32:32.921 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.922 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.922 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:32.923 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:32.926 I/Xposed  (  557): Hooked getPackageInfo
08-03 14:32:32.937 I/Xposed  (  557): File: Found a File constructor: proc/557/cmdline
08-03 14:32:32.962 I/Xposed  (  557): File: Found a File constructor: /system/framework/QPerformance.jar
08-03 14:32:32.963 I/Xposed  (  557): File: Found a File constructor:
08-03 14:32:32.964 I/Xposed  (  557): File: Found a File constructor: /system/framework/QPerformance.jar
08-03 14:32:32.967 I/Xposed  (  557): File: Found a File constructor: /vendor/lib
08-03 14:32:32.969 I/Xposed  (  557): File: Found a File constructor: /system/lib
08-03 14:32:32.970 I/Xposed  (  557): File: Found a File constructor:
08-03 14:32:32.971 I/Xposed  (  557): File: Found a File constructor:
08-03 14:32:32.973 I/Xposed  (  557): Hooked loadLibrary
08-03 14:32:32.973 I/Xposed  (  557): File: Found a File constructor: /vendor/lib, with: libqti_performance.so
08-03 14:32:32.975 I/Xposed  (  557): File: Found a File constructor: /system/lib, with: libqti_performance.so
08-03 14:32:33.031 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier, with: shared_prefs
08-03 14:32:33.032 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/shared_prefs, with: DEVICE_ID.xml
08-03 14:32:33.033 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/shared_prefs/DEVICE_ID.xml.bak
08-03 14:32:33.055 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier, with: files
08-03 14:32:33.056 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/files, with: ConfigService.config2
08-03 14:32:33.058 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/files, with: ConfigService.config2
08-03 14:32:33.100 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/files, with: country
08-03 14:32:33.101 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:33.102 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:33.102 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:33.103 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:33.106 I/Xposed  (  557): Hooked getPackageInfo
08-03 14:32:33.107 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier, with: cache
08-03 14:32:33.108 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/cache/otc/
08-03 14:32:33.109 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/cache/otc/, with: 8f6534e43ed2c8995732c761401fe07d
08-03 14:32:33.110 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:33.111 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/cache/otc/
08-03 14:32:33.112 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:33.112 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:33.112 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/cache/otc/, with: 8f6534e43ed2c8995732c761401fe07d
08-03 14:32:33.114 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/cache/otc/
08-03 14:32:33.114 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:33.115 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/cache/otc/, with: 8f6534e43ed2c8995732c761401fe07d
08-03 14:32:33.119 I/Xposed  (  557): Hooked getPackageInfo
08-03 14:32:33.123 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/shared_prefs, with: se.cmore.bonnier_preferences.xml
08-03 14:32:33.124 I/Xposed  (  557): File: Found a File constructor: /data/user/0/se.cmore.bonnier/shared_prefs/se.cmore.bonnier_preferences.xml.bak
08-03 14:32:33.166 I/Xposed  (  557): Hooked getRunningAppProcesses
08-03 14:32:33.168 I/Xposed  (  557): Hooked getRunningAppProcesses
08-03 14:32:33.169 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:33.170 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:33.170 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:33.171 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:33.174 I/Xposed  (  557): Hooked getPackageInfo
08-03 14:32:33.177 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:33.178 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire
08-03 14:32:33.178 I/Xposed  (  557): File: Found a File constructor: /data/lp/xposed
08-03 14:32:33.179 I/Xposed  (  557): File: Found a File constructor with word super, noshufou, or chainfire

The whole can be downloaded from, error.log

Link expires Sep 30, 2016

hikaritenchi commented 7 years ago

RootCloak definitely works against those two checks, so it's probably somewhere else.