search

imanshul / react-native-detect-frida

A React-Native library to detect if frida server is running or not.
MIT License
15 stars 1 forks source link

Pixel and other latest devices are giving isRooted true, but the device is not rooted #3

Open nikethsingh opened 1 month ago

nikethsingh commented 1 month ago

Hi,

I've noticed that on Pixel and other latest devices, the isRooted is returning true even though the devices are not rooted. This seems to be a false positive detection.

Steps to Reproduce:

Install the app using react-native-detect-frida on a Pixel device (or other latest devices). Call the isDeviceRooted method. Observe that the method returns isRooted true even though the device is not rooted.

Expected Behavior: The isRooted should return false if the device is not actually rooted.

Actual Behavior: The isRooted returns true on non-rooted Pixel and other latest devices.

Additional Information:

Device: Pixel 7a & Samsung s24 ultra(and other latest devices) react-native-detect-frida version: 0.1.3

Please let me know if you need any additional information to diagnose this issue.

Thank you!

imanshul commented 1 month ago

Yes, as mentioned in docs as well there can be false positive if the manufacturer of device have not closed the ports. In order to avoid the same adjust the root check length based on your needs

isDeviceRooted().then((result) => {
   //In android to avoid false positive check more than 3 state has true in them
   const trueCount = result.checkStatus.filter(item => item.state).length;
   setIsRootedDevice(trueCount > 2);
});
gkasireddy202 commented 4 weeks ago

@imanshul - I am facing the same issue.I tested in Android 14(Pixel 8) device.Geeting isRouted is true but device is not rooted.

Example: const resultDeviceRootedorNot = await isDeviceRooted(); const trueCount = resultDeviceRootedorNot.checkStatus.filter(item => item.state).length; this.setState({ checkIsRootedorNot: resultDeviceRootedorNot.isRooted || trueCount > 2 ? true : false });

const isJailBroken = JailMonkey.isJailBroken(); const resultDeviceRootedorNot = await isDeviceRooted(); const trueCount = resultDeviceRootedorNot.checkStatus.filter(item => item.state).length; if (isJailBroken || resultDeviceRootedorNot.isRooted) { if (trueCount > 2) { this.setState({ checkJailBroken: false }) } else { this.setState({ checkJailBroken: true }) } } else {

                this.setState({ checkJailBroken: false })

        }
imanshul commented 4 weeks ago

If you're using simulator with Android 14, please increase the check count to >3. Also can you please send what all checks are being detected for the same?

gkasireddy202 commented 4 weeks ago

I tested on the Android pixel 8 device(Android version:14). Getting results.isRooted is true and results.checkStatus is [{"id": 10, "name": "TEST KEYS", "state": false}, {"id": 20, "name": "DEV KEYS", "state": false}, {"id": 30, "name": "NON RELEASE KEYS", "state": false}, {"id": 40, "name": "DANGEROUS PROPS", "state": true}, {"id": 50, "name": "PERMISSIVE SELINUX", "state": false}, {"id": 60, "name": "SU EXISTS", "state": false}, {"id": 70, "name": "SUPERUSER APK", "state": false}, {"id": 80, "name": "SU BINARY", "state": false}, {"id": 90, "name": "BUSYBOX BINARY", "state": false}, {"id": 100, "name": "XPOSED", "state": false}, {"id": 110, "name": "RESETPROP(EXPERIMENTAL)", "state": false}, {"id": 120, "name": "WRONG PATH PERMITION", "state": false}, {"id": 130, "name": "HOOKS", "state": false}]

gkasireddy202 commented 4 weeks ago

for Samsung tablet with Android 14 version.

Getting results. isRooted is false and results.checkStatus is [{"id": 10, "name": "TEST KEYS", "state": false}, {"id": 20, "name": "DEV KEYS", "state": false}, {"id": 30, "name": "NON RELEASE KEYS", "state": false}, {"id": 40, "name": "DANGEROUS PROPS", "state": false}, {"id": 50, "name": "PERMISSIVE SELINUX", "state": false}, {"id": 60, "name": "SU EXISTS", "state": false}, {"id": 70, "name": "SUPERUSER APK", "state": false}, {"id": 80, "name": "SU BINARY", "state": false}, {"id": 90, "name": "BUSYBOX BINARY", "state": false}, {"id": 100, "name": "XPOSED", "state": false}, {"id": 110, "name": "RESETPROP(EXPERIMENTAL)", "state": false}, {"id": 120, "name": "WRONG PATH PERMITION", "state": false}, {"id": 130, "name": "HOOKS", "state": false}]

imanshul commented 4 weeks ago

As mentioned in docs as well, sometimes the manufacturer leaves some port opens due to which the library may detect false positive, so in order to avoid it you can use by filtering how many check fails, and if it's more than 2 you can mark it as rooted, as rooted will have more checks failing then normal devices.

Also will dig deep into this and will update you if we find some other reason.

gkasireddy202 commented 4 weeks ago

@imanshul - Thanks for your update. The Tablet returns 0 true value and Pixel 8 returns 1 true value from the array object.

gkasireddy202 commented 2 weeks ago

@imanshul - Any update on this issue? const isJailBroken = JailMonkey.isJailBroken(); const resultDeviceRootedorNot = await isDeviceRooted(); const trueCount = resultDeviceRootedorNot.checkStatus.filter(item => item.state).length; if (isJailBroken || resultDeviceRootedorNot.isRooted) { if (trueCount > 2) { Disable the login button } else { Enable the login button } } else { if (trueCount > 2) { Disable the login button } else { Enable the login button } }