針對Xposed檢測
- Android逆向之旅---破解某支付軟件防Xposed等框架Hook功能檢測機制
- 阿里系產品Xposed Hook檢測機制原理分析
- 美團出品-Android Hook技術防范漫談
- 看雪出品-企業殼反調試及hook檢測分析
- 支付寶小專欄-無需 Root 也能使用 Xposed
- 抖音短視頻檢測 Xposed 分析(一)
- 抖音短視頻檢測 Xposed 分析(二)
- 檢測Android虛擬機的方法和代碼實現
針對Frida檢測
針對ROOT環境檢測
const commonPaths = [
"/data/local/bin/su",
"/data/local/su",
"/data/local/xbin/su",
"/dev/com.koushikdutta.superuser.daemon/",
"/sbin/su",
"/system/app/Superuser.apk",
"/system/bin/failsafe/su",
"/system/bin/su",
"/system/etc/init.d/99SuperSUDaemon",
"/system/sd/xbin/su",
"/system/xbin/busybox",
"/system/xbin/daemonsu",
"/system/xbin/su",
];
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
"com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.koushikdutta.rommanager",
"com.koushikdutta.rommanager.license", "com.dimonvideo.luckypatcher", "com.chelpus.lackypatch",
"com.ramdroid.appquarantine", "com.ramdroid.appquarantinepro", "com.devadvance.rootcloak", "com.devadvance.rootcloakplus",
"de.robv.android.xposed.installer", "com.saurik.substrate", "com.zachspong.temprootremovejb", "com.amphoras.hidemyroot",
"com.amphoras.hidemyrootadfree", "com.formyhm.hiderootPremium", "com.formyhm.hideroot", "me.phh.superuser",
"eu.chainfire.supersu.pro", "com.kingouser.com", "com.android.vending.billing.InAppBillingService.COIN","com.topjohnwu.magisk"
];
var RootBinaries = ["su", "busybox", "supersu", "Superuser.apk", "KingoUser.apk", "SuperSu.apk","magisk"];
var RootProperties = {
"ro.build.selinux": "1",
"ro.debuggable": "0",
"service.adb.root": "0",
"ro.secure": "1"
};
但是就算是把這些都做了,也不一定會繞過root檢測的app。
- https://github.com/sensepost/objection/blob/master/agent/src/android/root.ts
- https://codeshare.frida.re/@dzonerzy/fridantiroot/
frida -l antiroot.js -U -f com.example.app --no-pause