绕过安卓应用检测项
针对Xposed检测
- Android逆向之旅---破解某支付软件防Xposed等框架Hook功能检测机制
- 阿里系产品Xposed Hook检测机制原理分析
- 美团出品-Android Hook技术防范漫谈
- 看雪出品-企业壳反调试及hook检测分析
- 支付宝小专栏-无需 Root 也能使用 Xposed
- 抖音短视频检测 Xposed 分析(一)
- 抖音短视频检测 Xposed 分析(二)
- 检测Android虚拟机的方法和代码实现
针对Frida检测
针对ROOT环境检测
const commonPaths = [
"/data/local/bin/su",
"/data/local/su",
"/data/local/xbin/su",
"/dev/com.koushikdutta.superuser.daemon/",
"/sbin/su",
"/system/app/Superuser.apk",
"/system/bin/failsafe/su",
"/system/bin/su",
"/system/etc/init.d/99SuperSUDaemon",
"/system/sd/xbin/su",
"/system/xbin/busybox",
"/system/xbin/daemonsu",
"/system/xbin/su",
];
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
"com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.koushikdutta.rommanager",
"com.koushikdutta.rommanager.license", "com.dimonvideo.luckypatcher", "com.chelpus.lackypatch",
"com.ramdroid.appquarantine", "com.ramdroid.appquarantinepro", "com.devadvance.rootcloak", "com.devadvance.rootcloakplus",
"de.robv.android.xposed.installer", "com.saurik.substrate", "com.zachspong.temprootremovejb", "com.amphoras.hidemyroot",
"com.amphoras.hidemyrootadfree", "com.formyhm.hiderootPremium", "com.formyhm.hideroot", "me.phh.superuser",
"eu.chainfire.supersu.pro", "com.kingouser.com", "com.android.vending.billing.InAppBillingService.COIN","com.topjohnwu.magisk"
];
var RootBinaries = ["su", "busybox", "supersu", "Superuser.apk", "KingoUser.apk", "SuperSu.apk","magisk"];
var RootProperties = {
"ro.build.selinux": "1",
"ro.debuggable": "0",
"service.adb.root": "0",
"ro.secure": "1"
};
但是就算是把这些都做了,也不一定会绕过root检测的app。
- https://github.com/sensepost/objection/blob/master/agent/src/android/root.ts
- https://codeshare.frida.re/@dzonerzy/fridantiroot/
frida -l antiroot.js -U -f com.example.app --no-pause
