Created
September 10, 2014 11:02
-
-
Save nodinosaur/3a13fe0978d14dc5334e to your computer and use it in GitHub Desktop.
RootCheck
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.myapp.utils; | |
| import java.io.File; | |
| import java.io.IOException; | |
| import java.io.InputStream; | |
| import java.util.HashMap; | |
| import java.util.Map; | |
| import java.util.NoSuchElementException; | |
| import java.util.Scanner; | |
| import android.content.Context; | |
| import android.content.pm.PackageManager; | |
| import android.content.pm.PackageManager.NameNotFoundException; | |
| public class RootCheck { | |
| final Context mContext; | |
| public RootCheck(Context context) { | |
| mContext = context; | |
| } | |
| public boolean detectThreats() { | |
| boolean rootManagement = detectRootManagementApps(); | |
| boolean potentiallyDangerousApps = detectPotentiallyDangerousApps(); | |
| boolean suBinary = checkForBinary("su"); | |
| boolean busyboxBinary = checkForBinary("busybox"); | |
| boolean dangerousProps = checkForDangerousProps(); | |
| boolean rwSystem = checkForRWSystem(); | |
| boolean testKeys = detectTestKeys(); | |
| boolean result = rootManagement || potentiallyDangerousApps || suBinary | |
| || busyboxBinary || dangerousProps || rwSystem || testKeys; | |
| return result; | |
| } | |
| public boolean detectTestKeys() { | |
| String buildTags = android.os.Build.TAGS; | |
| if (buildTags != null && buildTags.contains("test-keys")) { | |
| return true; | |
| } | |
| return false; | |
| } | |
| public boolean detectRootManagementApps() { | |
| boolean result = false; | |
| final String[] knownRootAppsPackages = { "com.noshufou.android.su", | |
| "eu.chainfire.supersu", "com.koushikdutta.superuser" }; | |
| PackageManager pm = mContext.getPackageManager(); | |
| for (String packageName : knownRootAppsPackages) { | |
| try { | |
| // Root app detected | |
| pm.getPackageInfo(packageName, 0); | |
| QLog.e(packageName + " ROOT management app detected!"); | |
| result = true; | |
| } catch (NameNotFoundException e) { | |
| // Exception thrown, package is not installed into the system | |
| continue; | |
| } | |
| } | |
| return result; | |
| } | |
| public boolean detectPotentiallyDangerousApps() { | |
| final String[] knownRootAppsPackages = { "com.koushikdutta.rommanager", | |
| "com.dimonvideo.luckypatcher", "com.chelpus.lackypatch" }; | |
| boolean result = false; | |
| PackageManager pm = mContext.getPackageManager(); | |
| for (String packageName : knownRootAppsPackages) { | |
| try { | |
| // app detected | |
| pm.getPackageInfo(packageName, 0); | |
| QLog.e(packageName + " potentially dangerous app detected!"); | |
| result = true; | |
| } catch (NameNotFoundException e) { | |
| // Exception thrown, package is not installed into the system | |
| continue; | |
| } | |
| } | |
| return result; | |
| } | |
| public boolean checkForBinary(String filename) { | |
| String[] pathsArray = { "/sbin/", "/system/bin/", "/system/xbin/", | |
| "/data/local/xbin/", "/data/local/bin/", "/system/sd/xbin/", | |
| "/system/bin/failsafe/", "/data/local/" }; | |
| boolean result = false; | |
| for (String path : pathsArray) { | |
| String completePath = path + filename; | |
| File f = new File(completePath); | |
| boolean fileExists = f.exists(); | |
| if (fileExists) { | |
| QLog.v(completePath + " binary detected!"); | |
| result = true; | |
| } | |
| } | |
| return result; | |
| } | |
| private String[] propsReader() { | |
| InputStream inputstream = null; | |
| try { | |
| inputstream = Runtime.getRuntime().exec("getprop").getInputStream(); | |
| } catch (IOException e) { | |
| e.printStackTrace(); | |
| } | |
| String propval = ""; | |
| try { | |
| propval = new Scanner(inputstream).useDelimiter("\\A").next(); | |
| } catch (NoSuchElementException e) { | |
| e.printStackTrace(); | |
| } | |
| return propval.split("\n"); | |
| } | |
| private String[] mountReader() { | |
| InputStream inputstream = null; | |
| try { | |
| inputstream = Runtime.getRuntime().exec("mount").getInputStream(); | |
| } catch (IOException e) { | |
| e.printStackTrace(); | |
| } | |
| String propval = ""; | |
| try { | |
| propval = new Scanner(inputstream).useDelimiter("\\A").next(); | |
| } catch (NoSuchElementException e) { | |
| e.printStackTrace(); | |
| } | |
| return propval.split("\n"); | |
| } | |
| public boolean checkForDangerousProps() { | |
| final Map<String, String> dangerousProps = new HashMap<String, String>(); | |
| dangerousProps.put("ro.debuggable", "1"); | |
| dangerousProps.put("ro.secure", "0"); | |
| boolean result = false; | |
| String[] lines = propsReader(); | |
| for (String line : lines) { | |
| for (String key : dangerousProps.keySet()) { | |
| if (line.contains(key)) { | |
| String badValue = dangerousProps.get(key); | |
| badValue = "[" + badValue + "]"; | |
| if (line.contains(badValue)) { | |
| QLog.v(key + " = " + badValue + " detected!"); | |
| result = true; | |
| } | |
| } | |
| } | |
| } | |
| return result; | |
| } | |
| public boolean checkForRWSystem() { | |
| boolean result = false; | |
| String[] lines = mountReader(); | |
| for (String line : lines) { | |
| if (line.contains("/system")) { | |
| if (line.contains(" rw,")) { | |
| QLog.v("System partition mounted with rw permissions!"); | |
| result = true; | |
| break; | |
| } | |
| } | |
| } | |
| return result; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment