scottyab / rootbeer Goto Github PK

Test root beer on the Android P beta

[] Non-rooted device passed the root test
[] Rooted device fails root test

Another root check could be to attempt to mount the “/system”
partition with the command mount -o remount,rw /system and check return code.

Just wanted to inform you about another false positive that could be added to the Wiki:

An unrooted Elephone R9 with Android SDK Version 25 (Android 7.1.1) gives the following results

isRooted(): true
isRootedWithoutBusyBoxCheck(): true
canLoadNativeLibrary(): true
checkForNativeLibraryReadAccess(): true
checkForDangerousProps(): true

checkForBusyBoxBinary(): false
checkForMagiskBinary(): false
checkForRootNative(): false
checkForRWPaths(): false
checkForSuBinary(): false
checkSuExists(): false
detectPotentiallyDangerousApps(): false
detectRootCloakingApps(): false
detectRootManagementApps(): false
detectTestKeys(): false

java.lang.UnsatisfiedLinkError:
at com.scottyab.rootbeer.RootBeerNative.setLogDebugMessages (Native Method)
at com.scottyab.rootbeer.b.i (SourceFile:373)
at com.scottyab.rootbeer.b.a (SourceFile:45)

For the below constants, It would be better to keep the encrypted file path strings in the string array
1. knownRootAppsPackages
2. knownDangerousAppsPackages
3. knownRootCloakingPackages
4. suPaths
5. pathsThatShouldNotBeWrtiable
So that we can avoid chances for changing the file path names and breaking the root detection checking by hackers
Use decrypted strings where ever using this file path.

Hi,

Devices like LYF and Lenovo devices are giving rooted device, even this OS comes with default mobile.

/data/local/
/sbin/
/system/bin/
/system/xbin/

Hi
I am getting following error after integration of Rootbeer lib in my app
Error:(XX) Android NDK: Application targets deprecated ABI(s): armeabi
Error:(XX) Android NDK: Support for these ABIs will be removed in a future NDK release.
Although app is compiling and running as it is.
What could be the possible solution for this error?

We have a client whose Infosec team have run a vulnerability scanning tool on our app and found that libtool-checker.so from RootBeer is compiled without -pie and -fstack-protector flags.

Is there a reason not to use these flags? If not, could you please add them?

The library fails tests on devices rooted via Magisk.

• Bundle recent changes to new version rootbeer-lib:0.0.5
• Add Change log
• Upload release version of Sample app to Google Play

On the 2 phones I tested (running 7.0 and 7.1.1), the which binary was located at /system/bin/which and not /system/xbin/which, which is hardcoded.

Proposed solution: don't hardcode /system/xbin/which

I ran the 'RootBeer Sample' app downloaded by google play on some xiaomi devices. and I found a problem that the devices are evaluated as rooted.

Xiaomi Mi max2 - busybox binary
Hongmi(Redmi) Note3 Pro - busybox binary, dangerous props
Xiaomi Mi Note - busybox binary, su binary, root native

Xiaomi Mi A1 - not rooted
Huawei honor 6x - not rooted

I'm not sure whether the devices are actually rooted or not. But as far as I know the devices are not rooted because I got the devices from where some kind of public institutions.

Is that issues for xiaomi devices? Or is that rooted actually?
How can I deal with it?

Hi,

My redmi note 3 is not rooted, but the method rootBeer.isRooted() return true.

Thanks
Akshay

I am using rootbeer in my custom application and its not working when Magisk Hide is enabled.

Device is Nexus 6, 6.0, rooted

When Magisk Hide is enabled -> rootBeer.isRooted() and rootBeer.isRootedWithoutBusyBoxCheck() both return false.

When Magisk Hide is disabled --> only then rootbeer detects device is rooted and returns true

I have imported the rootbeer project. But after running this project i am getting below error

Error:error: unable to execute command: program not executable
Error:error: linker command failed with exit code 1 (use -v to see invocation)
Error:org.gradle.internal.UncheckedException: Build command failed.
Error:error: unable to execute command: program not executable
Error:error: linker command failed with exit code 1 (use -v to see invocation)
Error:Build command failed.
Error:error: unable to execute command: program not executable
Error:error: linker command failed with exit code 1 (use -v to see invocation)

can anyone help?

Log as below：

I/OpenGLRenderer: Initialized EGL, version 1.4
I/RootBeer: QLog: <clinit>() [28] - Log class reloaded
V/RootBeer: RootBeer: checkForRWPaths() [289] - /sbin path is mounted with rw permissions!
I/RootBeer: LOOKING FOR BINRARY: /data/local/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /data/local/bin/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /data/local/xbin/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /sbin/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /system/bin/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /system/bin/.ext/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /system/bin/failsafe/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /system/sd/xbin/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /system/usr/we-need-root/su Absent :(
I/RootBeer: LOOKING FOR BINRARY: /system/xbin/su Absent :(
I/Choreographer: Skipped 9851 frames!  The application may be doing too much work on its main thread.
V/RenderScript: 0x7f80a0e000 Launching thread(s), CPUs 8

My Nexus 6p is not rooted.

attempt to execute su and check return code

Fatal Exception: java.lang.NullPointerException
src == null
java.util.Scanner. (Scanner.java:226)
java.util.Scanner. (Scanner.java:210)
com.scottyab.rootbeer.RootBeer.propsReader(RootBeer.java)
com.scottyab.rootbeer.RootBeer.checkForDangerousProps(RootBeer.java)

Hi guys I got some possible false positive reports of Huawei Mate 10 lite (HWRNE) phone. Anyone else with this issue?

Time to time I receive crash reported in Fabric that library crashed.

Fatal Exception: java.lang.UnsatisfiedLinkError: Couldn't load tool-checker from loader dalvik.system.PathClassLoader[dexPath=/data/app/com.myapp.example-2.apk,libraryPath=/data/app-lib/com.myapp.example-2]: findLibrary returned null

   at java.lang.Runtime.loadLibrary(Runtime.java:355)
   at java.lang.System.loadLibrary(System.java:525)
   at com.scottyab.rootbeer.RootBeerNative.(SourceFile)
   at com.scottyab.rootbeer.RootBeer.checkForRootNative(SourceFile:305)
   at com.myapp.example.entity.DeviceConfig.com.scottyab.rootbeer.RootBeer.isRooted(SourceFile:2044)
   at com.myapp.example.entity.DeviceConfig.parseJson(SourceFile:359)
   at com.myapp.example.net.request.Request.prepareRequest(SourceFile:2197)
   at com.myapp.example.net.request.Request.execute(SourceFile:129)
   at com.myapp.example.service.AppStartService.onStartCommand(SourceFile:65)
   at android.app.ActivityThread.handleServiceArgs(ActivityThread.java:2833)
   at android.app.ActivityThread.access$2000(ActivityThread.java:159)
   at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1419)
   at android.os.Handler.dispatchMessage(Handler.java:99)
   at android.os.Looper.loop(Looper.java:176)
   at android.app.ActivityThread.main(ActivityThread.java:5419)
   at java.lang.reflect.Method.invokeNative(Method.java)
   at java.lang.reflect.Method.invoke(Method.java:525)
   at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1046)
   at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:862)
   at dalvik.system.NativeStart.main(NativeStart.java)

Devices and values provided by Fabric:
ASUS_T00J 4.4.2 No rooted
K6000 Pro 6.0 No rooted
GT-I9300 4.3 No rooted
B1-810 4.4.4 No rooted
P400 4.1.2 Rooted

Check system property ro.modversion which can be used to identify certain custom roms such as Cyanogenmod

The following article metions a root check subverting library/app that beats all of the tested checks . Test to see how Rootbeer stacks up.
All your Root Checks are Belong to Us: The Sad State of Root Detection http://dl.acm.org/citation.cfm?id=2810364, https://www.blackhat.com/docs/eu-15/materials/eu-15-Benameur-All-Your-Root-Checks-Are-Belong-To-Us-The-Sad-State-Of-Root-Detection.pdf

Are there any proguard rules? because is not working woth proguard activated
Thanks

When systemless rooted, the su binary location is /su/bin/su. Its path (/su/bin/) should be added to detect the binary using the checkForBinary(...) method.

I have a Moto Z Cell phone for a year. Although it is original but some payment applications which make use of rootbeer indicate my phone as ROOTed and do not let installation on my phone.
One reason is my phone has su command however it is not executable as it is indicated on 'Commands' section of 'Eric Gruber' article .

Sort out the ndk dependancies to build with gradle, maybe use https://github.com/nhachicha/android-native-dependencies

When you press "check" button the test start but that button is still available to be pressed again. If you press again 3 or 4 times, the process is queued and it does the check again and again (the number of times you pressed it).

I suggest to lock check button once is pressed to skip this behavior.

To reproduce the error just open the app and press 5 times the check button, it will perform 5 checks.

I am using rootbeer in @walleth - there it is not so important that all kinds of root are detected as it is just displayed as a security information to the user (like this: https://twitter.com/wallethapp/status/993808674895343616 ) - it is more important to me that the file is not so big and all devices are able to update (this is now broken with a recent rootbeer update as the amount of included Native platforms was reduced) - unfortunately I just noticed when releasing on play and got the warning. It would be great if there is a flavor in rootbeer that does not contain the native checks - what do you think? The other option I see is to fork the project and remove these checks - but I would prefer to not fork.

I set rootcloak to hide root things from rootbeer sample app, and then the app crashes at root native check.
Notice: rw paths successfully detected.
OTP Smartbank app (Hungary) uses this root checking library, and it also crashes. Also, if i dont use rootcloak for smartbank, then it will not launch...
I bet the Hungarian OTP team not going to update the library in their app, so can you give me a quick fix how can i bypass the detection in an old version? You know, old versions not supported..
Me and many other users of the app thinks that OTP wants to decide if we want to use root, and it's a bad behavior.

Anyway, here is the log (OTP Smartbank crash when checking for root if rootcloak tries to hide it):
And a video (about the crashing sample app)

According to the same app provided on Google play store, it shows the device has busy box binary installed and all other checks are negative.
The sample didn't detected su binary and su management apps but still flag my device as rooted. How is that possible?

Feel free if any other details or logs are required.

Here is the device model I am referring to
http://www.gsmarena.com/motorola_moto_e3_power-8337.php

Are there other Root-Detections that RootBeer at the moment don't cover ?

We have theese crashes in our app mobile, with activated proguard

Fatal Exception: java.lang.UnsatisfiedLinkError: No implementation found for int com.scottyab.rootbeer.RootBeerNative.setLogDebugMessages(boolean) (tried Java_com_scottyab_rootbeer_RootBeerNative_setLogDebugMessages and Java_com_scottyab_rootbeer_RootBeerNative_setLogDebugMessages__Z) at com.scottyab.rootbeer.RootBeerNative.setLogDebugMessages(RootBeerNative.java) at com.scottyab.rootbeer.RootBeer.checkForRootNative(RootBeer.java:373) at com.scottyab.rootbeer.RootBeer.isRooted(RootBeer.java:45) at LoginActivity.onCreate(LoginActivity.java:136) at android.app.Activity.performCreate(Activity.java:5990) at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1106) at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2278) at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2387) at android.app.ActivityThread.access$800(ActivityThread.java:151) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1303) at android.os.Handler.dispatchMessage(Handler.java:102) at android.os.Looper.loop(Looper.java:135) at android.app.ActivityThread.main(ActivityThread.java:5254) at java.lang.reflect.Method.invoke(Method.java) at java.lang.reflect.Method.invoke(Method.java:372) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698) at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)

String[] lines = mountReader(); is returning null in some devices.

Need to add a null check before for loop.

ONEPLUS 3 phone no root，but checked is rooted

Upon installation, app will load and crash immediately

Android level 4.4.4KTU84P
No known rooting done by end user

Using rootbeer on a 64bit device (Nexus 6P) and I get an exception saying the native library is missing.

I'll look to provide a PR with a fix.

http://www.androidpolice.com/2016/08/29/chainfire-releases-suhide-experimental-officially-unsupported-way-hide-root-status-app-app-basis/

Hi, I have one app that have compatibility with all devices, but only when there's no native libraries but armeabi-v7a, after adding iroot plugin (that is a wrapper of this one), it creates several other architectures libtool-checker.so files (mips, mips64, x86_64 ...) and this is making my app crash.
Do you know how to limit the plugin so the only generated native library is for armeabi-v7a?
I've been looking through all the code and didn't found where it defines these architectures.
I have already ask the same question here: WuglyakBolgoink/cordova-plugin-iroot#13 (comment)
Thanks.

When I am using isRooted(), my most of the device showing it's rooted, so I decided to use isRootedWithoutBusyBoxCheck() as stated in #39 .

So what is exactly busy box binary?

I'm new please suggest my any good way, Thanks happy coding :-)

I use your library in my Android project. I would like to suggest that there is the possibility to deactivate logging. In QLog the value for Logging Level is hardcoded to "ALL".
Also, the logging message (level INFO) I get is

I/RootBeer: LOOKING FOR BINRARY: /system/bin/su Absent :(

binRary instead of binary.

Hi,

My app is being accused of being a rooted device only on Android 9.
Is there already any known reason for that?

Hi,

Im getting this result on Nexus 5, Nexus 5X and Nexus 6. None of these devices is rooted. How is that possible?

rotbeer lib will detect Magisk is present.

Scenario 1: If Magisk is present and root hide is enabled
Scenario 2: If Magisk is present and root hide is disabled

Provide some adv DexGuard config to mask the rootcheck method calls and the const.java.

I was looking through your code and I noticed it was looking for ro.build.selinux. I'm just currious, why is that property a sign of a rooted system?

I face a problem appearing similar to #13 for a regular Nexus 6 on a non-rooted (and non-tampered-with) Android 6.0.1 system. Specifically, checkForRWPaths() returns true when hitting these variable assignments:

• line: "none /dev/cpuset cgroup rw,relatime,cpuset,noprefix,release_agent=/sbin/cpuset_release_agent 0 0"
• pathToCheck: "/sbin"

Hi,
thank you for the great lib,

I have an app that has compiled libs only for armeabi and x86, whne I run it it works well and all my .so are found when needed, when I add rootbeer-lib, to my dependencies, it adds other libs (including arm64) which i don't have .so for, my app starts runing in arm64 and fails to fails to find my lib and therefore craches.

how can I tell rootbeer to only provide .so for architectures I support?

Thank you

Used RootBeer library to detect whether an android device was rooted or not. Apparently RIM Blackberry allows android app to run on them and the library crashed on those devices.

Caused by java.lang.NullPointerException
java.util.Scanner. (Scanner.java:226)
java.util.Scanner. (Scanner.java:210)
com.scottyab.rootbeer.RootBeer.mountReader (RootBeer.java:208)
com.scottyab.rootbeer.RootBeer.checkForRWPaths (RootBeer.java:251)
com.scottyab.rootbeer.RootBeer.isRooted (RootBeer.java:41)

Currently we have a static list of packages and paths to check and verify, it would be useful is users of the library could optionally add additional packages to check so not to be reliant on library updates.