FORUMS
Remove All Ads from XDA

[2016.10.10] suhide v0.55 [CLOSED]

11,217 posts
Thanks Meter: 85,986
 
By Chainfire, XDA Ad-Free Senior Moderator / Senior Recognized Developer - Where is my shirt? on 29th August 2016, 11:15 AM
Thread Closed Email Thread
THIS IS CURRENTLY NOT WORKING
A newer version is available here: https://forum.xda-developers.com/app...-lite-t3653855

suhide is an experimental (and officially unsupported) mod for SuperSU that can selectively hide root (the su binary and package name) from other applications.

Pros
- Hides root on a per-app base, no need to globally disable root
- Doesn't need Xposed
- Even supports SuperSU's ancient app compatibility mode (BINDSYSTEMXBIN)
- Passes SafetyNet attestation by default on stock ROMs (last officially tested on 2016.10.07)

Cons
- Ultimately a losing game (see the next few posts)
- No GUI (at the moment) - Unofficial GUI by loserskater

Requirements
- SuperSU v2.78 SR1 or newer (link)
- SuperSU installed in systemless mode
- Android 6.0 or newer
- TWRP (3.0.2 or newer, with access to /data - link!) or FlashFire (link)

Xposed
Xposed is not currently officially supported, but if you want to use it directly, you must be using @topjohnwu 's systemless xposed v86.2 exactly (attached at the bottom). It seems to mostly work during my non-extensive testing, but there are still some performance issues (both boot-time and run-time). Proceed with caution, expect bootloop.

Alternatively, there are some reports that the latest Magisk version + the latest systemless xposed (for Magisk) also works. I have not personally tested this.

CyanogenMod
I've personally tested with CM13 on i9300 without issue, however, several users are reporting it doesn't work for them. Proceed with caution, expect bootloop. Also, aside from just flashing SuperSU, you need to make sure /system/bin/su and /system/xbin/su are removed, or CM's internal root will still be used.

Usage

Install/Upgrade
- Make sure you have the latest SuperSU version flashed in systemless mode
- Make sure you are using the latest TWRP or FlashFire version
- Remove any and all Xposed versions
- If you have been having issues, flash suhide-rm-vX.YY.zip first, and note that your blacklist has been lost.
- Flash the attached suhide-vX.YY.zip
- If you are upgrading from suhide v0.16 or older, reflash SuperSU ZIP, and note that your blacklist has been lost.
- Optionally, flash the Xposed version linked above, and pray

At first install SafetyNet is automatically blacklisted.

If you have just flashed a ROM, it is advised to let it fully boot at least once before installing suhide.

Uninstall
- Flash the attached suhide-rm-vX.YY.zip. The version may appear older, the uninstall script doesn't change very often.

Blacklisting an app
You need the UID (10000 to 99999, usually 10xxx) of the app, which can be tricky to find, or the process name. There may be a GUI for this at some point.

(Note that all commands below need to be executed from a root shell)

If you know the package name, ls -nld /data/data/packagename will show the UID - usually the 3rd column.

Similarly, for running apps, ps -n | grep packagename will also show the UID - usually the 1st column.

Note that the process name is often the same as the package name, but this is not always the case. UID is more reliable for identifying a specific app, and it is also faster than blocking based on process names.

When you know the UID or process name:
Add to blacklist: /su/suhide/add UID or /su/suhide/add processname
Remove from blacklist: /su/suhide/rm UID or /su/suhide/rm processname
List blacklist: /su/suhide/list

All running processes for that UID or process name need to be killed/restarted for su binary hiding. For SuperSU GUI hiding, the device needs to be restarted. I recommend just (soft-)rebooting your device after making any changes.

Please keep in mind that many apps store their rooted state, so you may need to clear their data (and then reboot).

Integration into SuperSU
This mod isn't stable, and probably will never be (see the next few posts). As SuperSU does aim to be stable, I don't think they're a good match. But who knows, it all depends on how things progress on the detection side.

Detections
This mod hides the su binary pretty well, and does a basic job of hiding the SuperSU GUI. The hiding is never perfect, and suhide itself is not undetectable either. This will never be a perfectly working solution.

Debugging bootloops
- Get your device in a booting state
- Make sure you have TWRP or a similar recovery
- Install LiveBoot (link)
- If you are not a LiveBoot Pro user, enable the Freeload option
- Enable the Save logs option
- Recreate the bootloop
- In TWRP, get /cache/liveboot.log , and ZIP+attach it to a post here.

Download
Attached below.

Any rm version should work to uninstall any suhide version.

There may be multiple versions of suhide attached, please look carefully which one you are downloading!

YOU ARE EXPLICITLY NOT ALLOWED TO REDISTRIBUTE THESE FILES

(pre-v0.51: 17410 downloads)
Attached Files
File Type: zip suhide-rm-v0.51.zip - [Click for QR Code] (4.6 KB, 70514 views)
File Type: zip suhide-v0.52.zip - [Click for QR Code] (230.1 KB, 8078 views)
File Type: zip suhide-0.53.zip - [Click for QR Code] (231.7 KB, 39538 views)
File Type: zip suhide-v0.54.zip - [Click for QR Code] (230.3 KB, 37910 views)
File Type: zip xposed-v86.2-sdk23-topjohnwu.zip - [Click for QR Code] (16.85 MB, 50850 views)
File Type: zip suhide-v0.55.zip - [Click for QR Code] (238.3 KB, 171486 views)
The Following 464 Users Say Thank You to Chainfire For This Useful Post: [ View ]
 
 
29th August 2016, 11:15 AM |#2  
Chainfire's Avatar
OP Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 85,986
 
Donate to Me
More
Hiding root: a losing game - rant du jour
Most apps that detect root fall into the payment, banking/investing, corporate security, or (anit cheating) gaming category.

While a lot of apps have their custom root detection routines, with the introduction of SafetyNet the situation for power users has become worse, as developers of those apps can now use a single API to check if the device is not obviously compromised.

SafetyNet is of course developed by Google, which means they can do some tricks that others may not be able to easily do, as they have better platform access and control. In its current incarnation, ultimately the detection routines still run as an unprivileged user and do not yet use information from expected-to-be-secure components such as the bootloader or TPM. In other words, even though they have slightly more access than a 3rd party app, they still have less access than a root app does.

Following from this is that as long as there is someone who is willing to put in the time and effort - and this can become very complex and time consuming very quickly - and SafetyNet keeps their detection routines in the same class, there will in theory always be a way to beat these detections.

While reading that may initially make some of you rejoice, this is in truth a bad thing. As an Android security engineer in Google's employ has stated, they need to "make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model".

The problem is that with a rooted device, it is ultimately not possible to guarantee said security model with the current class of SafetyNet tamper detection routines. The cat and mouse game currently being played out - SafetyNet detecting root, someone bypassing it, SafetyNet detecting it again, repeat - only serves to emphasize this point. The more we push this, the more obvious this becomes to all players involved, and the quicker SafetyNet (and similar solutions) will grow beyond their current limitations.

Ultimately, information will be provided and verified by bootloaders/TrustZone/SecureBoot/TIMA/TEE/TPM etc. (Samsung is already doing this with their KNOX/TIMA solutions). Parts of the device we cannot easily reach or patch, and thus there will come a time when these detection bypasses may no longer viable. This will happen regardless of our efforts, as you can be sure malware authors are working on this as well. What we power-users do may well influence the time-frame, however. If a bypass attains critical mass, it will be patched quickly.

More security requires more locking down. Ultimately these security features are about money - unbelievably large amounts of money. This while our precious unlocked bootloaders and root solutions are more of a developer and enthusiast thing. While we're all generally fond of shaking our fists at the likes of Google, Samsung, HTC, etc, it should be noted that there are people in all these companies actively lobbying to keep unlocked/unlockable devices available for us to play with, with the only limitation being that some financial/corporate stuff may not work if we play too hard.

It would be much easier (and safer from their perspective) for all these parties to simply plug that hole and fully lock down the platform (beyond 3rd party apps using only the normal APIs). Bypassing root checks en masse is nothing less than poking the bear.

Nevertheless, users want to hide their roots (so do malware authors...) and at least this implementation of suhide is a simple one. I still think it's a bad idea to do it. Then again, I think it's a bad idea to do anything financial related on Android smartphone that isn't completely clean, but that's just me.

Note that I have intentionally left out any debate on whether SafetyNet/AndroidPay/etc need to be this perfectly secure (most people do their banking on virus ridden Windows installations after all), who should get to decide which risk is worth taking, or even if Google and cohorts would be able to design the systems more robustly so the main app processor would not need to be trusted at all. (the latter could be done for Android Pay, but wouldn't necessarily solve anything for Random Banking App). While those are very interesting discussion points, ultimately it is Google who decides how they want this system to work, regardless of our opinions on the matter - and they want to secure it.
The Following 279 Users Say Thank You to Chainfire For This Useful Post: [ View ]
29th August 2016, 11:16 AM |#3  
Chainfire's Avatar
OP Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 85,986
 
Donate to Me
More
--- reserved ---
The Following 43 Users Say Thank You to Chainfire For This Useful Post: [ View ]
29th August 2016, 11:16 AM |#4  
Chainfire's Avatar
OP Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 85,986
 
Donate to Me
More
Changelogs
2016.10.10 - v0.55 - RELEASE NOTES
- Some code cleanup
- Support for blocking based on process name
- Should fix some crashes (requires uninstall/reinstall to activate)

2016.10.07 - v0.54 - RELEASE NOTES
- Fix for latest SafetyNet update

2016.09.19 - v0.53 - RELEASE NOTES
- Haploid container (monoploid)

2016.09.18 - v0.52 - see v0.51 release notes below
- Fix root loss on some firmwares

2016.09.18 - v0.51 - RELEASE NOTES
- Complete redesign
- Zygote proxying (haploid)
- Binder hijacking (diploid)
- su.d instead of ramdisk modification
- Xposed supported (-ish)

2016.09.04 - v0.16 - RELEASE NOTES
- Fix some SELinux access errors
- Should now work on devices that ask for a password/pattern/pin immediately at boot - for real this time!
- Binderjacking improvements for Nougat

2016.08.31 - v0.12 - RELEASE NOTES
- Fix some issues with suhide-add/rm scripts
- Fix not working at all on 32-bit devices
- Should now work on devices that ask for a password/pattern/pin immediately at boot
- Rudimentary GUI hiding
- No longer limited to arm/arm64 devices: support for x86/x86_64/mips/mips64 devices added

2016.08.29 - v0.01
- Initial release
The Following 82 Users Say Thank You to Chainfire For This Useful Post: [ View ]
29th August 2016, 02:11 PM |#5  
purian23's Avatar
Senior Member
Thanks Meter: 1,359
 
More
As always thank you Chainfire! I will try and edit this post.

Edit @Chainfire this seems to work for enabling Android Pay! I didn't get the chance to actually pay yet. But it did let me add my card and did not display the message about a failed authorization of Android check! Before I couldn't even get past that first screen.

Edit 2: @Chainfire It seems to of had an adverse effect on Snapchat. I cleared cache on the app, uninstalled and reinstalled and restarted. It kept Force closing after a photo no matter what. I used suhide-rm and it seems to have fixed the app from any issues. Thanks again and hopefully we'll get you some more reports. Either way your solution works!

Tested on stock rooted 7.0 Nexus 6p.
The Following 2 Users Say Thank You to purian23 For This Useful Post: [ View ] Gift purian23 Ad-Free
29th August 2016, 04:06 PM |#6  
Senior Member
Thanks Meter: 272
 
More
@Chainfire

What was your reason for doing this project?

Sent from my Nexus 6P using XDA-Developers mobile app
29th August 2016, 04:12 PM |#7  
Chainfire's Avatar
OP Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 85,986
 
Donate to Me
More
Quote:
Originally Posted by Ofthecats

What was your reason for doing this project?

For building it, curious if the method I came up with would work well. For releasing, if others are doing it, join them or be left behind.
The Following 33 Users Say Thank You to Chainfire For This Useful Post: [ View ]
29th August 2016, 04:42 PM |#8  
HamsterHam's Avatar
Senior Member
Thanks Meter: 479
 
More
I'm assuming with custom ROM android pay still won't work right?
29th August 2016, 05:12 PM |#9  
purian23's Avatar
Senior Member
Thanks Meter: 1,359
 
More
Quote:
Originally Posted by HamsterHam

I'm assuming with custom ROM android pay still won't work right?

I'd just give it a try. It's spoofing the specific app, not the entire ROM that matters. It's fairly simple to try.
29th August 2016, 05:30 PM |#10  
Member
Flag Preble
Thanks Meter: 5
 
More
Installed on LG G4 w/ V20g-EUR-XX update and rerooted with TWRP 3.0.2-0 and SuperSU-v2.76-2016063161323. seems to be working fine, for the moment. Thank you for the update.
The Following 2 Users Say Thank You to mtillapa For This Useful Post: [ View ] Gift mtillapa Ad-Free
29th August 2016, 05:45 PM |#11  
Senior Member
Flag Washington, DC
Thanks Meter: 28
 
More
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes