Remove All Ads from XDA

[Q] Need help bypassing Root-Check with Native Code, Some Source Code Available

49 posts
Thanks Meter: 9
 
By nightauthor, Member on 28th May 2016, 10:46 PM
Post Reply Email Thread
EDIT: Solution was posted to bypassing root-detection in the Amazon Flex App using a recently added feature to Security Bypasser 1.0.9.

****************
I have an Amazon app for doing contract deliveries for them, I need it to work on my rooted device. I'm pretty sure I've exhausted all other means of hiding root, as they are using native code (I think) to make one of their root checks.

They are implementing RootBeer to do their root-check. I have used APKTools to inspect the Amazon apk, coupled with reading through the source code for RootBeer I feel like I am just around the corner from getting this thing cracked.

UserAlertManager.smali has this line in it:
Code:
invoke-static {}, Lcom/scottyab/rootbeer/RootBeer;->checkForRootNative()Z
RootBeer.java has this:
Code:
 /**
     * Native checks are often harder to cloak/trick so here we call through to our native root checker
     * @return true if we found su | false if not
     */ 
 public boolean checkForRootNative() {

        String binaryName = "su";
        String[] paths = new String[Const.suPaths.length];
        for (int i = 0; i < paths.length; i++) {
            paths[i] = Const.suPaths[i]+binaryName;
        }

        RootBeerNative rootBeerNative = new RootBeerNative();
        rootBeerNative.setLogDebugMessages(true);
        return rootBeerNative.checkForRoot(paths) > 0;
    }
And rootBeerNative is:

Code:
package com.scottyab.rootbeer;

/**
 * Created by mat on 19/06/15.
 */
public class RootBeerNative {

    /**
     * Loads the C/C++ libraries statically
     */
    static {
        System.loadLibrary("tool-checker");
    }

    public native int checkForRoot(Object[] pathArray);
    public native int setLogDebugMessages(boolean logDebugMessages);

}

And below is about where I am at:

Code:
package com.deleonemail.fixdet;

import android.util.Log;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XC_MethodHook;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XposedBridge;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;

public class stopdet implements IXposedHookLoadPackage {
    public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {

        if (!lpparam.packageName.equals("com.amazon.rabbit"))
        return;

        findAndHookMethod("com.amazon.rabbit.android.presentation.alert.useralert.UserAlertManager", lpparam.classLoader, "checkForRootNative", new XC_MethodHook() {
            @Override
            protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                Log.v("rootbeer","grabbed UAM");
                param.setResult(false);
            }
        });
        //XposedBridge.log("we are in RootBeer!");
        //param.setResult(false);
    }
}
Any help getting this thing working right would be amazing!
The Following 2 Users Say Thank You to nightauthor For This Useful Post: [ View ] Gift nightauthor Ad-Free
29th May 2016, 08:38 AM |#2  
Setialpha's Avatar
Senior Member
Flag N├╝rnberg
Thanks Meter: 5,314
 
Donate to Me
More
Quote:
Originally Posted by nightauthor

Any help getting this thing working right would be amazing!

I was asked to add Amazon Flex support to my Xposed module and I just released it a few minutes ago. Check out Security Bypasser 1.0.9. You can check the source code. Your code is actually correct, but RootBeer has 5 more root checking functions active in Amazon Flex, that's why it still failed for you.

Amazon Flex' native library is "just" calling Java code, thus Xposed can easily override the functions. Other apps do stuff directly from native code, and that's much harder.
The Following 3 Users Say Thank You to Setialpha For This Useful Post: [ View ] Gift Setialpha Ad-Free
29th May 2016, 01:04 PM |#3  
Quote:
Originally Posted by Setialpha

I was asked to add Amazon Flex support to my Xposed module and I just released it a few minutes ago. Check out Security Bypasser 1.0.9. You can check the source code. Your code is actually correct, but RootBeer has 5 more root checking functions active in Amazon Flex, that's why it still failed for you.

Amazon Flex' native library is "just" calling Java code, thus Xposed can easily override the functions. Other apps do stuff directly from native code, and that's much harder.

Thank you so much, this works perfectly. I'll definitely give the source a look. I didnt think to get into the other stuff because looking at the LogCat I only saw the xbin/su being detected, so I figured I needed to stop that and maybe move on from there.
29th May 2016, 01:37 PM |#4  
I guess I was doing something wrong with the log command, because I never saw anything come up in my Logcat when trying to hook anything other than rabbit. I also wasnt sure about the "com.scottyab.rootbeer.RootBeer.isAnyPackageFromLi stInstalled())", didnt know if I needed rootbeer.RootBeer or just rootbeer.METHOD(). Thanks for your work and the great reference material.

I was concerned that this process might be harder than it was, because I thought surely someone would have done it already. And it seems you beet me to it, it was a learning experience, spent countless hours the past 1.5 days reading about Xposed, trying to make a module, figuring out that Instant Run in Android Studio sucks. And a bunch of other little things that took way too long to figure out. But here I am, pretty damn close to actually knowing how to hook and override a method.
The Following User Says Thank You to nightauthor For This Useful Post: [ View ] Gift nightauthor Ad-Free
25th December 2016, 09:47 PM |#5  
zerosource's Avatar
Senior Member
Thanks Meter: 22
 
More
how did it go?
15th March 2017, 09:55 PM |#6  
Junior Member
Thanks Meter: 0
 
More
Root-detection is no-longer bypassed
Amazon turned on some kind of new root-checking functionality in Amazon Flex today. No method of root-hiding seems to work at this moment. Not hiding the binary, not Security Bypasser, etc.

Can anything be done about this? It's kind of a big deal.
15th March 2017, 11:35 PM |#7  
Quote:
Originally Posted by _kauffy_

Amazon turned on some kind of new root-checking functionality in Amazon Flex today. No method of root-hiding seems to work at this moment. Not hiding the binary, not Security Bypasser, etc.

Can anything be done about this? It's kind of a big deal.

I updated just an hour ago, and while something had changed as far as the functionality of my script, the app did not seem to notice my phone being rooted at all.
Due to the changes on the offers page causing issues with my script, I reverted (I had created a backup on titanium backup). I will need to do some more testing later, but for now, I am going to keep using this version of the app for as long as I possibly can.
The Following User Says Thank You to nightauthor For This Useful Post: [ View ] Gift nightauthor Ad-Free
16th March 2017, 06:50 AM |#8  
Junior Member
Thanks Meter: 0
 
More
Still a problem with mine..
Quote:
Originally Posted by nightauthor

I updated just an hour ago, and while something had changed as far as the functionality of my script, the app did not seem to notice my phone being rooted at all.
Due to the changes on the offers page causing issues with my script, I reverted (I had created a backup on titanium backup). I will need to do some more testing later, but for now, I am going to keep using this version of the app for as long as I possibly can.

What market are you in? It may be they haven't pushed this to all the markets yet.

Also, what are you using root for in this case? I think it may be the same as I am. Curious how you did it, though we might want to take this conversation out of public view.
23rd April 2017, 06:22 PM |#9  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by nightauthor

I updated just an hour ago, and while something had changed as far as the functionality of my script, the app did not seem to notice my phone being rooted at all.
Due to the changes on the offers page causing issues with my script, I reverted (I had created a backup on titanium backup). I will need to do some more testing later, but for now, I am going to keep using this version of the app for as long as I possibly can.

Im using the module on the amazon version 3.0.5947.2 and is working fine. Thanks for the module.
4th May 2017, 10:04 AM |#10  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by Anonymus1725

Im using the module on the amazon version 3.0.5947.2 and is working fine. Thanks for the module.

Do you have the apk for your version, and can you get it to me? Thanks!
6th May 2017, 02:16 AM |#11  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by CommanderZurek

Do you have the apk for your version, and can you get it to me? Thanks!



I dont have the phone now its in a repair shop, and I have a SD but I dont have a SD card reader. when I have Back I can check if I have the APK.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes