FORUMS
Remove All Ads from XDA

[MOD][XPOSED][4.0+] RootCloak - Completely Hide Root from Specific Apps [2014-01-14]

134 posts
Thanks Meter: 295
 
Post Reply Email Thread
19th December 2013, 10:10 PM |#21  
OP Senior Member
Thanks Meter: 295
 
More
Quote:
Originally Posted by allholy1

How does an app detect root access using the NDK? Google search isn't returning any answers.

using the NDK allows you to do native calls/standard library functions directly. For example, Web TV by Stofa use fopen and access to check for the existence of the su binary. Here's (more or less) the assembly code from the library:

Code:
MOV	R0, R10		; filename
MOVS	R1, R4		; modes
BLX	fopen
CMP	R0, #0
BEQ	loc_1234A
loc_1234A
LDR	R0, =(aSbinSu - 0x217AA)
MOVS	R1, #0		; type
ADD	R0, PC		; "/sbin/su"
BLX	access
CMP	R0, #0
BNE	loc_1235B
Edit: Another example is the Barclays Mobile Banking app. Unless there is a way to avoid using a File constructor to access the file system in Java, it is using a native library instead: Here is the sequence when watching using FileObserver:

Code:
OPEN:/system/xbin/su
ACCESS:/system/xbin/su
ACCESS:/system/xbin/su
19th December 2013, 11:08 PM |#22  
SUer's Avatar
Senior Member
Thanks Meter: 117
 
More
Quote:
Originally Posted by devadvance

using the NDK allows you to do native calls/standard library functions directly. For example, Web TV by Stofa use fopen and access to check for the existence of the su binary. Here's (more or less) the assembly code from the library:

Code:
MOVR0, R10; filename
MOVSR1, R4; modes
BLXfopen
CMPR0, #0
BEQloc_1234A
loc_1234A
LDRR0, =(aSbinSu - 0x217AA)
MOVSR1, #0; type
ADDR0, PC; "/sbin/su"
BLXaccess
CMPR0, #0
BNEloc_1235B
Edit: Another example is the Barclays Mobile Banking app. Unless there is a way to avoid using a File constructor to access the file system in Java, it is using a native library instead: Here is the sequence when watching using FileObserver:

Code:
OPEN:/system/xbin/su
ACCESS:/system/xbin/su
ACCESS:/system/xbin/su

Yeah, gutted to report it doesn't work for me on the Barclay's app. Would have been a nice Xmas present if this was sorted.

Sent from my Nexus 5 using Tapatalk
20th December 2013, 12:41 AM |#23  
Emp_M's Avatar
Member
Flag NSW
Thanks Meter: 6
 
More
Hey, just letting you know that RootCloak successfully hides root from ParcelSend.
The Following User Says Thank You to Emp_M For This Useful Post: [ View ] Gift Emp_M Ad-Free
20th December 2013, 12:58 AM |#24  
Junior Member
Thanks Meter: 0
 
More
Good For Enterprise: Compliance Check Failed
20th December 2013, 03:17 AM |#25  
Senior Member
Thanks Meter: 146
 
More
Quote:
Originally Posted by nt1001

Good For Enterprise: Compliance Check Failed

****! I had high hopes for this module as root is holding me back from getting my corporate email on my Nexus. Still need to carry around by wifi-only 3GS until this gets figured out.
20th December 2013, 09:19 AM |#26  
Member
Flag Elsewhere...
Thanks Meter: 3
 
More
Quote:
Originally Posted by devadvance

It hides "which" and "busybox", but not all of the symlinks. However, I'll take a look at the Citrix app to see if does that. The problem is that busybox being installed doesn't necessarily indicate a device is rooted.

Hello,

I have a bad news and a very good news...

I start with the bad: I'm totaly stupid. I did all my test about Worx with you're xposed module not activated... Yes I know....
And now the very good one, Citrix Worx see me un-rooted !!! Thanks Father Xmas ! You're my hero !

I hope you didn't work to hard on the case...
I'm realy sorry !

C-dric
The Following 2 Users Say Thank You to c-dric For This Useful Post: [ View ] Gift c-dric Ad-Free
20th December 2013, 03:17 PM |#27  
OP Senior Member
Thanks Meter: 295
 
More
Quote:
Originally Posted by c-dric

Hello,

I have a bad news and a very good news...

I start with the bad: I'm totaly stupid. I did all my test about Worx with you're xposed module not activated... Yes I know....
And now the very good one, Citrix Worx see me un-rooted !!! Thanks Father Xmas ! You're my hero !

I hope you didn't work to hard on the case...
I'm realy sorry !

C-dric

Glad to hear it ended up working while i don't mind the challenge of a bunch of other apps not working, its nice having a few that do!
20th December 2013, 03:40 PM |#28  
Member
Thanks Meter: 9
 
More
I'm testing Airwatch MDM with the current version of RootCloak, and it doesn't appear to be working. My phone is encrypted as well. I could test more builds to see if any fixes solve this.



Sent from my Nexus 5 using Tapatalk
20th December 2013, 04:14 PM |#29  
omondisingh's Avatar
Senior Member
Flag Colnbrook
Thanks Meter: 63
 
More
Barclays Mobile Banking - Barclays - https://play.google.com/store/apps/d...smobilebanking

Root Detected.
The Following User Says Thank You to omondisingh For This Useful Post: [ View ] Gift omondisingh Ad-Free
20th December 2013, 09:30 PM |#30  
Martinhdk's Avatar
Senior Member
Thanks Meter: 34
 
More
Not working on HBO Nordic, yet
20th December 2013, 11:55 PM |#31  
LeftyGR's Avatar
Senior Member
Flag Bloomington, IL
Thanks Meter: 1,722
 
More
Successfully works with Flixster!

♢NoteIII♢
The Following User Says Thank You to LeftyGR For This Useful Post: [ View ] Gift LeftyGR Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes