scottyab/rootbeer scottyab/rootbeer

  • Stars
    star
    2,439
  • Rank 18,861 (Top 0.4 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created over 9 years ago
  • Updated 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
scottyab/rootbeer
github

scottyab

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simple to use root checking Android library and sample app

RootBeer app icon

RootBeer

A tasty root checker library and sample app. We've scoured the internets for different methods of answering that age old question... Has this device got root?

Root checks

These are the current checks/tricks we are using to give an indication of root.

Java checks

  • checkRootManagementApps
  • checkPotentiallyDangerousApps
  • checkRootCloakingApps
  • checkTestKeys
  • checkForDangerousProps
  • checkForBusyBoxBinary
  • checkForSuBinary
  • checkSuExists
  • checkForRWSystem

Native checks

We call through to our native root checker to run some of its own checks. Native checks are typically harder to cloak, so some root cloak apps just block the loading of native libraries that contain certain keywords.

  • checkForSuBinary

Disclaimer and limitations!

We love root! both Scott and Mat (the creators) own and use rooted devices (albeit not as daily driver). However we appreciate it can be useful to have an indication your app is running on a rooted device. Plus as hackday style project we wanted to see if we could beat the root cloakers at the time in 2015.

Remember root==god, so there's no 100% guaranteed way to check for root! treat this as an indication of root.

Root cloakers

In 2015 we successfully tested Rootbeer and it flagged an indication of root when testing with the following root cloak apps. However Rootbeer was defeated when using a combination of the root cloakers activated at the same time.

Tested cloakers:

Usage

RootBeer rootBeer = new RootBeer(context);
if (rootBeer.isRooted()) {
    //we found indication of root
} else {
    //we didn't find indication of root
}

You can also call each of the checks individually as the sample app does. It is advisable to call isRooted() from a background thread as it involves disk I/O.

False positives

Manufacturers often leave the busybox binary in production builds and this doesn't always mean that a device is root. We have removed the busybox check we used to include as standard in the isRooted() method to avoid these false positives.

If you want to detect the busybox binary in your app you can use checkForBinary(BINARY_BUSYBOX) to detect it alone, or as part of the complete root detection method:

rootBeer.isRootedWithBusyBoxCheck();

The following devices are known the have the busybox binary present on the stock rom:

  • All OnePlus Devices
  • Moto E
  • OPPO R9m (ColorOS 3.0,Android 5.1,Android security patch January 5, 2018 )

Dependency

Available on maven central, to include using Gradle just add the following:

dependencies {
    implementation 'com.scottyab:rootbeer-lib:0.1.0'
}

Or use this Jitpack.io link

Building

The native library in this application will now be built via Gradle and the latest Android Studio without having to resort to the command line. However the .so files are also distributed in this repository for those who cannot compile using the NDK for some reason.

Sample app

The sample app is published on Google play to allow you to quickly and easier test the library. Enjoy! And please do feedback to us if your tests produce different results.

Get it on Google Play

screenshot

Contributing

There must be more root checks to make this more complete. If you have one please do send us a pull request.

Thanks

Other libraries

If you dig this, you might like:

Licence

Apache License, Version 2.0

Copyright (C) 2015, Scott Alexander-Bown, Mat Rollings

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

More Repositories

1

secure-preferences

Android Shared preference wrapper than encrypts the values of Shared Preferences. It's not bullet proof security but rather a quick win for incrementally making your android app more secure.
Java
1,526
star
2

AESCrypt-Android

Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt
Java
640
star
3

showhidepasswordedittext

Show/Hide Password EditText is a very simple extension of Android's EditText that puts a clickable hide/show icon in the right hand side of the EditText that allows showing of the password.
Java
557
star
4

safetynethelper

SafetyNet Helper wraps the Google Play Services SafetyNet.API and verifies Safety Net API response with the Android Device Verification API.
Java
331
star
5

ssl-pin-generator

Simple jar to generate SSL pins based on a certificate's public key. Pins are base-64 SHA-1 hashes by default.
Java
94
star
6

androidkeystore

This started out as the sample project from Android sdk modified folder structure to for eclipse.
Java
53
star
7

HeartBeatView

Simple custom view of a beating heart using scaling animation.
Java
44
star
8

FuzzyDateAndroid

Create more relax human reabable dates and times just like twitter, stackoverflow.
Java
19
star
9

android-device-stats

Device Stats is a designs for people developing Android apps to quickly and easier see the exact specs of a device. Ideal for test devices where you aren't 100% sure on the resource qualifiers.
Java
12
star
10

android-environment-configuration-sample

Sample app used in blog post to illustrate a way of externallising config strings and adding DexGuard protection
Java
5
star
11

restart-counter-android

Simple app to count the number of restarts
Java
2
star
12

sample-location-based-image-tracker

Interview sample Location based image tracker that uses Flickr
Kotlin
1
star
13

meetup-java-client

Automatically exported from code.google.com/p/meetup-java-client
Java
1
star
14

EmbedExample

Standalone example app and library that used FatAAR plugin. Created to diagnose build issue we are seeing with production project
Kotlin
1
star
15

scottyab

Personal about me page
1
star