确定是否在根设备上运行

一些修改的版本用于为此目的设置系统属性 ro.modversion。事情似乎已经发生了变化;我几个月前在TheDude上的构建是这样的:

cmb@apollo:~$ adb -d shell getprop |grep build
[ro.build.id]: [CUPCAKE]
[ro.build.display.id]: [htc_dream-eng 1.5 CUPCAKE eng.TheDudeAbides.20090427.235325 test-keys]
[ro.build.version.incremental]: [eng.TheDude.2009027.235325]
[ro.build.version.sdk]: [3]
[ro.build.version.release]: [1.5]
[ro.build.date]: [Mon Apr 20 01:42:32 CDT 2009]
[ro.build.date.utc]: [1240209752]
[ro.build.type]: [eng]
[ro.build.user]: [TheDude]
[ro.build.host]: [ender]
[ro.build.tags]: [test-keys]
[ro.build.product]: [dream]
[ro.build.description]: [kila-user 1.1 PLAT-RC33 126986 ota-rel-keys,release-keys]
[ro.build.fingerprint]: [tmobile/kila/dream/trout:1.1/PLAT-RC33/126986:user/ota-rel-keys,release-keys]
[ro.build.changelist]: [17615# end build properties]

另一方面，来自1.5 SDK的模拟器，运行1.5镜像，也有根，可能类似于Android Dev Phone 1(你大概想要允许)，并有:

cmb@apollo:~$ adb -e shell getprop |grep build
[ro.build.id]: [CUPCAKE]
[ro.build.display.id]: [sdk-eng 1.5 CUPCAKE 148875 test-keys]
[ro.build.version.incremental]: [148875]
[ro.build.version.sdk]: [3]
[ro.build.version.release]: [1.5]
[ro.build.date]: [Thu May 14 18:09:10 PDT 2009]
[ro.build.date.utc]: [1242349750]
[ro.build.type]: [eng]
[ro.build.user]: [android-build]
[ro.build.host]: [undroid16.mtv.corp.google.com]
[ro.build.tags]: [test-keys]
[ro.build.product]: [generic]
[ro.build.description]: [sdk-eng 1.5 CUPCAKE 148875 test-keys]
[ro.build.fingerprint]: [generic/sdk/generic/:1.5/CUPCAKE/148875:eng/test-keys]

至于零售构建，我手头没有，但在site:xda-developers.com下的各种搜索都是有信息的。这里是一个G1在荷兰，你可以看到ro.build.tags没有test-keys，我认为这可能是最可靠的属性。

另外两个方法，如果你想检查一个设备在你的应用程序中是否具有根功能:

1. 检查是否存在'su'二进制文件:从Runtime.getRuntime().exec()执行"which su"
2. 在/system/app/Superuser.apk位置中查找SuperUser.apk

以下是我的代码，基于这里的一些答案:

 /**
* Checks if the phone is rooted.
*
* @return <code>true</code> if the phone is rooted, <code>false</code>
* otherwise.
*/
public static boolean isPhoneRooted() {


// get from build info
String buildTags = android.os.Build.TAGS;
if (buildTags != null && buildTags.contains("test-keys")) {
return true;
}


// check if /system/app/Superuser.apk is present
try {
File file = new File("/system/app/Superuser.apk");
if (file.exists()) {
return true;
}
} catch (Throwable e1) {
// ignore
}


return false;
}

RootTools库提供了简单的方法来检查根:

RootTools.isRootAvailable()

Reference .

下面是一个类，它将以三种方式之一检查Root。

/** @author Kevin Kowalewski */
public class RootUtil {
public static boolean isDeviceRooted() {
return checkRootMethod1() || checkRootMethod2() || checkRootMethod3();
}


private static boolean checkRootMethod1() {
String buildTags = android.os.Build.TAGS;
return buildTags != null && buildTags.contains("test-keys");
}


private static boolean checkRootMethod2() {
String[] paths = { "/system/app/Superuser.apk", "/sbin/su", "/system/bin/su", "/system/xbin/su", "/data/local/xbin/su", "/data/local/bin/su", "/system/sd/xbin/su",
"/system/bin/failsafe/su", "/data/local/su", "/su/bin/su"};
for (String path : paths) {
if (new File(path).exists()) return true;
}
return false;
}


private static boolean checkRootMethod3() {
Process process = null;
try {
process = Runtime.getRuntime().exec(new String[] { "/system/xbin/which", "su" });
BufferedReader in = new BufferedReader(new InputStreamReader(process.getInputStream()));
if (in.readLine() != null) return true;
return false;
} catch (Throwable t) {
return false;
} finally {
if (process != null) process.destroy();
}
}
}

你可以使用isAccessGiven()代替isRootAvailable()。直接从RootTools 维基:

if (RootTools.isAccessGiven()) {
// your app has been granted root access
}

RootTools.isAccessGiven()不仅检查设备是否已根，它还检查设备是否已根 也为你的应用程序调用su，请求权限，如果返回true 您的应用程序已成功授予根权限。可以使用这个 作为在你的应用程序中的第一个检查，以确保你将被授予

参考

在我的应用程序中，我通过执行“su”命令检查设备是否根。但是今天我删除了这部分代码。为什么?

因为我的应用程序成了内存杀手。怎么做?让我告诉你我的故事。

$ adb shell ps

使震惊;我的应用程序有许多进程(应用程序的进程标签在manifest上)。有些是僵尸，有些不是。

对于一个只有一个Activity并只执行“su”命令的示例应用程序，我意识到在每次启动应用程序时都会创建一个僵尸进程。起初，这些僵尸进程分配0KB，但后来发生了一些事情，僵尸进程与我的应用程序的主进程占用了几乎相同的kb，它们成为了标准进程。

在bugs.sun.com上有一个关于相同问题的错误报告:http://bugs.sun.com/view_bug.do?bug_id=6474073这解释了如果命令没有找到，将使用exec()方法创建僵尸。但我仍然不明白它们为什么以及如何成为标准流程并保持重要的kb。(这并不是一直都在发生)

你可以尝试如果你想下面的代码示例;

String commandToExecute = "su";
executeShellCommand(commandToExecute);

简单的命令执行方法;

private boolean executeShellCommand(String command){
Process process = null;
try{
process = Runtime.getRuntime().exec(command);
return true;
} catch (Exception e) {
return false;
} finally{
if(process != null){
try{
process.destroy();
}catch (Exception e) {
}
}
}
}

总结:总结;我没有建议你确定设备是否扎根。但如果我是你，我不会使用Runtime.getRuntime().exec()。

顺便说一下;RootTools.isRootAvailable()也会引起同样的问题。

进一步@Kevins的回答，我最近在使用他的系统时发现，Nexus 7.1为所有三个方法返回false——没有which命令，没有test-keys和SuperSU没有安装在/system/app中。

我补充说:

public static boolean checkRootMethod4(Context context) {
return isPackageInstalled("eu.chainfire.supersu", context);
}


private static boolean isPackageInstalled(String packagename, Context context) {
PackageManager pm = context.getPackageManager();
try {
pm.getPackageInfo(packagename, PackageManager.GET_ACTIVITIES);
return true;
} catch (NameNotFoundException e) {
return false;
}
}

这在某些情况下略微少有用(如果你需要保证根访问)，因为SuperSU完全有可能安装在没有SU访问的设备上。

然而，由于SuperSU可以安装并工作在/system/app目录中的不，这个额外的情况将会根除(哈哈)这样的情况。

这确实是一个有趣的问题，到目前为止还没有人获奖。我使用以下代码:

  boolean isRooted() {
try {
ServerSocket ss = new ServerSocket(81);
ss.close();
return true;
} catch (Exception e) {
// not sure
}
return false;
}

代码当然不是无懈可击的，因为网络可能不可用，所以会出现异常。如果该方法返回true，则99%可以确定，否则只有50%不确定。网络权限也可能破坏解决方案。

http://code.google.com/p/roottools/

如果您不想使用jar文件只需使用代码:

public static boolean findBinary(String binaryName) {
boolean found = false;
if (!found) {
String[] places = { "/sbin/", "/system/bin/", "/system/xbin/",
"/data/local/xbin/", "/data/local/bin/",
"/system/sd/xbin/", "/system/bin/failsafe/", "/data/local/" };
for (String where : places) {
if (new File(where + binaryName).exists()) {
found = true;


break;
}
}
}
return found;
}

程序将尝试查找su文件夹:

private static boolean isRooted() {
return findBinary("su");
}

< em >例子:< / em >

if (isRooted()) {
textView.setText("Device Rooted");


} else {
textView.setText("Device Unrooted");
}

使用我的rootbox库非常简单。检查所需的代码如下:

    //Pass true to <Shell>.start(...) call to run as superuser
Shell shell = null;
try {
shell = Shell.start(true);
} catch (IOException exception) {
exception.printStackTrace();
}
if (shell == null)
// We failed to execute su binary
return;
if (shell.isRoot()) {
// Verified running as uid 0 (root), can continue with commands
...
} else
throw Exception("Unable to gain root access. Make sure you pressed Allow/Grant in superuser prompt.");

    public static boolean isRootAvailable(){
Process p = null;
try{
p = Runtime.getRuntime().exec(new String[] {"su"});
writeCommandToConsole(p,"exit 0");
int result = p.waitFor();
if(result != 0)
throw new Exception("Root check result with exit command " + result);
return true;
} catch (IOException e) {
Log.e(LOG_TAG, "Su executable is not available ", e);
} catch (Exception e) {
Log.e(LOG_TAG, "Root is unavailable ", e);
}finally {
if(p != null)
p.destroy();
}
return false;
}
private static String writeCommandToConsole(Process proc, String command, boolean ignoreError) throws Exception{
byte[] tmpArray = new byte[1024];
proc.getOutputStream().write((command + "\n").getBytes());
proc.getOutputStream().flush();
int bytesRead = 0;
if(proc.getErrorStream().available() > 0){
if((bytesRead = proc.getErrorStream().read(tmpArray)) > 1){
Log.e(LOG_TAG,new String(tmpArray,0,bytesRead));
if(!ignoreError)
throw new Exception(new String(tmpArray,0,bytesRead));
}
}
if(proc.getInputStream().available() > 0){
bytesRead = proc.getInputStream().read(tmpArray);
Log.i(LOG_TAG, new String(tmpArray,0,bytesRead));
}
return new String(tmpArray);
}

if [[ "`adb shell which su | grep -io "permission denied"`" != "permission denied" ]]; then
echo "Yes. Rooted device."
else
echo "No. Device not rooted. Only limited tasks can be performed. Done."
zenity --warning --title="Device Not Rooted" --text="The connected Android Device is <b>NOT ROOTED</b>. Only limited tasks can be performed." --no-wrap
fi

如果你已经在使用Fabric/Firebase Crashlytics，你可以打电话

CommonUtils.isRooted(context)

这是该方法的当前实现:

public static boolean isRooted(Context context) {
boolean isEmulator = isEmulator(context);
String buildTags = Build.TAGS;
if (!isEmulator && buildTags != null && buildTags.contains("test-keys")) {
return true;
} else {
File file = new File("/system/app/Superuser.apk");
if (file.exists()) {
return true;
} else {
file = new File("/system/xbin/su");
return !isEmulator && file.exists();
}
}
}


public static boolean isEmulator(Context context) {
String androidId = Secure.getString(context.getContentResolver(), "android_id");
return "sdk".equals(Build.PRODUCT) || "google_sdk".equals(Build.PRODUCT) || androidId == null;
}

Java级别的根检查不是一个安全的解决方案。如果您的应用程序在root设备上运行有安全问题，那么请使用此解决方案。

凯文的答案是有效的，除非手机也有像RootCloak这样的应用程序。这样的应用程序有一个对Java api的句柄，一旦手机是根的，他们模仿这些api来返回手机不是根的。

我已经写了一个原生级别的代码基于凯文的答案，它甚至与RootCloak !此外，它不会导致任何内存泄漏问题。

#include <string.h>
#include <jni.h>
#include <time.h>
#include <sys/stat.h>
#include <stdio.h>
#include "android_log.h"
#include <errno.h>
#include <unistd.h>
#include <sys/system_properties.h>


JNIEXPORT int JNICALL Java_com_test_RootUtils_checkRootAccessMethod1(
JNIEnv* env, jobject thiz) {




//Access function checks whether a particular file can be accessed
int result = access("/system/app/Superuser.apk",F_OK);


ANDROID_LOGV( "File Access Result %d\n", result);


int len;
char build_tags[PROP_VALUE_MAX]; // PROP_VALUE_MAX from <sys/system_properties.h>.
len = __system_property_get(ANDROID_OS_BUILD_TAGS, build_tags); // On return, len will equal (int)strlen(model_id).
if(strcmp(build_tags,"test-keys") == 0){
ANDROID_LOGV( "Device has test keys\n", build_tags);
result = 0;
}
ANDROID_LOGV( "File Access Result %s\n", build_tags);
return result;


}


JNIEXPORT int JNICALL Java_com_test_RootUtils_checkRootAccessMethod2(
JNIEnv* env, jobject thiz) {
//which command is enabled only after Busy box is installed on a rooted device
//Outpput of which command is the path to su file. On a non rooted device , we will get a null/ empty path
//char* cmd = const_cast<char *>"which su";
FILE* pipe = popen("which su", "r");
if (!pipe) return -1;
char buffer[128];
std::string resultCmd = "";
while(!feof(pipe)) {
if(fgets(buffer, 128, pipe) != NULL)
resultCmd += buffer;
}
pclose(pipe);


const char *cstr = resultCmd.c_str();
int result = -1;
if(cstr == NULL || (strlen(cstr) == 0)){
ANDROID_LOGV( "Result of Which command is Null");
}else{
result = 0;
ANDROID_LOGV( "Result of Which command %s\n", cstr);
}
return result;


}


JNIEXPORT int JNICALL Java_com_test_RootUtils_checkRootAccessMethod3(
JNIEnv* env, jobject thiz) {




int len;
char build_tags[PROP_VALUE_MAX]; // PROP_VALUE_MAX from <sys/system_properties.h>.
int result = -1;
len = __system_property_get(ANDROID_OS_BUILD_TAGS, build_tags); // On return, len will equal (int)strlen(model_id).
if(len >0 && strstr(build_tags,"test-keys") != NULL){
ANDROID_LOGV( "Device has test keys\n", build_tags);
result = 0;
}


return result;


}

在Java代码中，需要创建包装器类RootUtils来进行本机调用

    public boolean checkRooted() {


if( rootUtils.checkRootAccessMethod3()  == 0 || rootUtils.checkRootAccessMethod1()  == 0 || rootUtils.checkRootAccessMethod2()  == 0 )
return true;
return false;
}

这里列出的许多答案都有内在的问题:

• 检查测试键与根访问相关，但不一定能保证它
• “PATH”目录应该从实际的“PATH”环境变量派生而不是硬编码
• “su”可执行文件的存在并不一定意味着该设备已经扎根
• “which”可执行文件可能被安装，也可能没有被安装，如果可能的话，您应该让系统解析其路径
• 仅仅因为SuperUser应用程序安装在设备上并不意味着设备具有根访问权限

来自Stericson的RootTools库似乎更合法地检查root。它还有很多额外的工具和实用程序，所以我强烈推荐它。然而，并没有解释它是如何专门检查根目录的，而且它可能比大多数应用程序真正需要的要重一些。

我已经创建了几个基于RootTools库的实用程序方法。如果你只是想检查“su”可执行文件是否在设备上，你可以使用以下方法:

public static boolean isRootAvailable(){
for(String pathDir : System.getenv("PATH").split(":")){
if(new File(pathDir, "su").exists()) {
return true;
}
}
return false;
}

这个方法简单地遍历“PATH”环境变量中列出的目录，并检查其中是否存在“su”文件。

为了真正检查root访问权限，必须实际运行“su”命令。如果安装了一个像SuperUser这样的应用程序，那么在这一点上它可能会要求root访问，或者如果它已经被授予/拒绝，吐司可能会显示是否授予/拒绝访问。一个很好的命令是“id”，这样您可以验证用户id实际上是0(根)。

下面是一个示例方法来确定是否授予了根访问权:

public static boolean isRootGiven(){
if (isRootAvailable()) {
Process process = null;
try {
process = Runtime.getRuntime().exec(new String[]{"su", "-c", "id"});
BufferedReader in = new BufferedReader(new InputStreamReader(process.getInputStream()));
String output = in.readLine();
if (output != null && output.toLowerCase().contains("uid=0"))
return true;
} catch (Exception e) {
e.printStackTrace();
} finally {
if (process != null)
process.destroy();
}
}


return false;
}

实际测试运行"su"命令是很重要的，因为一些模拟器已经预安装了"su"可执行文件，但只允许某些用户像adb shell一样访问它。

在尝试运行“su”可执行文件之前检查它的存在也是很重要的，因为android已经知道不会正确地处理试图运行缺失命令的进程。随着时间的推移，这些幽灵进程会消耗大量内存。

RootBeer是一个根检查Android库由Scott和Matthew。 它使用各种检查来指示设备是否已根

Java检查

• CheckRootManagementApps

• CheckPotentiallyDangerousAppss

• CheckRootCloakingApps

• CheckTestKeys

• checkForDangerousProps

• checkForBusyBoxBinary

• checkForSuBinary

• checkSuExists

• checkForRWSystem

本地检查

我们调用本地根检查器来运行它自己的一些检查 检查。本地检查通常很难隐藏，所以一些根 斗篷应用程序只是阻止加载本机库包含 某些关键字。

• checkForSuBinary

#include <jni.h>
#include <string>




/**
*
* function that checks for the su binary files and operates even if
* root cloak is installed
* @return integer 1: device is rooted, 0: device is not
*rooted
*/
extern "C"
JNIEXPORT int JNICALL




Java_com_example_user_root_1native_rootFunction(JNIEnv *env,jobject thiz){
const char *paths[] ={"/system/app/Superuser.apk", "/sbin/su", "/system/bin/su",
"/system/xbin/su", "/data/local/xbin/su", "/data/local/bin/su", "/system/sd/xbin/su",
"/system/bin/failsafe/su", "/data/local/su", "/su/bin/su"};


int counter =0;
while (counter<9){
if(FILE *file = fopen(paths[counter],"r")){
fclose(file);
return 1;
}
counter++;
}
return 0;
}

您将从java代码中调用该函数，如下所示

public class Root_detect {






/**
*
* function that calls a native function to check if the device is
*rooted or not
* @return boolean: true if the device is rooted, false if the
*device is not rooted
*/
public boolean check_rooted(){


int checker = rootFunction();


if(checker==1){
return true;
}else {
return false;
}
}
static {
System.loadLibrary("cpp-root-lib");//name of your cpp file
}


public native int rootFunction();
}

更新2017

你现在可以用谷歌安全网络API来做。SafetyNet API提供了认证API，它可以帮助您评估应用程序运行的Android环境的安全性和兼容性。

这种认证可以帮助确定特定设备是否被篡改或修改过。

认证API返回如下所示的JWS响应

{
"nonce": "R2Rra24fVm5xa2Mg",
"timestampMs": 9860437986543,
"apkPackageName": "com.package.name.of.requesting.app",
"apkCertificateDigestSha256": ["base64 encoded, SHA-256 hash of the
certificate used to sign requesting app"],
"apkDigestSha256": "base64 encoded, SHA-256 hash of the app's APK",
"ctsProfileMatch": true,
"basicIntegrity": true,
}

解析此响应可以帮助您确定设备是否已扎根

根设备似乎导致ctsProfileMatch=false。

您可以在客户端执行，但建议在服务器端解析响应。 一个基本的客户端服务器架构与安全网API将看起来像这样:-

JAVA包装程序:

package com.kozhevin.rootchecks.util;




import android.support.annotation.NonNull;


import com.kozhevin.rootchecks.BuildConfig;


public class MeatGrinder {
private final static String LIB_NAME = "native-lib";
private static boolean isLoaded;
private static boolean isUnderTest = false;


private MeatGrinder() {


}


public boolean isLibraryLoaded() {
if (isLoaded) {
return true;
}
try {
if(isUnderTest) {
throw new UnsatisfiedLinkError("under test");
}
System.loadLibrary(LIB_NAME);
isLoaded = true;
} catch (UnsatisfiedLinkError e) {
if (BuildConfig.DEBUG) {
e.printStackTrace();
}
}
return isLoaded;
}


public native boolean isDetectedDevKeys();


public native boolean isDetectedTestKeys();


public native boolean isNotFoundReleaseKeys();


public native boolean isFoundDangerousProps();


public native boolean isPermissiveSelinux();


public native boolean isSuExists();


public native boolean isAccessedSuperuserApk();


public native boolean isFoundSuBinary();


public native boolean isFoundBusyboxBinary();


public native boolean isFoundXposed();


public native boolean isFoundResetprop();


public native boolean isFoundWrongPathPermission();


public native boolean isFoundHooks();


@NonNull
public static MeatGrinder getInstance() {
return InstanceHolder.INSTANCE;
}


private static class InstanceHolder {
private static final MeatGrinder INSTANCE = new MeatGrinder();
}
}

JNI包装器(native-lib.c):

JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isDetectedTestKeys(
JNIEnv *env,
jobject  this ) {


return (jboolean) isDetectedTestKeys();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isDetectedDevKeys(
JNIEnv *env,
jobject  this ) {


return (jboolean) isDetectedDevKeys();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isNotFoundReleaseKeys(
JNIEnv *env,
jobject  this ) {


return (jboolean) isNotFoundReleaseKeys();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isFoundDangerousProps(
JNIEnv *env,
jobject  this ) {


return (jboolean) isFoundDangerousProps();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isPermissiveSelinux(
JNIEnv *env,
jobject  this ) {


return (jboolean) isPermissiveSelinux();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isSuExists(
JNIEnv *env,
jobject  this ) {


return (jboolean) isSuExists();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isAccessedSuperuserApk(
JNIEnv *env,
jobject  this ) {


return (jboolean) isAccessedSuperuserApk();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isFoundSuBinary(
JNIEnv *env,
jobject  this ) {


return (jboolean) isFoundSuBinary();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isFoundBusyboxBinary(
JNIEnv *env,
jobject  this ) {


return (jboolean) isFoundBusyboxBinary();
}




JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isFoundXposed(
JNIEnv *env,
jobject  this ) {


return (jboolean) isFoundXposed();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isFoundResetprop(
JNIEnv *env,
jobject  this ) {


return (jboolean) isFoundResetprop();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isFoundWrongPathPermission(
JNIEnv *env,
jobject  this ) {


return (jboolean) isFoundWrongPathPermission();
}


JNIEXPORT jboolean JNICALL
Java_com_kozhevin_rootchecks_util_MeatGrinder_isFoundHooks(
JNIEnv *env,
jobject  this ) {


return (jboolean) isFoundHooks();
}

常量:

// Comma-separated tags describing the build, like= "unsigned,debug".
const char *const ANDROID_OS_BUILD_TAGS = "ro.build.tags";


// A string that uniquely identifies this build. 'BRAND/PRODUCT/DEVICE:RELEASE/ID/VERSION.INCREMENTAL:TYPE/TAGS'.
const char *const ANDROID_OS_BUILD_FINGERPRINT = "ro.build.fingerprint";


const char *const ANDROID_OS_SECURE = "ro.secure";


const char *const ANDROID_OS_DEBUGGABLE = "ro.debuggable";
const char *const ANDROID_OS_SYS_INITD = "sys.initd";
const char *const ANDROID_OS_BUILD_SELINUX = "ro.build.selinux";
//see https://android.googlesource.com/platform/system/core/+/master/adb/services.cpp#86
const char *const SERVICE_ADB_ROOT = "service.adb.root";


const char * const MG_SU_PATH[] = {
"/data/local/",
"/data/local/bin/",
"/data/local/xbin/",
"/sbin/",
"/system/bin/",
"/system/bin/.ext/",
"/system/bin/failsafe/",
"/system/sd/xbin/",
"/su/xbin/",
"/su/bin/",
"/magisk/.core/bin/",
"/system/usr/we-need-root/",
"/system/xbin/",
0
};


const char * const MG_EXPOSED_FILES[] = {
"/system/lib/libxposed_art.so",
"/system/lib64/libxposed_art.so",
"/system/xposed.prop",
"/cache/recovery/xposed.zip",
"/system/framework/XposedBridge.jar",
"/system/bin/app_process64_xposed",
"/system/bin/app_process32_xposed",
"/magisk/xposed/system/lib/libsigchain.so",
"/magisk/xposed/system/lib/libart.so",
"/magisk/xposed/system/lib/libart-disassembler.so",
"/magisk/xposed/system/lib/libart-compiler.so",
"/system/bin/app_process32_orig",
"/system/bin/app_process64_orig",
0
};


const char * const MG_READ_ONLY_PATH[] = {
"/system",
"/system/bin",
"/system/sbin",
"/system/xbin",
"/vendor/bin",
"/sbin",
"/etc",
0
};

本地代码的根检测:

struct mntent *getMntent(FILE *fp, struct mntent *e, char *buf, int buf_len) {


while (fgets(buf, buf_len, fp) != NULL) {
// Entries look like "/dev/block/vda /system ext4 ro,seclabel,relatime,data=ordered 0 0".
// That is: mnt_fsname mnt_dir mnt_type mnt_opts mnt_freq mnt_passno.
int fsname0, fsname1, dir0, dir1, type0, type1, opts0, opts1;
if (sscanf(buf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d",
&fsname0, &fsname1, &dir0, &dir1, &type0, &type1, &opts0, &opts1,
&e->mnt_freq, &e->mnt_passno) == 2) {
e->mnt_fsname = &buf[fsname0];
buf[fsname1] = '\0';
e->mnt_dir = &buf[dir0];
buf[dir1] = '\0';
e->mnt_type = &buf[type0];
buf[type1] = '\0';
e->mnt_opts = &buf[opts0];
buf[opts1] = '\0';
return e;
}
}
return NULL;
}




bool isPresentMntOpt(const struct mntent *pMnt, const char *pOpt) {
char *token = pMnt->mnt_opts;
const char *end = pMnt->mnt_opts + strlen(pMnt->mnt_opts);
const size_t optLen = strlen(pOpt);
while (token != NULL) {
const char *tokenEnd = token + optLen;
if (tokenEnd > end) break;
if (memcmp(token, pOpt, optLen) == 0 &&
(*tokenEnd == '\0' || *tokenEnd == ',' || *tokenEnd == '=')) {
return true;
}
token = strchr(token, ',');
if (token != NULL) {
token++;
}
}
return false;
}


static char *concat2str(const char *pString1, const char *pString2) {
char *result;
size_t lengthBuffer = 0;


lengthBuffer = strlen(pString1) +
strlen(pString2) + 1;
result = malloc(lengthBuffer);
if (result == NULL) {
GR_LOGW("malloc failed\n");
return NULL;
}
memset(result, 0, lengthBuffer);
strcpy(result, pString1);
strcat(result, pString2);
return result;
}


static bool
isBadPropertyState(const char *key, const char *badValue, bool isObligatoryProperty, bool isExact) {
if (badValue == NULL) {
GR_LOGE("badValue may not be NULL");
return false;
}
if (key == NULL) {
GR_LOGE("key may not be NULL");
return false;
}
char value[PROP_VALUE_MAX + 1];
int length = __system_property_get(key, value);
bool result = false;
/* A length 0 value indicates that the property is not defined */
if (length > 0) {
GR_LOGI("property:[%s]==[%s]", key, value);
if (isExact) {
if (strcmp(value, badValue) == 0) {
GR_LOGW("bad value[%s] equals to [%s] in the property [%s]", value, badValue, key);
result = true;
}
} else {
if (strlen(value) >= strlen(badValue) && strstr(value, badValue) != NULL) {
GR_LOGW("bad value[%s] found in [%s] in the property [%s]", value, badValue, key);
result = true;
}
}
} else {
GR_LOGI("[%s] property not found", key);
if (isObligatoryProperty) {
result = true;
}
}
return result;
}


bool isDetectedTestKeys() {
const char *TEST_KEYS_VALUE = "test-keys";
return isBadPropertyState(ANDROID_OS_BUILD_TAGS, TEST_KEYS_VALUE, true, false);
}


bool isDetectedDevKeys() {
const char *DEV_KEYS_VALUE = "dev-keys";
return isBadPropertyState(ANDROID_OS_BUILD_TAGS, DEV_KEYS_VALUE, true, false);
}


bool isNotFoundReleaseKeys() {
const char *RELEASE_KEYS_VALUE = "release-keys";
return !isBadPropertyState(ANDROID_OS_BUILD_TAGS, RELEASE_KEYS_VALUE, false, true);
}


bool isFoundWrongPathPermission() {


bool result = false;
FILE *file = fopen("/proc/mounts", "r");
char mntent_strings[BUFSIZ];
if (file == NULL) {
GR_LOGE("setmntent");
return result;
}


struct mntent ent = {0};
while (NULL != getMntent(file, &ent, mntent_strings, sizeof(mntent_strings))) {
for (size_t i = 0; MG_READ_ONLY_PATH[i]; i++) {
if (strcmp((&ent)->mnt_dir, MG_READ_ONLY_PATH[i]) == 0 &&
isPresentMntOpt(&ent, "rw")) {
GR_LOGI("%s %s %s %s\n", (&ent)->mnt_fsname, (&ent)->mnt_dir, (&ent)->mnt_opts,
(&ent)->mnt_type);
result = true;
break;
}
}
memset(&ent, 0, sizeof(ent));
}
fclose(file);
return result;
}




bool isFoundDangerousProps() {
const char *BAD_DEBUGGABLE_VALUE = "1";
const char *BAD_SECURE_VALUE = "0";
const char *BAD_SYS_INITD_VALUE = "1";
const char *BAD_SERVICE_ADB_ROOT_VALUE = "1";


bool result = isBadPropertyState(ANDROID_OS_DEBUGGABLE, BAD_DEBUGGABLE_VALUE, true, true) ||
isBadPropertyState(SERVICE_ADB_ROOT, BAD_SERVICE_ADB_ROOT_VALUE, false, true) ||
isBadPropertyState(ANDROID_OS_SECURE, BAD_SECURE_VALUE, true, true) ||
isBadPropertyState(ANDROID_OS_SYS_INITD, BAD_SYS_INITD_VALUE, false, true);


return result;
}


bool isPermissiveSelinux() {
const char *BAD_VALUE = "0";
return isBadPropertyState(ANDROID_OS_BUILD_SELINUX, BAD_VALUE, false, false);
}


bool isSuExists() {
char buf[BUFSIZ];
char *str = NULL;
char *temp = NULL;
size_t size = 1;  // start with size of 1 to make room for null terminator
size_t strlength;


FILE *pipe = popen("which su", "r");
if (pipe == NULL) {
GR_LOGI("pipe is null");
return false;
}


while (fgets(buf, sizeof(buf), pipe) != NULL) {
strlength = strlen(buf);
temp = realloc(str, size + strlength);  // allocate room for the buf that gets appended
if (temp == NULL) {
// allocation error
GR_LOGE("Error (re)allocating memory");
pclose(pipe);
if (str != NULL) {
free(str);
}
return false;
} else {
str = temp;
}
strcpy(str + size - 1, buf);
size += strlength;
}
pclose(pipe);
GR_LOGW("A size of the result from pipe is [%zu], result:\n [%s] ", size, str);
if (str != NULL) {
free(str);
}
return size > 1 ? true : false;
}


static bool isAccessedFile(const char *path) {
int result = access(path, F_OK);
GR_LOGV("[%s] has been accessed with result: [%d]", path, result);
return result == 0 ? true : false;
}


static bool isFoundBinaryFromArray(const char *const *array, const char *binary) {
for (size_t i = 0; array[i]; ++i) {
char *checkedPath = concat2str(array[i], binary);
if (checkedPath == NULL) { // malloc failed
return false;
}
bool result = isAccessedFile(checkedPath);
free(checkedPath);
if (result) {
return result;
}
}
return false;
}


bool isAccessedSuperuserApk() {
return isAccessedFile("/system/app/Superuser.apk");
}


bool isFoundResetprop() {
return isAccessedFile("/data/magisk/resetprop");
}


bool isFoundSuBinary() {
return isFoundBinaryFromArray(MG_SU_PATH, "su");
}


bool isFoundBusyboxBinary() {
return isFoundBinaryFromArray(MG_SU_PATH, "busybox");
}


bool isFoundXposed() {
for (size_t i = 0; MG_EXPOSED_FILES[i]; ++i) {
bool result = isAccessedFile(MG_EXPOSED_FILES[i]);
if (result) {
return result;
}
}
return false;
}


bool isFoundHooks() {
bool result = false;
pid_t pid = getpid();
char maps_file_name[512];
sprintf(maps_file_name, "/proc/%d/maps", pid);
GR_LOGI("try to open [%s]", maps_file_name);
const size_t line_size = BUFSIZ;
char *line = malloc(line_size);
if (line == NULL) {
return result;
}
FILE *fp = fopen(maps_file_name, "r");
if (fp == NULL) {
free(line);
return result;
}
memset(line, 0, line_size);
const char *substrate = "com.saurik.substrate";
const char *xposed = "XposedBridge.jar";
while (fgets(line, line_size, fp) != NULL) {
const size_t real_line_size = strlen(line);
if ((real_line_size >= strlen(substrate) && strstr(line, substrate) != NULL) ||
(real_line_size >= strlen(xposed) && strstr(line, xposed) != NULL)) {
GR_LOGI("found in [%s]: [%s]", maps_file_name, line);
result = true;
break;
}
}
free(line);
fclose(fp);
return result;
}

有谷歌播放服务的安全网认证API，通过它我们可以评估设备并确定它是否被根/篡改。

请通过我的回答来处理根设备:
https://stackoverflow.com/a/58304556/3908895 < / p >

忘记所有那些检测根应用程序和子二进制文件。检查根守护进程。这可以从终端完成，你可以在应用程序中运行终端命令。试试这一行。

if [ ! "$(/system/bin/ps -A | grep -v grep | grep -c daemonsu)" = "0" ]; then echo "device is rooted"; else echo "device is not rooted"; fi

您也不需要root权限来实现这一点。

编辑:现在使用这种方法更好的检测!

if [ $(ps -A | grep -e ^shell -e ^root | grep -v "\[" | tr -s ' ' | cut -d ' ' -f 9 | grep -c su) ] || [ $(which su) ]; then echo 'rooted'; else echo 'not rooted'; fi

你可以通过以下代码来做到这一点:

public boolean getRootInfo() {
if (checkRootFiles() || checkTags()) {
return true;
}
return false;
}


private boolean checkRootFiles() {
boolean root = false;
String[] paths = {"/system/app/Superuser.apk", "/sbin/su", "/system/bin/su", "/system/xbin/su", "/data/local/xbin/su", "/data/local/bin/su", "/system/sd/xbin/su",
"/system/bin/failsafe/su", "/data/local/su", "/su/bin/su"};
for (String path : paths) {
root = new File(path).exists();
if (root)
break;
}
return root;
}


private boolean checkTags() {
String tag = Build.TAGS;
return tag != null && tag.trim().contains("test-keys");
}

你也可以检查这个库RootBeer。

如果你不想使用任何第三方库或任何随机解决方案，那么就使用谷歌库来检测它。

Android设备验证

回应:

{
"timestampMs": 9860437986543,
"nonce": "R2Rra24fVm5xa2Mg",
"apkPackageName": "com.package.name.of.requesting.app",
"apkCertificateDigestSha256": ["base64 encoded, SHA-256 hash of the
certificate used to sign requesting app"],
"ctsProfileMatch": true,
"basicIntegrity": true,
}

ctsprofilmatch如果设备已根，则给出false。

根据这里的一些答案，我合并了它们，并添加了一个检查是否安装了一些已知的根管理器应用程序:

fun isProbablyRooted(context: Context, alsoIncludeCheckingRootManagerApp: Boolean = false): Boolean {
return hasRootManagerSystemApp(context) || (alsoIncludeCheckingRootManagerApp && hasRootManagerSystemApp(context))
}


fun hasRootManagerSystemApp(context: Context): Boolean {
val rootAppsPackageNames = arrayOf("com.topjohnwu.magisk", "eu.chainfire.supersu", "com.koushikdutta.superuser", "com.noshufou.android.su", "me.phh.superuser")
rootAppsPackageNames.forEach { rootAppPackageName ->
try {
context.packageManager.getApplicationInfo(rootAppPackageName, 0)
return true
} catch (e: Exception) {
}
}
return false
}


fun hasSuBinary(): Boolean {
return try {
findBinary("su")
} catch (e: Exception) {
e.printStackTrace()
false
}
}


private fun findBinary(binaryName: String): Boolean {
val paths = System.getenv("PATH")
if (!paths.isNullOrBlank()) {
val systemPlaces: List<String> = paths.split(":")
return systemPlaces.firstOrNull { File(it, binaryName).exists() } != null
}
val places = arrayOf("/sbin/", "/system/bin/", "/system/xbin/", "/data/local/xbin/", "/data/local/bin/",
"/system/sd/xbin/", "/system/bin/failsafe/", "/data/local/")
return places.firstOrNull { File(it, binaryName).exists() } != null
}

清单:

<queries>
<package android:name="com.topjohnwu.magisk" />
<package android:name="eu.chainfire.supersu" />
<package android:name="com.koushikdutta.superuser" />
<package android:name="com.noshufou.android.su" />
<package android:name="me.phh.superuser" />
</queries>

当然，这仍然是一个猜测，像所有其他的解决方案。 用户可以安装Magisk，而不需要对设备进行root操作，例如

使用谷歌SafetyNet认证API，您可以轻松检查您的设备是否已根:

1. 在build.gradle(:app)中添加依赖项

   实现“com.google.android.gms: play-services-safetynet: 17.0.0”

2. 获取Api key并使用链接启用Android设备验证Api

3. 公共静态无效sendSafetyNetRequest(活动上下文){

    if(GoogleApiAvailability.getInstance().isGooglePlayServicesAvailable(context, 13000000) == ConnectionResult.SUCCESS) {
   Log.e(TAG, "The SafetyNet Attestation API is available");
   
   
   // TODO(developer): Change the nonce generation to include your own, used once value,
   // ideally from your remote server.
   
   
   String nonceData = "Safety Net Sample: " + System.currentTimeMillis();
   ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
   Random mRandom = new SecureRandom();
   
   
   byte[] bytes = new byte[24];
   mRandom.nextBytes(bytes);
   try {
   byteStream.write(bytes);
   byteStream.write(nonceData.getBytes());
   } catch (IOException e) {
   e.printStackTrace();
   }
   
   
   byte[] nonce = byteStream.toByteArray();
   
   
   SafetyNetClient client = SafetyNet.getClient(context);
   Task<SafetyNetApi.AttestationResponse> task = client.attest(nonce, API_KEY_FROM_STEP_2_LINK);
   
   
   task.addOnSuccessListener(context, attestationResponse -> {
   
   
   
   
   /*
   TODO(developer): Forward this result to your server together with
   the nonce for verification.
   You can also parse the JwsResult locally to confirm that the API
   returned a response by checking for an 'error' field first and before
   retrying the request with an exponential backoff.
   NOTE: Do NOT rely on a local, client-side only check for security, you
   must verify the response on a remote server!
   */
   
   
   String jwsResult = attestationResponse.getJwsResult();
   
   
   Log.e(TAG, "Success! SafetyNet result:\n" + jwsResult + "\n");
   
   
   if (jwsResult == null) {
   Log.e(TAG, "jwsResult Null");
   
   
   }
   final String[] jwtParts = jwsResult.split("\\.");
   
   
   if (jwtParts.length == 3) {
   String decodedPayload = new String(Base64.decode(jwtParts[1], Base64.DEFAULT));
   Log.e(TAG, "decodedPayload :     " + decodedPayload);
   }
   
   
   
   
   });
   
   
   task.addOnFailureListener(context, e -> {
   // An error occurred while communicating with the service.
   String mResult = null;
   
   
   if (e instanceof ApiException) {
   // An error with the Google Play Services API contains some additional details.
   ApiException apiException = (ApiException) e;
   
   
   Util.showLog(TAG, "Error: " +
   CommonStatusCodes.getStatusCodeString(apiException.getStatusCode()) + ": " +
   apiException.getStatusMessage());
   } else {
   // A different, unknown type of error occurred.
   Log.e(TAG, "ERROR! " + e.getMessage());
   }
   
   
   });
   
   
   } else {
   Log.e(TAG, "Prompt user to update Google Play services.";
   
   
   }
   

   < p >} ' < / p >

4. 检查你的日志decodedPayload如果ctsProfileMatch和basicIntegrity都是假的，这意味着你的设备是根的。Attestation API返回一个JWS响应，看起来像:

{ "nonce": "6pLrr9zWyl6TNzj+kpbR4LZcfPY3U2FmZXR5IE5ldCBTYW1wbGU6IDE2MTQ2NzkwMTIzNjc=", "timestampMs": 9860437986543, "apkPackageName": " your package name will be displayed here", "ctsProfileMatch": true, "apkDigestSha256": [ "base64 encoded, SHA-256 hash of the certificate used to sign requesting app" ], "basicIntegrity": true, "evaluationType": "BASIC" }

要了解更多信息，请查看此链接

截至2021年(今天)，似乎没有任何可靠的方法或方法来检测根目录，特别是在启用了MagiskHide等强大的隐藏工具的情况下。这里的大多数答案都不再相关，所以不要在生产中使用它。依靠可靠的检查，如SafetyNet，而不是额外的英里检测根，我建议在两个运行时保护你的应用程序，如防止调试器/检测，并确保使用混淆。

在2021年最后一个季度的今天，我试图使用SafetyNet来回答@HimanshiThakur的答案。但是我有一个问题，并在在这里中打开了一个问题。还是没有回答。

所以我决定使用RootBeer。它工作得很好，但当Magisk隐藏根时，它就不起作用了。

如果你不在乎这种情况(许多银行应用程序也不能解决这个问题)，你可以使用以下步骤:

1. 添加到Gradle:

implementation 'com.scottyab:rootbeer-lib:0.1.0'

2. 用这些句子:

RootBeer rootBeer = new RootBeer(context);
if (rootBeer.isRooted()) {
//we found indication of root
} else {
//we didn't find indication of root
}