root 检测
- root管理apk检测
/system/etc/init.d/99SuperSUDaemon
/data/data/com.topjohnwu.magisk
/sdcard/MagiskManager
- shell 执行su命令
Runtime.getRuntime().exec("su");
- grep:
build.fingerprint test-keys
Build.TAGS test-keys
ro.debuggable 1
ro.secure 0
ro.adb.secure 0
- new File(snext).exists() 文件是否存在 ls -l 判断是否有 sx权限
"/sbin/su",
"/system/bin/su",
"/system/sbin/su",
"/system/xbin/su",
"/data/local/xbin/su",
"/data/local/bin/su",
"/system/sd/xbin/su",
"/system/bin/failsafe/su",
"/data/local/su",
"/su/bin/su",
"/vendor/bin/su"
- busybox是否存在
String str = "/system/xbin/busybox";
String str1 = "/system/sbin/busybox";
if (new File("/system/bin/busybox").exists()) {
return true;
}
- /root 路径是否有文件
模拟器检测
-
pipe检测
/dev/socket/qemud /dev/qemu_pipe是否存在 -
QEmuDriverFile驱动文件检测
/proc/tty/drivers是否含有 goldfish字段 -
cpu信息检测
/system/bin/cat /proc/cpuinfocat 查看是否含有intel 且不包含 atom -
判断deviceid imei
context.getSystemService("phone").getDeviceId()000000000000000
context.getSystemService("phone").getSubscriberId()310260000000000
大概率为模拟器
-
手机号判断
-
可否发送短信、拨打电话
Intent intent = new Intent();
intent.setData(Uri.parse("tel:10086"));//smsto:10086
intent.setAction("android.intent.action.DIAL");//intent.setAction("android.intent.action.VIEW");
int vi = (intent.resolveActivity(p0.getPackageManager()) != null)? 1: 0;
- 模拟器app判断
"com.microvirt.launcher2",
"com.microvirt.launcher.Launcher"
- 传感器是否存在判断
hook框架检测
- 查看自身进程的虚拟内存 /proc/{pid}/maps 是否加载了frame特征文件
com.saurik.substrate
XposedBridge.jar
me.weishu.exp (Taichi)
- xposed
反射获取de.robv.android.xposed.XposedHelpers中methodCache,查看已加载的hook的类是否有自己的关键类。
从PackageInfo中获取是否存在包名为de.robv.android.xposed.installer
3.检测常见路径/data/local/tmp
frida-server ---frida
hijack ---ADBI
libstrmon ---DDI
- 打印堆栈
Substrate com.android.internal.os.ZygoteInit
Substrate com.saurik.substrate.MS$2 方法: invoked
Xposed de.robv.android.xposed.XposedBridge 方法:main handleHookedMethod
EdXposed EdHooker_ 方法: hook
TaiChi me.weishu.epic
原文链接:https://blog.csdn.net/weixin_43922321/article/details/120001888
网友评论