修改ROM实现自定义su命令-root检测通杀-晗雅|星空

本文章使用的ROM为 Android-7.1.2_r33,编译的手机是Sailfish Pixel1

如果ro.debuggable=1的话 data/data/没有最高权限,这时候就要用mprop修改了

常见检测root方式:

1.detectRootManagementApps—检测常见su包名,如{“com.noshufou.android.su”, “com.noshufou.android.su.elite”, “eu.chainfire.supersu”, “com.koushikdutta.superuser”, “com.thirdparty.superuser”, “com.yellowes.su”, “com.topjohnwu.magisk”, “com.kingroot.kinguser”, “com.kingo.root”, “com.smedialink.oneclickroot”, “com.zhiqupk.root.global”, “com.alephzain.framaroot”}

2.detectPotentiallyDangerousApps—{“com.koushikdutta.rommanager”, “com.koushikdutta.rommanager.license”, “com.dimonvideo.luckypatcher”, “com.chelpus.lackypatch”, “com.ramdroid.appquarantine”, “com.ramdroid.appquarantinepro”, “com.android.vending.billing.InAppBillingService.COIN”, “com.android.vending.billing.InAppBillingService.LUCK”, “com.chelpus.luckypatcher”, “com.blackmartalpha”, “org.blackmart.market”, “com.allinone.free”, “com.repodroid.app”, “org.creeplays.hack”, “com.baseappfull.fwd”, “com.zmapp”, “com.dv.marketmod.installer”, “org.mobilism.android”, “com.android.wp.net.log”, “com.android.camera.update”, “cc.madkite.freedom”, “com.solohsu.android.edxp.manager”, “org.meowcat.edxposed.manager”, “com.xmodgame”, “com.cih.game_cih”, “com.charles.lpoqasert”, “catch_.me_.if_.you_.can_”}

3.detectRootCloakingApps—{“com.devadvance.rootcloak”, “com.devadvance.rootcloakplus”, “de.robv.android.xposed.installer”, “com.saurik.substrate”, “com.zachspong.temprootremovejb”, “com.amphoras.hidemyroot”, “com.amphoras.hidemyrootadfree”, “com.formyhm.hiderootPremium”, “com.formyhm.hideroot”}

4.suPath—遍历执行可能存在的su文件夹,如{“/data/local/”, “/data/local/bin/”, “/data/local/xbin/”, “/sbin/”, “/su/bin/”, “/system/bin/”, “/system/bin/.ext/”, “/system/bin/failsafe/”, “/system/sd/xbin/”, “/system/usr/we-need-root/”, “/system/xbin/”, “/cache/”, “/data/”, “/dev/”}

5.checkForDangerousProps—检查一些属性的值.{ro.debuggable”, “1”},{“ro.secure”, “0”}

6.checkForRWPaths—先执行(需要root)mount如果返回true然后再查看是否有读写权限{“/system”, “/system/bin”, “/system/sbin”, “/system/xbin”, “/vendor/bin”, “/sbin”, “/etc”}

7.detectTestKeys—查看编译类型是否为 {“test-keys”}

8.checkBuildProp—检查Buildprop的值,{“ro.build.display.id”,”ro.build.version.incremental”,”ro.build.date”,”ro.build.date.utc”,”ro.build.type”,”ro.build.user”,”ro.build.flavor”,”ro.build.tags”,”ro.build.description”,”ro.build.fingerprint”,”ro.product.model”,”ro.product.brand”,”ro.product.name”}

9.checkSuExists—执行su,看看能否执行成功

10.checkForRootNative—Native层root检查

11.checkForMagiskBinary—检测是否存在Magisk-{“/data/local/”, “/data/local/bin/”, “/data/local/xbin/”, “/sbin/”, “/su/bin/”, “/system/bin/”, “/system/bin/.ext/”, “/system/bin/failsafe/”, “/system/sd/xbin/”, “/system/usr/we-need-root/”, “/system/xbin/”, “/cache/”, “/data/”, “/dev/”}

这里我提供的部分解决方案(已经可以过大部分的app了)

自定义su命令解决了 4 6 9

1./system/extras/su/Android.mk 中su修改为lzonel

2./system/core/libcutils/fs_config.cpp 中 /system/xbin/su 修改为 /system/xbin/lzonel

3./system/sepolicy/file_contexts 中 /system/xbin/su 修改为 /system/xbin/lzonel

更改test-keys 解决了 7

ro.build.tags=test-keys被写入在system/build.prop文件，我们查看这个文件看到autogenerated by buildinfo.sh
是被buildinfo.sh文件写入的，我们找下这个文件

/build/make/tools/buildinfo.sh
ro.build.tags的值是读取BUILD_VERSION_TAGS
而BUILD_VERSION_TAGS 则是/build/core/Makefile 中BUILD_KEYS 给的值，所以我们将
test-keys 改为 release-keys即可