在Android的根检测方法,它无法绕过 [英] Root detection methodology in android which cannot be bypassed
问题描述
我知道,运行的应用程序,它拥有一个植根设备上的敏感信息是不安全的。因此,开发商通常做根检测在这种情况下,如果设备被找到根源,那么该应用程序将不会安装。一切正常。
I know that running an app which possess sensitive information on a rooted device is not secure at all. So developers usually do root detection in such cases and if the device is found rooted,then that app won't get installed. everything is ok.
在根检测开发人员使用的主要技术检查的superuser.apk文件,检查chainfire,busybox的,执行su命令等。但是,攻击者可以简单地通过以下几种方式像重命名为superuser.apk绕过superuser0.apk这些检查。
The major techniques used by developers in root detection are checking for the superuser.apk file,check for chainfire,busybox,executing su command,etc. But an attacker can simply bypass these checks by several means like renaming the superuser.apk to superuser0.apk.
那么,我期待的是这个问题的根源在哪里检测检查不能被攻击者绕过一个独特的解决方案。请分享您的意见,即使这种解决方案并不存在。因为从你们的解决方案可能有助于ATLEAST硬化根检测code。
So what I am looking for is a unique solution for this issue where the root detection checks cannot be bypassed by attacker. Please share your views even if such a solution doesn't exists. Because the solutions from you guys might help in atleast hardening the code of root detection.
推荐答案
有没有的单一解决方案,据我知道,但你需要检查最常见的事情。下面这篇文章也很有用:
https://blog.netspi.com/android-root-detection-techniques/
There is not "the single solution" as far as I know but you will need to check for the most common things. The following article is also useful: https://blog.netspi.com/android-root-detection-techniques/
和这里有一些提示...你不应该做什么也:
确定一个植根设备上运行
And here are some tips ... also what you should not do: Determine if running on a rooted device
这篇关于在Android的根检测方法,它无法绕过的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
