Magisk 18 and Magisk Hide detection logic reinforcement

We now take advantage of the stat command for Magisk detection.

app/src/main/java/com/scottyab/rootbeer/sample/CheckRootTask.java

@@ -70,7 +70,7 @@ protected Boolean doInBackground(Boolean... params) {
         RootBeer check = new RootBeer(mContext);
         check.setLogging(true);
 
-        for (int i = 0; i < 100; i++) {
+        for (int i = 0; i < 105; i++) {
             try {
                 Thread.sleep(SLEEP_TIME);
             } catch (InterruptedException e) {
@@ -121,11 +121,11 @@ protected Boolean doInBackground(Boolean... params) {
                     mIsCheck = Utils.isSelinuxFlagInEnabled();
                     Log.d(TAG, "Selinux Flag Is Enabled " + (mIsCheck ? "true" : "false"));
                     break;
-                case 89:
+                case 96:
                     mIsCheck = check.checkForMagiskBinary();
                     Log.d(TAG, "Magisk " + (mIsCheck ? "deteced" : "not deteced"));
                     break;
-                case 99:
+                case 104:
                     mIsCheck = check.checkForMagiskNative();
                     Log.d(TAG, "Magisk " + (mIsCheck ? "deteced" : "not deteced"));
                     break;

app/src/main/java/com/scottyab/rootbeer/sample/MainActivity.java

@@ -62,6 +62,7 @@ private void initView() {
         ImageView rootCheck10ImageView = (ImageView) findViewById(R.id.content_main_root_check_image_10);
         ImageView rootCheck11ImageView = (ImageView) findViewById(R.id.content_main_root_check_image_11);
         ImageView rootCheck12ImageView = (ImageView) findViewById(R.id.content_main_root_check_image_12);
+        ImageView rootCheck13ImageView = (ImageView) findViewById(R.id.content_main_root_check_image_13);
         checkRootImageViewList = new ArrayList<>();
         checkRootImageViewList.add(rootCheck1ImageView);
         checkRootImageViewList.add(rootCheck2ImageView);
@@ -75,6 +76,7 @@ private void initView() {
         checkRootImageViewList.add(rootCheck10ImageView);
         checkRootImageViewList.add(rootCheck11ImageView);
         checkRootImageViewList.add(rootCheck12ImageView);
+        checkRootImageViewList.add(rootCheck13ImageView);
 
         floatingActionButton = (FloatingActionButton) findViewById(R.id.fab);
         floatingActionButton.setOnClickListener(new View.OnClickListener() {

app/src/main/res/layout/content_main.xml

@@ -299,6 +299,26 @@
                     tools:src="@drawable/ic_tick_green_24dp"/>
             </RelativeLayout>
 
+            <RelativeLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_marginBottom="@dimen/content_main_table_row_margin_bottom"
+                android:minHeight="@dimen/content_main_table_row_min_height">
+
+                <TextView
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_alignParentLeft="true"
+                    android:text="@string/root_checks_13"/>
+
+                <ImageView
+                    android:id="@+id/content_main_root_check_image_13"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_alignParentRight="true"
+                    tools:src="@drawable/ic_tick_green_24dp"/>
+            </RelativeLayout>
+
             <TextView
                 android:id="@+id/content_mainisRootedTextDisclaimer"
                 android:layout_width="match_parent"

app/src/main/res/values/strings.xml

@@ -30,5 +30,6 @@
     <string name="root_checks_9">ROOT NATIVE</string>
     <string name="root_checks_10">ROOT CLOAKING APPS</string>
     <string name="root_checks_11">SELINUX FLAG ENABLED (EXPERIMENTAL)</string>
-    <string name="root_checks_12">MAGISK UDS (EXPERIMENTAL)</string>
+    <string name="root_checks_12">MAGISK BINARY (EXPERIMENTAL)</string>
+    <string name="root_checks_13">MAGISK UDS AND STAT (EXPERIMENTAL)</string>
 </resources>

build.gradle

@@ -10,7 +10,7 @@ buildscript {
         google()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:3.2.1'
+        classpath 'com.android.tools.build:gradle:3.3.0'
 
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
-#Tue Dec 04 15:01:20 KST 2018
+#Thu Jan 31 16:58:07 KST 2019
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.6-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.1-all.zip

rootbeerlib/src/main/java/com/scottyab/rootbeer/RootBeer.java

@@ -380,7 +380,6 @@ public boolean canLoadNativeLibrary(){
      * @return true if we found su | false if not, or the native library could not be loaded / accessed
      */
     public boolean checkForRootNative() {
-
         if (!canLoadNativeLibrary()){
             QLog.e("We could not load the native library to test for root");
             return false;
@@ -402,7 +401,6 @@ public boolean checkForRootNative() {
     }
 
     public boolean checkForMagiskNative() {
-
         if (!canLoadNativeLibrary()){
             QLog.e("We could not load the native library to test for root");
             return false;

rootbeerlib/src/main/jni/toolChecker.cpp

@@ -18,6 +18,15 @@
 // String / file headers
 #include <string.h>
 #include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <pwd.h>
+#include <grp.h>
+#include <stdlib.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <sys/un.h>
 
 /****************************************************************************
  *>>>>>>>>>>>>>>>>>>>>>>>>>> User Includes <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<*
@@ -78,7 +87,98 @@ int exists(const char *fname)
     return 0;
 }
 
+void strmode(mode_t mode, char * buf) {
+    const char chars[] = "rwxrwxrwx";
+    for (size_t i = 0; i < 9; i++) {
+        buf[i] = (mode & (1 << (8-i))) ? chars[i] : '-';
+    }
+    buf[9] = '\0';
+}
+
+/*****************************************************************************
+ * Description: Check file stat
+ *
+ * Parameters: fname - filename to check
+ *
+ * Return value: 0 - non-existant / not visible, 1 - exists
+ *
+ *****************************************************************************/
+extern int stat(const char *, struct stat *);
+int checkFileStat(char *fname)
+{
+    int return_stat = 0;
+    struct stat file_info = { 0 };
+    struct passwd *my_passwd;
+    struct group  *my_group;
+    mode_t file_mode;
+
+    if(!fname)
+    {
+        LOGD(">>>>> fname is NULL!!");
+        return -1;
+    }
+
+    if ((return_stat = stat(fname, &file_info)) == -1)
+    {
+        LOGD(">>>>> stat() Failed!!");
+        return -1;
+    }
+
+    file_mode = file_info.st_mode;
+    LOGD(">>>>> 파일이름 : %s\n", fname);
+    printf(">>>>> =======================================\n");
+    LOGD(">>>>> 파일 타입 : ");
+    if (S_ISREG(file_mode))
+    {
+        LOGD(">>>>> 정규파일\n");
+    }
+    else if (S_ISLNK(file_mode))
+    {
+        LOGD(">>>>> 심볼릭 링크\n");
+    }
+    else if (S_ISDIR(file_mode))
+    {
+        LOGD(">>>>> 디렉토리\n");
+    }
+    else if (S_ISCHR(file_mode))
+    {
+        LOGD(">>>>> 문자 디바이스\n");
+    }
+    else if (S_ISBLK(file_mode))
+    {
+        LOGD(">>>>> 블럭 디바이스\n");
+    }
+    else if (S_ISFIFO(file_mode))
+    {
+        LOGD(">>>>> FIFO\n");
+    }
+    else if (S_ISSOCK(file_mode))
+    {
+        LOGD(">>>>> 소켓\n");
+    }
 
+    char buf[64] = { 0 };
+    strmode(file_mode, buf);
+    LOGD(">>>>> %04o is %s\n", file_mode, buf);
+
+    my_passwd = getpwuid(file_info.st_uid);
+    my_group  = getgrgid(file_info.st_gid);
+    LOGD(">>>>> OWNER : %s\n", my_passwd->pw_name);
+    LOGD(">>>>> GROUP : %s\n", my_group->gr_name);
+    LOGD(">>>>> FILE SIZE IS : %d\n", (int)file_info.st_size);
+    LOGD(">>>>> 마지막 읽은 시간 : %d\n", file_info.st_atime);
+    LOGD(">>>>> 마지막 수정 시간 : %d\n", file_info.st_mtime);
+    LOGD(">>>>> 마지막 상태변경 시간 : %d\n", file_info.st_ctime);
+    LOGD(">>>>> I/O 블록 크기 : %d\n", file_info.st_blksize);
+    LOGD(">>>>> 할당한 블록 크기 : %d\n", file_info.st_blocks);
+    LOGD(">>>>> 하드링크된 파일수 : %d\n", file_info.st_nlink);
+    LOGD(">>>>> 아이노드 : %d\n", file_info.st_ino);
+    LOGD(">>>>> 정규파일의 바이트 수 : %d\n", file_info.st_size);
+    LOGD(">>>>> 장치 번호 : %d\n", (int)file_info.st_dev);
+    LOGD(">>>>> 특수 파일의 장치 번호 : %d\n", (int)file_info.st_rdev);
+
+    return 1;
+}
 
 /*****************************************************************************
  * Description: Check the Unix Domain Socket used by Magisk
@@ -90,7 +190,8 @@ int exists(const char *fname)
  *****************************************************************************/
 int Java_com_scottyab_rootbeer_RootBeerNative_checkForMagiskUDS( JNIEnv* env, jobject thiz )
 {
-    int detect_count = 0;
+    int uds_detect_count = 0;
+    int magisk_file_detect_count = 0;
     int result = 0;
 
     // Magisk UDS(Unix Domain Socket) Detection Method.
@@ -117,6 +218,18 @@ int Java_com_scottyab_rootbeer_RootBeerNative_checkForMagiskUDS( JNIEnv* env, jo
 
             LOGD("%s", filename);
 
+            magisk_file_detect_count += checkFileStat("/sbin/magisk");
+            magisk_file_detect_count += checkFileStat("/data/adb/magisk");
+            magisk_file_detect_count += checkFileStat("/sbin/.magisk");
+            magisk_file_detect_count += checkFileStat("/cache/.disable_magisk");
+            magisk_file_detect_count += checkFileStat("/dev/.magisk.unblock");
+            magisk_file_detect_count += checkFileStat("/cache/magisk.log");
+            magisk_file_detect_count += checkFileStat("/data/adb/magisk.img");
+            magisk_file_detect_count += checkFileStat("/data/adb/magisk.db");
+            magisk_file_detect_count += checkFileStat("/data/adb/.boot_count");
+            magisk_file_detect_count += checkFileStat("/data/adb/magisk_simple");
+            magisk_file_detect_count += checkFileStat("/init.magisk.rc");
+
             // The name of the unix domain socket created by the daemon is prefixed with an @ symbol.
             char *ptr = strtok(filename, "@");
             if(ptr) {
@@ -128,19 +241,22 @@ int Java_com_scottyab_rootbeer_RootBeerNative_checkForMagiskUDS( JNIEnv* env, jo
                 } else if(strstr(ptr, ".")) {
                     ;
                 } else { // Magisk replaces the name of the unix domain socket with a random string of 32 digits.
-                    if (strlen(ptr) >= 32) {
+                    int len = strlen(ptr);
+                    if (len >= 32) {
                         // Magisk was detected.
                         LOGD("[Detect Magisk UnixDomainSocket] %s", ptr);
 
-                        detect_count++;
+                        uds_detect_count++;
                     }
                 }
             }
         }
     }
 
-    if(detect_count == 0) {
+    if(uds_detect_count == 0 || magisk_file_detect_count == 0) {
         result = 0;
+    } else {
+        result = 1;
     }
 
     return result;