Comments (4)
Hello @brycethorup ,
It's a common trap - these images are, in fact, equipped with a su file. With a started emulator, open your terminal and run this command:
adb shell 'ls /system/xbin'
You should get output like this:
...
simpleperf
strace
su <---here it is
taskstats
tcpdump
Hope it helps you!
Let us know if you need anything,
Talsec Team
from free-rasp-flutter.
I can confirm that the images that were being detected as being rooted to have the su
executable. This raises a new concern though, as all of the images that weren't being detected as being rooted also have su
binaries in the /system/xbin
directory. The one common characteristic I am seeing is that the images that aren't detected as being rooted are x86_64
images (except for the image that I explicitly rooted) and the ones that are being detected as being rooted have x86
images.
Would your recommendation be to not use an android emulator to test root detection?
from free-rasp-flutter.
Thank you for the confirmation. We will inspect the issue and try to clarify the recommended steps.
from free-rasp-flutter.
Hello @brycethorup ,
we have further investigated the issue and can confirm that we were able to reproduce the behaviour that you have mentioned. To clarify a bit, we are able to detect "su" images in "system/xbin" directory even on "x86_64" images but not on "x86_64" images with API level 31 and newer. We would like to again thank you for bringing this to our attention and we will try to address and fix this issue in the future releases.
We do still believe that checking whether the "su" binary is present on the device is a valid way of detecting root, our recommendation would therefore be to use clean, i.e. without "su" binary, device or emulator if you do not want it to be detected as rooted.
Hope it helps.
Kind regards,
Talsec Team
from free-rasp-flutter.
Related Issues (20)
- [Flutter project] APK file increased by 40% with FreeRASP package HOT 6
- java.lang.UnsatisfiedLinkError crash HOT 3
- onSecureHardwareNotAvailable false positives with freeRASP 6.0.0 HOT 6
- Threat detection order HOT 1
- Android app not compilable with AGP >= 8.0.0 HOT 3
- Shorebird and freeRasp inconvenient HOT 4
- Where is the documentation? HOT 1
- DeadObjectException on some Android 6 devices HOT 4
- How to know proper value for `AndroidConfig.supportedStores`? HOT 3
- How the 100k limitation for free tier is calculated? HOT 2
- The package is susceptible to smali changes. HOT 6
- Free-RASP-Flutter Security Delay Issue HOT 8
- When the app is minimized and resumed before the checks, they do not occur. HOT 5
- only Xcode 13 required to be able to build the application. HOT 4
- Crash on iOS device with 6.2.0 HOT 6
- onAppIntegrity after releasing playstore HOT 7
- Emulator Detection / Root detection on Android emulator HOT 3
- Which callback? HOT 3
- Android app not compilable with AGP >= 8.0.0 HOT 2
- Android Google Play Automatic integrity protection support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from free-rasp-flutter.