UPDATE 4.1: HackProtect Extension (No Permissions Needed) - Better Emulator Detection

HackProtect v4.1 UPDATE (Emulator Detection) cian1

HackProtect.aix (13.7 KB)

ChangeLog

New Features:

  • AmazonStoreInstalled: Returns true if application was installed via Amazon

    image

  • PlayStoreInstalled: Returns true if the application was installed via GooglePlay

    image

  • GetPackagerManagerName: . Gets the name of the Package Manager that installed the app.

    image

  • GetPackageName: Returns the name of the current application package,

    image

  • IsRoSecureRoKernelQemu: This returns true if either the ro.secure or ro.kernel.qemu have been modified, which is a root indicator as the kernel activity may be compromised and viewable.

    image

  • CheckForSuperUserAPK: Returns TRUE if one of 6 known root packages or variants is installed. The name of the package is not returned, so the user does not know which package name to change.

    image

  • CheckForDangerousAPK: Returns TRUE if one of 12 known patching or root emulating packages is installed. The name of the package is not returned, so the user does not know which package name to change.

    image

Updates:

  • RoSecure process has been deleted and replaced with isRoSecureRoKernelQemu.

  • Added more root detection processes.

  • Disabled super user check, as it is giving strange results on different android versions.

  • Improved and Added Emulator Detection support for: (over 160 different checks)

    • Android Studio
    • Andy
    • Droid4x
    • Generic
    • Genymotion
    • Goldfish
    • MIT
    • Nox
    • TitaniamVM
    • VBox

Some reports that nox support is not working perfect .

  • Updated Descriptions.

  • Updated names.

Raodmap:

  • Method to scan for user defined packages

  • Method to scan for certain processes

Notes:

  • The only way to ensure you have emulator or virtual device detection is by getting the READ_PHONE_STATE, so you can get the Carrier ID, and Phone Number. I decided not to do this because it is a very aggressive permission. If people want this as a separate extension, let me know.

  • Another method is to watch the accelerometer, and make sure that it is moving. Emulators don’t move. If there is enough demand, I will try to add this.

DISCLAIMER:

This is not perfect. I know it, and I do not claim it is now, or ever. So if there are bugs be kind, and report them.

Total Blocks (11)

Example Use Case

Description

This light weight extension helps you limit how your users can hack your application. 9 critical elements are detected.

  1. Was the application installed from Amazon
  2. Is ADB Debugging enabled,
  3. Is the application running on an emulator,
  4. Is the device rooted,
  5. Is the app installed from the Google Playstore,
  6. Is a well known Super User APK installed,
  7. Is a well known Patching APK installed,
  8. Name of the package manager that installed the application,
  9. Name of the package of the current app,
  10. Is RO secure, or Ro kernel qemu modified.

(NOX Emulator Bug should be fixed)

When you handle these elements properly, you can shut your app down before people can logcat, or intercept network traffic, thereby protecting things like API credentials, passwords, proxies, etc.

45 Likes

Nice extension

2 Likes

Thank you!

4 Likes

Nice Tool,
Thanks

2 Likes

Thanks You!

1 Like

Thanks for this good extenstion its very helpful to developers

2 Likes

My pleasure!

2 Likes

nice you made it really, Thanks man this will help us to protect our apps a bit more.

3 Likes

Small But very Useful!

3 Likes

Thanks ! I’ve just searched for an extension like this yesterday, and today, it’s here :slight_smile:

3 Likes

Man, that’s really an amazing extension.
Very simple and at the same time very important at some cases.

Congratulations for the idea!

Don’t care about this guy talking nonsense. He is probably just a troll or he is envious of you.

5 Likes

Hey… You have 17 Likes ! Which speaks for itself that you have done a great job! :ok_hand::+1::+1::+1::+1:

4 Likes

it is amazing! thank you very much!

1 Like

Thank you.

1 Like

Thank you, it will be very useful

2 Likes

Just need to know a think btw as I can’t test it now.
When I use the is rooted component, does it ask for superuser permissions (so the promp appears) or it checks the su file in the /system folder without asking for it like the shell component?
Because it would be very useful if it detects the root status without making the superuser popup appear.

1 Like

Among other things, It checks a variety of places for the SU file.

It does not invoke the shell component

Very nice… I was hoping so.
And what about isSystemUser? I don’t figure out what is it for…
When does it return true?

1 Like

Well SystemUser on Android is like Root on Unix/Linux. It is supposed to indicate that the application may be running in a manner that has root. I am not sure it is performing as expected after some feedback from others.

It is only an indicator, not decisive.

So it works with these phones that got multi user right?

1 Like