diff --git a/mvt/android/data/root_binaries.txt b/mvt/android/data/root_binaries.txt deleted file mode 100644 index 5dc0ffa..0000000 --- a/mvt/android/data/root_binaries.txt +++ /dev/null @@ -1,10 +0,0 @@ -su -busybox -supersu -Superuser.apk -KingoUser.apk -SuperSu.apk -magisk -magiskhide -magiskinit -magiskpolicy diff --git a/mvt/android/data/root_packages.txt b/mvt/android/data/root_packages.txt deleted file mode 100644 index 7011e07..0000000 --- a/mvt/android/data/root_packages.txt +++ /dev/null @@ -1,25 +0,0 @@ -com.noshufou.android.su -com.noshufou.android.su.elite -eu.chainfire.supersu -com.koushikdutta.superuser -com.thirdparty.superuser -com.yellowes.su -com.koushikdutta.rommanager -com.koushikdutta.rommanager.license -com.dimonvideo.luckypatcher -com.chelpus.lackypatch -com.ramdroid.appquarantine -com.ramdroid.appquarantinepro -com.devadvance.rootcloak -com.devadvance.rootcloakplus -de.robv.android.xposed.installer -com.saurik.substrate -com.zachspong.temprootremovejb -com.amphoras.hidemyroot -com.amphoras.hidemyrootadfree -com.formyhm.hiderootPremium -com.formyhm.hideroot -me.phh.superuser -eu.chainfire.supersu.pro -com.kingouser.com -com.topjohnwu.magisk diff --git a/mvt/android/modules/adb/packages.py b/mvt/android/modules/adb/packages.py index 47754ea..b1e5d1d 100644 --- a/mvt/android/modules/adb/packages.py +++ b/mvt/android/modules/adb/packages.py @@ -39,6 +39,34 @@ DANGEROUS_PERMISSIONS = [ "com.android.browser.permission.READ_HISTORY_BOOKMARKS", ] +ROOT_PACKAGES = [ + "com.noshufou.android.su", + "com.noshufou.android.su.elite", + "eu.chainfire.supersu", + "com.koushikdutta.superuser", + "com.thirdparty.superuser", + "com.yellowes.su", + "com.koushikdutta.rommanager", + "com.koushikdutta.rommanager.license", + "com.dimonvideo.luckypatcher", + "com.chelpus.lackypatch", + "com.ramdroid.appquarantine", + "com.ramdroid.appquarantinepro", + "com.devadvance.rootcloak", + "com.devadvance.rootcloakplus", + "de.robv.android.xposed.installer", + "com.saurik.substrate", + "com.zachspong.temprootremovejb", + "com.amphoras.hidemyroot", + "com.amphoras.hidemyrootadfree", + "com.formyhm.hiderootPremium", + "com.formyhm.hideroot", + "me.phh.superuser", + "eu.chainfire.supersu.pro", + "com.kingouser.com", + "com.topjohnwu.magisk", +] + class Packages(AndroidExtraction): """This module extracts the list of installed packages.""" @@ -69,13 +97,8 @@ class Packages(AndroidExtraction): return records def check_indicators(self): - root_packages_path = os.path.join("..", "..", "data", "root_packages.txt") - root_packages_string = pkg_resources.resource_string(__name__, root_packages_path) - root_packages = root_packages_string.decode("utf-8").splitlines() - root_packages = [rp.strip() for rp in root_packages] - for result in self.results: - if result["package_name"] in root_packages: + if result["package_name"] in ROOT_PACKAGES: self.log.warning("Found an installed package related to rooting/jailbreaking: \"%s\"", result["package_name"]) self.detected.append(result) diff --git a/mvt/android/modules/adb/root_binaries.py b/mvt/android/modules/adb/root_binaries.py index 3c77331..03acf1a 100644 --- a/mvt/android/modules/adb/root_binaries.py +++ b/mvt/android/modules/adb/root_binaries.py @@ -4,9 +4,6 @@ # https://license.mvt.re/1.1/ import logging -import os - -import pkg_resources from .base import AndroidExtraction @@ -23,9 +20,18 @@ class RootBinaries(AndroidExtraction): log=log, results=results) def run(self): - root_binaries_path = os.path.join("..", "..", "data", "root_binaries.txt") - root_binaries_string = pkg_resources.resource_string(__name__, root_binaries_path) - root_binaries = root_binaries_string.decode("utf-8").splitlines() + root_binaries = [ + "su", + "busybox", + "supersu", + "Superuser.apk", + "KingoUser.apk", + "SuperSu.apk", + "magisk", + "magiskhide", + "magiskinit", + "magiskpolicy", + ] self._adb_connect()