react-native-device-defense 1.0.0

package/android/src/main/java/vn/osp/security/HookDetection.kt

@@ -0,0 +1,270 @@
+package vn.osp.security
+
+import android.content.Context
+import android.content.pm.PackageManager
+import java.io.BufferedReader
+import java.io.File
+import java.io.InputStreamReader
+
+/**
+ * Detection for hooking frameworks (Frida, Xposed, Magisk, etc.)
+ */
+class HookDetection(private val context: Context) {
+
+    /**
+     * Check if Frida framework is present
+     */
+    fun hasFrida(): Boolean {
+        return checkFridaPorts() ||
+                checkFridaLibraries() ||
+                checkFridaProcesses() ||
+                checkFridaFiles()
+    }
+
+    /**
+     * Check if Xposed framework is present
+     */
+    fun hasXposed(): Boolean {
+        return checkXposedApp() ||
+                checkXposedInClassLoader() ||
+                checkXposedFiles()
+    }
+
+    /**
+     * Check if Magisk is present
+     */
+    fun hasMagisk(): Boolean {
+        return checkMagiskApp() ||
+                checkMagiskFiles() ||
+                checkMagiskModules()
+    }
+
+    /**
+     * Check for Frida ports (default: 27042, 27043)
+     */
+    private fun checkFridaPorts(): Boolean {
+        val fridaPorts = listOf(27042, 27043, 27044, 27045)
+
+        // Read /proc/net/tcp to check for open ports
+        try {
+            val bufferedReader = BufferedReader(InputStreamReader(
+                File("/proc/net/tcp").inputStream()
+            ))
+
+            bufferedReader.use { reader ->
+                var line: String?
+                while (reader.readLine().also { line = it } != null) {
+                    // Format: sl local_address rem_address st ...
+                    // Skip header
+                    if (line?.startsWith("  sl") == true) continue
+
+                    val parts = line?.trim()?.split("\\s+".toRegex()) ?: continue
+                    if (parts.size >= 2) {
+                        try {
+                            // local_address format: hex_ip:hex_port
+                            val localAddress = parts[1]
+                            val addressParts = localAddress.split(":")
+                            if (addressParts.size == 2) {
+                                val portHex = addressParts[1]
+                                val port = portHex.toInt(16)
+                                if (port in fridaPorts) {
+                                    return true
+                                }
+                            }
+                        } catch (e: Exception) {
+                            // Ignore parsing errors
+                        }
+                    }
+                }
+            }
+        } catch (e: Exception) {
+            // Ignore errors
+        }
+
+        return false
+    }
+
+    /**
+     * Check for Frida libraries in memory
+     */
+    private fun checkFridaLibraries(): Boolean {
+        // Check /proc/self/maps for Frida libraries
+        try {
+            val bufferedReader = BufferedReader(InputStreamReader(
+                File("/proc/self/maps").inputStream()
+            ))
+
+            bufferedReader.use { reader ->
+                var line: String?
+                while (reader.readLine().also { line = it } != null) {
+                    if (line?.contains("frida") == true ||
+                        line?.contains("frida-agent") == true ||
+                        line?.contains("libfrida") == true) {
+                        return true
+                    }
+                }
+            }
+        } catch (e: Exception) {
+            // Ignore errors
+        }
+
+        return false
+    }
+
+    /**
+     * Check for Frida processes
+     */
+    private fun checkFridaProcesses(): Boolean {
+        try {
+            val process = Runtime.getRuntime().exec("ps")
+            val reader = BufferedReader(InputStreamReader(process.inputStream))
+
+            reader.use {
+                var line: String?
+                while (it.readLine().also { line = it } != null) {
+                    if (line?.contains("frida") == true ||
+                        line?.contains("frida-server") == true) {
+                        return true
+                    }
+                }
+            }
+        } catch (e: Exception) {
+            // Ignore errors
+        }
+
+        return false
+    }
+
+    /**
+     * Check for Frida-related files
+     */
+    private fun checkFridaFiles(): Boolean {
+        val fridaPaths = listOf(
+            "/data/local/tmp/frida",
+            "/data/local/tmp/frida-server",
+            "/data/local/tmp/frida-agent.so",
+            "/data/local/tmp/frida-agent-*.so",
+            "/system/lib/libfrida.so",
+            "/system/lib64/libfrida.so"
+        )
+
+        return fridaPaths.any { path ->
+            try {
+                // Handle wildcards
+                if (path.contains("*")) {
+                    val dir = File(path.substringBeforeLast("/"))
+                    val prefix = path.substringAfterLast("/").replace("*", "")
+                    dir.list()?.any { it.startsWith(prefix) } == true
+                } else {
+                    File(path).exists()
+                }
+            } catch (e: Exception) {
+                false
+            }
+        }
+    }
+
+    /**
+     * Check if Xposed installer app is present
+     */
+    private fun checkXposedApp(): Boolean {
+        val xposedPackages = listOf(
+            "de.robv.android.xposed.installer",
+            "de.robv.android.xposed.installer",
+            "org.meowcat.edxposed.manager",
+            "io.github.huskydg.xposed",
+            "com.solohsu.android.edxp.manager"
+        )
+
+        return xposedPackages.any { isPackageInstalled(it) }
+    }
+
+    /**
+     * Check for Xposed in class loader
+     */
+    private fun checkXposedInClassLoader(): Boolean {
+        return try {
+            // Check for XposedBridge class
+            Class.forName("de.robv.android.xposed.XposedBridge")
+            true
+        } catch (e: ClassNotFoundException) {
+            false
+        }
+    }
+
+    /**
+     * Check for Xposed-related files
+     */
+    private fun checkXposedFiles(): Boolean {
+        val xposedPaths = listOf(
+            "/system/framework/XposedBridge.jar",
+            "/system/bin/app_process32_xposed",
+            "/system/bin/app_process64_xposed",
+            "/system/xposed.prop",
+            "/cache/XposedBridge.jar"
+        )
+
+        return xposedPaths.any { File(it).exists() }
+    }
+
+    /**
+     * Check if Magisk app is present
+     */
+    private fun checkMagiskApp(): Boolean {
+        val magiskPackages = listOf(
+            "com.topjohnwu.magisk",
+            "com.topjohnwu.magisk.ui"
+        )
+
+        return magiskPackages.any { isPackageInstalled(it) }
+    }
+
+    /**
+     * Check for Magisk-related files
+     */
+    private fun checkMagiskFiles(): Boolean {
+        val magiskPaths = listOf(
+            "/sbin/.magisk",
+            "/sbin/.core/mirror",
+            "/sbin/.core/img",
+            "/sbin/.core/db-0/magisk.db",
+            "/cache/magisk.log",
+            "/dev/com.topjohnwu.magisk",
+            "/data/adb/magisk",
+            "/data/adb/magisk.img",
+            "/data/adb/magisk.db",
+            "/data/adb/magisk_simple",
+            "/system/addon.d/99-magisk.sh"
+        )
+
+        return magiskPaths.any { File(it).exists() }
+    }
+
+    /**
+     * Check for Magisk modules
+     */
+    private fun checkMagiskModules(): Boolean {
+        val magiskModuleDir = "/data/adb/modules"
+        val moduleDir = File(magiskModuleDir)
+
+        if (moduleDir.exists() && moduleDir.isDirectory) {
+            // Check if any modules are enabled
+            val modules = moduleDir.listFiles()
+            return modules?.isNotEmpty() == true
+        }
+
+        return false
+    }
+
+    /**
+     * Check if package is installed
+     */
+    private fun isPackageInstalled(packageName: String): Boolean {
+        return try {
+            context.packageManager.getPackageInfo(packageName, 0)
+            true
+        } catch (e: PackageManager.NameNotFoundException) {
+            false
+        }
+    }
+}

package/android/src/main/java/vn/osp/security/NativeSecurityCheck.kt

@@ -0,0 +1,66 @@
+package vn.osp.security
+
+/**
+ * Native (JNI) security checks
+ * This class provides native methods that are harder to bypass with JavaScript hooks
+ */
+object NativeSecurityCheck {
+
+    init {
+        try {
+            System.loadLibrary("device-security")
+        } catch (e: UnsatisfiedLinkError) {
+            // Native library not loaded, fallback to Java/Kotlin checks
+        }
+    }
+
+    /**
+     * Native root detection
+     * Uses C++ code to check for root indicators that are harder to bypass
+     * @return true if device is rooted
+     */
+    external fun isRooted(): Boolean
+
+    /**
+     * Native check for dangerous binaries
+     * @return true if dangerous binaries found
+     */
+    external fun hasDangerousBinaries(): Boolean
+
+    /**
+     * Native check for system properties
+     * @return true if suspicious system properties found
+     */
+    external fun hasSuspiciousSystemProperties(): Boolean
+
+    /**
+     * Native check for hook frameworks
+     * @return true if hooking framework detected
+     */
+    external fun hasHookFramework(): Boolean
+
+    /**
+     * Native check for debugger
+     * @return true if debugger detected
+     */
+    external fun isDebuggerAttached(): Boolean
+
+    /**
+     * Get native security status as JSON string
+     * @return JSON string with security status
+     */
+    external fun getSecurityStatus(): String
+
+    /**
+     * Check if native library is loaded
+     */
+    fun isNativeLibraryLoaded(): Boolean {
+        return try {
+            // Try to call a native method
+            isRooted()
+            true
+        } catch (e: UnsatisfiedLinkError) {
+            false
+        }
+    }
+}

package/android/src/main/java/vn/osp/security/RootDetection.kt

@@ -0,0 +1,349 @@
+package vn.osp.security
+
+import android.content.Context
+import android.content.pm.PackageManager
+import android.os.Build
+import com.scottyab.rootbeer.RootBeer
+import java.io.BufferedReader
+import java.io.File
+import java.io.InputStreamReader
+
+/**
+ * Multi-layer root detection using various techniques
+ */
+class RootDetection(private val context: Context) {
+
+    data class RootDetectionResult(
+        val isRooted: Boolean,
+        val hasRootBeerDetected: Boolean,
+        val hasNativeRootDetected: Boolean,
+        val hasDangerousBins: Boolean,
+        val hasRootApps: Boolean,
+        val hasSystemPropsModified: Boolean,
+        val details: Map<String, Boolean>
+    )
+
+    /**
+     * Perform comprehensive root detection
+     */
+    fun performDetection(): RootDetectionResult {
+        val rootBeer = RootBeer(context)
+        val hasRootBeerDetected = rootBeer.isRooted
+
+        // Native detection (JNI)
+        val hasNativeRootDetected = NativeSecurityCheck.isRooted()
+
+        // Check for dangerous binaries
+        val hasDangerousBins = checkDangerousBinaries()
+
+        // Check for root management apps
+        val hasRootApps = checkRootApps()
+
+        // Check system properties
+        val hasSystemPropsModified = checkSystemProperties()
+
+        val details = mapOf(
+            "root_beer" to hasRootBeerDetected,
+            "native_detection" to hasNativeRootDetected,
+            "dangerous_bins" to hasDangerousBins,
+            "root_apps" to hasRootApps,
+            "system_props" to hasSystemPropsModified,
+            "su_binary" to checkForSuBinary(),
+            "busybox_binary" to checkForBusybox(),
+            "rw_system" to checkSystemRemounted(),
+            "dangerous_props" to checkDangerousSystemProperties()
+        )
+
+        val isRooted = hasRootBeerDetected ||
+                hasNativeRootDetected ||
+                hasDangerousBins ||
+                hasRootApps ||
+                hasSystemPropsModified
+
+        return RootDetectionResult(
+            isRooted = isRooted,
+            hasRootBeerDetected = hasRootBeerDetected,
+            hasNativeRootDetected = hasNativeRootDetected,
+            hasDangerousBins = hasDangerousBins,
+            hasRootApps = hasRootApps,
+            hasSystemPropsModified = hasSystemPropsModified,
+            details = details
+        )
+    }
+
+    /**
+     * Check for dangerous binaries commonly found on rooted devices
+     */
+    private fun checkDangerousBinaries(): Boolean {
+        val dangerousBins = listOf(
+            "su",
+            "busybox",
+            "magisk",
+            "supolicy",
+            "supol",
+            "daemonsu",
+            "ksu", // KernelSU
+            "apd"  // Apex (another root solution)
+        )
+
+        val paths = listOf(
+            "/system/app/Superuser.apk",
+            "/sbin/su",
+            "/system/bin/su",
+            "/system/xbin/su",
+            "/data/local/xbin/su",
+            "/data/local/bin/su",
+            "/system/sd/xbin/su",
+            "/system/bin/failsafe/su",
+            "/data/local/su",
+            "/su/bin/su",
+            "/magisk/.core/bin/su",
+            "/system/usr/we-need-root/su",
+            "/system/app/SuperSU",
+            "/system/app/SuperSU.apk",
+            "/system/app/Superuser",
+            "/system/app/Superuser.apk",
+            "/data/data/com.noshufou.android.su",
+            "/data/data/com.thirdparty.superuser",
+            "/data/data/eu.chainfire.supersu",
+            "/system/xbin/busybox",
+            "/system/bin/busybox",
+            "/data/data/com.topjohnwu.magisk",
+            "/cache/magisk.log",
+            "/dev/com.topjohnwu.magisk",
+            "/system/app/MagiskManager"
+        )
+
+        // Check for dangerous binaries in PATH
+        val pathEnv = System.getenv("PATH") ?: ""
+        val pathDirs = pathEnv.split(":")
+
+        for (bin in dangerousBins) {
+            // Check in common locations
+            for (path in paths) {
+                if (File(path).exists()) {
+                    return true
+                }
+            }
+
+            // Check in PATH directories
+            for (dir in pathDirs) {
+                if (File(dir, bin).exists()) {
+                    return true
+                }
+            }
+        }
+
+        return false
+    }
+
+    /**
+     * Check for su binary specifically
+     */
+    private fun checkForSuBinary(): Boolean {
+        val suPaths = listOf(
+            "/system/bin/su",
+            "/system/xbin/su",
+            "/sbin/su",
+            "/data/local/xbin/su",
+            "/data/local/bin/su",
+            "/system/sd/xbin/su",
+            "/system/bin/failsafe/su",
+            "/data/local/su",
+            "/su/bin/su",
+            "/magisk/.core/bin/su"
+        )
+
+        return suPaths.any { File(it).exists() && File(it).canExecute() }
+    }
+
+    /**
+     * Check for busybox binary
+     */
+    private fun checkForBusybox(): Boolean {
+        val busyboxPaths = listOf(
+            "/system/xbin/busybox",
+            "/system/bin/busybox",
+            "/sbin/busybox",
+            "/data/local/xbin/busybox",
+            "/data/local/bin/busybox"
+        )
+
+        return busyboxPaths.any { File(it).exists() }
+    }
+
+    /**
+     * Check for root management apps
+     */
+    private fun checkRootApps(): Boolean {
+        val rootApps = listOf(
+            "com.noshufou.android.su",
+            "com.thirdparty.superuser",
+            "eu.chainfire.supersu",
+            "com.koushikdutta.superuser",
+            "com.topjohnwu.magisk",
+            "com.topjohnwu.magisk.ui",
+            "com.kingroot.kinguser",
+            "com.kingo.root",
+            "com.smedialink.oneclickroot",
+            "com.zhiqupk.root",
+            "com.alephzain.framaroot",
+            "com.ramdroid.appquarantine",
+            "com.ramdroid.appquarantinepro",
+            "com.devadvance.rootcloak",
+            "com.devadvance.rootcloakplus",
+            "de.robv.android.xposed.installer",
+            "com.saurik.substrate",
+            "com.zachspong.temprootremovejb",
+            "com.amphoras.hidemyroot",
+            "com.amphoras.hidemyrootadfree",
+            "com.formyhm.hiderootPremium",
+            "com.formyhm.hideroot",
+            "me.phh.superuser",
+            "eu.chainfire.firefdsuid",
+            "com.koushikdutta.rommanager",
+            "com.koushikdutta.rommanager.license",
+            "com.dimonvideo.luckypatcher",
+            "com.chelpus.luckypatcher",
+            "com.android.vending.billing.InAppBillingService.COIN",
+            "com.android.vending.billing.InAppBillingService.LUCK",
+            "com.topjohnwu.magisk.ua"
+        )
+
+        return rootApps.any { isPackageInstalled(it) }
+    }
+
+    /**
+     * Check if package is installed
+     */
+    private fun isPackageInstalled(packageName: String): Boolean {
+        return try {
+            context.packageManager.getPackageInfo(packageName, 0)
+            true
+        } catch (e: PackageManager.NameNotFoundException) {
+            false
+        }
+    }
+
+    /**
+     * Check system properties for root indicators
+     */
+    private fun checkSystemProperties(): Boolean {
+        return checkDangerousSystemProperties() ||
+                checkSystemRemounted() ||
+                checkForDangerousBuildProps()
+    }
+
+    /**
+     * Check for dangerous system properties
+     */
+    private fun checkDangerousSystemProperties(): Boolean {
+        val dangerousProps = listOf(
+            "ro.debuggable",
+            "ro.secure",
+            "service.adb.root",
+            "ro.build.selinux"
+        )
+
+        for (prop in dangerousProps) {
+            val value = getSystemProperty(prop)
+            when (prop) {
+                "ro.debuggable" -> {
+                    // 1 means debuggable (should be 0 on production)
+                    if (value == "1") return true
+                }
+                "ro.secure" -> {
+                    // 0 means insecure (should be 1 on production)
+                    if (value == "0") return true
+                }
+                "service.adb.root" -> {
+                    // 1 means adb root is enabled
+                    if (value == "1") return true
+                }
+            }
+        }
+
+        return false
+    }
+
+    /**
+     * Check if system is remounted as RW (indicates root)
+     */
+    private fun checkSystemRemounted(): Boolean {
+        val systemMounts = listOf(
+            "/system",
+            "/vendor",
+            "/product",
+            "/system_ext"
+        )
+
+        // Read mount info
+        try {
+            val bufferedReader = BufferedReader(InputStreamReader(
+                File("/proc/mounts").inputStream()
+            ))
+
+            bufferedReader.use { reader ->
+                var line: String?
+                while (reader.readLine().also { line = it } != null) {
+                    for (mount in systemMounts) {
+                        if (line?.contains(mount) == true) {
+                            // Check if mounted RW (read-write)
+                            if (line?.contains("rw,") == true ||
+                                line?.contains(" rw ") == true) {
+                                return true
+                            }
+                        }
+                    }
+                }
+            }
+        } catch (e: Exception) {
+            // Ignore errors
+        }
+
+        return false
+    }
+
+    /**
+     * Check for dangerous build.prop modifications
+     */
+    private fun checkForDangerousBuildProps(): Boolean {
+        try {
+            val buildProps = listOf(
+                "/system/build.prop",
+                "/vendor/build.prop",
+                "/product/build.prop",
+                "/system_ext/build.prop"
+            )
+
+            for (propFile in buildProps) {
+                val file = File(propFile)
+                if (file.exists()) {
+                    // Check if file is writable (should not be on production)
+                    if (file.canWrite()) {
+                        return true
+                    }
+                }
+            }
+        } catch (e: Exception) {
+            // Ignore errors
+        }
+
+        return false
+    }
+
+    /**
+     * Get system property value
+     */
+    private fun getSystemProperty(prop: String): String? {
+        return try {
+            val process = Runtime.getRuntime().exec("getprop $prop")
+            val reader = BufferedReader(InputStreamReader(process.inputStream))
+            val value = reader.readLine()
+            reader.close()
+            value
+        } catch (e: Exception) {
+            null
+        }
+    }
+}

package/lib/commonjs/NativeDeviceSecurity.js

@@ -0,0 +1,9 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+var _reactNative = require("react-native");
+var _default = exports.default = _reactNative.TurboModuleRegistry.getEnforcing('DeviceSecurity');
+//# sourceMappingURL=NativeDeviceSecurity.js.map

package/lib/commonjs/NativeDeviceSecurity.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_reactNative","require","_default","exports","default","TurboModuleRegistry","getEnforcing"],"sourceRoot":"../../src","sources":["NativeDeviceSecurity.ts"],"mappings":";;;;;;AACA,IAAAA,YAAA,GAAAC,OAAA;AAAmD,IAAAC,QAAA,GAAAC,OAAA,CAAAC,OAAA,GA+BpCC,gCAAmB,CAACC,YAAY,CAAO,gBAAgB,CAAC","ignoreList":[]}