Introduction
RootBeer is a simple library that allows developers to detect rooted/tampered Android systems. Unfortunately, some app developers use it to prevent execution of their apps on rooted systems. There are also reports of false positives. Fortunately, it is quite easy to bypass the checks. Let's see how.
Requirements
- Apktool: this tool will decompile & recompile the app's apk file.
- Jadx: we'll use this program to convert smali code into Java classes (not strictly needed).
- Uber apk signer: we'll need it to sign the modified apk, otherwise installing it will result in an error.
Now, the fun part
Grab the apk file of app you want to hack. As an example, I'll use CieID.
Unpack it with apktool:
apktool d foo.apk
Enter the newly created folder called foo and then navigate to smali/com/scottyab/rootbeer. You should find a file called b.smali. Here you can find its content for my example case: b.smali, so you can compare it with the content of the files you see, in the case where the file names are not the same. Look for a similar one. Scroll down to the last method: can you see some lines that look quite similar to this one?
invoke-virtual {p0}, Lcom/scottyab/rootbeer/b;->j()ZThose are the invocations of all the different root/tampering detection methods. If you look at the Java code in Jadx, you'll notice that a logical OR operation is performed, using the return value of all these methods as the operands. If at least one of the methods returns true, the system is labelled as tampered. We need to force the result of the logical OR to false. Good news: it's really easy! Just open up the smali file with any editor, scroll down to the last bunch of lines, and you'll find one that looks like this:
const/4 v0, 0x1
Just replace that 1 with a 0, then save and exit.
Recompile the new apk file using apktool:
apktool b foo/
You'll find the new apk in foo/dist/.
Sign it with Uber and install it on your phone. It should now work, and the phone won't be detected as rooted anymore :)
