Leading open source version of android device fingerprint, accurate deviceID and risk identification.
Home Page: https://trustdecision.com/solutions/trustdevice
License: MIT License
If a device is accessed by the root, and the magisk module is enabled, can this library recognize it?
magisk error detect,phone not has magisk,but detected install magisk。environment:
phone:vivo U1
model:V1818A
android:8.1.0
vivo room:Funtouch OS_9
software version:PD1818G_A_5.10.32
kernel version:4.9.82-perf+
trustddevice-android branch is master,commit sha : 1cb8f52
use 360 apk reinforcement ,jni hook and debug detect call fail,throw error UnsatisfiedLinkError。environment:
phone:vivo U1
model:V1818A
android:8.1.0
vivo room:Funtouch OS_9
software version:PD1818G_A_5.10.32
kernel version:4.9.82-perf+
trustddevice-android branch is master,commit sha : 1cb8f52
Missing x86_64 libtrustdevice.so#00 pc 000000000005c2dc /data/app/com.nmode.xkd-ehhwNHla45iB0JGwa--ZJQ==/lib/arm64/libtrustdevice.so (detect_frida+164) [arm64-v8a::56394d31f69e9cdbd8e55bd47209db2c] #01 pc 000000000005c578 /data/app/com.nmode.xkd-ehhwNHla45iB0JGwa--ZJQ==/lib/arm64/libtrustdevice.so (detect_hook+112) [arm64-v8a::56394d31f69e9cdbd8e55bd47209db2c] #02 pc 000000000013f350 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) [arm64-v8a::7f0343966300a562c818602b037570a9] #03 pc 0000000000136334 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) [arm64-v8a::7f0343966300a562c818602b037570a9] #04 pc 0000000000145060 /apex/com.android.runtime/lib64/libart.so (_ZN3art9ArtMethod6InvokeEPNS_6ThreadEPjjPNS_6JValueEPKc+244) [arm64-v8a::7f0343966300a562c818602b037570a9] #05 pc 00000000002ddb94 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreter34ArtInterpreterToCompiledCodeBridgeEPNS_6ThreadEPNS_9ArtMethodEPNS_11ShadowFrameEtPNS_6JValueE+384) [arm64-v8a::7f0343966300a562c818602b037570a9] #06 pc 00000000002d88f4 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+900) [arm64-v8a::7f0343966300a562c818602b037570a9] #07 pc 000000000058f0a4 /apex/com.android.runtime/lib64/libart.so (MterpInvokeVirtual+836) [arm64-v8a::7f0343966300a562c818602b037570a9] #08 pc 0000000000130814 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_virtual+20) [arm64-v8a::7f0343966300a562c818602b037570a9] #09 pc 00000000000ce53a /apex/com.android.runtime/lib64/libart.so [arm64-v8a::7f0343966300a562c818602b037570a9] java: cn.tongdun.mobrisk.core.collectors.HookCollector$detectHook$1.invoke(HookCollector.kt:16) cn.tongdun.mobrisk.core.collectors.HookCollector$detectHook$1.invoke(HookCollector.kt:16) cn.tongdun.mobrisk.core.tools.ExceptionSafeExecutorKt.executeSafe(ExceptionSafeExecutor.kt:12) cn.tongdun.mobrisk.core.collectors.HookCollector.detectHook(HookCollector.kt:16) cn.tongdun.mobrisk.core.FMCore.collectorHook(FMCore.kt:109) cn.tongdun.mobrisk.core.FMCore.init$lambda$0(FMCore.kt:63) cn.tongdun.mobrisk.core.FMCore.$r8$lambda$VnrMmRkJNi23SFacqZx5JxQSUjM(Unknown Source:0) cn.tongdun.mobrisk.core.FMCore$$ExternalSyntheticLambda0.run(Unknown Source:2) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) java.lang.Thread.run(Thread.java:919)
I am working on banking app where App Security Testing Team have raised issue that they are able to bypass the SSL
Actually, they are using Rooted Device and combination of Frida, Magisk, Magisk Hide, Zygisk, Deny List using which RootBeer Library unable to detect the root so using this library will we be able to detect all this and can prevent our app ?
Thanks in Advance!
This is a ltitle unrelated, but I still wanted to ask you if you know of any ways to mask the info picked up by the app? There are several IDs and sensors that can be used along with the list of apps installed to fingerprint the device. I'm wondering whether there's a safe way to spoof this data without breaking any apps.
Fatal Exception: android.os.DeadSystemRuntimeException: android.os.DeadSystemException
at android.app.ApplicationPackageManager.getInstalledPackagesAsUser(ApplicationPackageManager.java:1274)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1251)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1245)
at c.b.(AppListCollector.kt:7)
at b.a.m(FMCore.kt:1)
at b.a.b(FMCore.kt:17)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
Caused by android.os.DeadSystemException:
at android.app.ApplicationPackageManager.getInstalledPackagesAsUser(ApplicationPackageManager.java:1274)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1251)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1245)
at c.b.(AppListCollector.kt:7)
at b.a.m(FMCore.kt:1)
at b.a.b(FMCore.kt:17)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
pool-13-thread-1:
at jdk.internal.misc.Unsafe.park(Unsafe.java)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:341)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionNode.block(AbstractQueuedSynchronizer.java:506)
at java.util.concurrent.ForkJoinPool.unmanagedBlock(ForkJoinPool.java:3466)
at java.util.concurrent.ForkJoinPool.managedBlock(ForkJoinPool.java:3437)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:1623)
at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1176)
at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:905)
at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1071)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1131)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
Please take care to adjust versionName and increase versionCode when preparing releases: the APK at the latest release (1.0.1) still identifies as 1.0.0+1 (as build.gradle tells it). The former is for the "human eye", the latter is used by Android internal to tell versions apart and notify about updates when a higher number was seen. Thanks!
Looks like with the last release, the versionCode was not incremented:
Binary files /web/ftp/repo/fdroid/repo/com.trustdevice.android_7.apk and /web/ftp/repo/fdroid/repo/com.trustdevice.android_1.0.7.apk differ
! repo/com.trustdevice.android_7.apk declares sensitive permission(s): android.permission.QUERY_ALL_PACKAGES
! repo/com.trustdevice.android_7.apk contains signature block blobs: 0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)
Looking at the screenshots, I was able to deduce QUERY_ALL_PACKAGES (for the list of installed apps), so that warning can already be ignored. As for DEPENDENCY_INFO_BLOCK, this can easily be avoided with a small modification to your build.gradle:
android {
dependenciesInfo {
// Disables dependency metadata when building APKs.
includeInApk = false
// Disables dependency metadata when building Android App Bundles.
includeInBundle = false
}
}For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains. More details can be found e.g. here: Ramping up security: additional APK checks are in place with the IzzyOnDroid repo.
Thanks in advance!
The project is interestring!!!
1.0.3
vivo y73s Android 10
https://source.android.google.cn/docs/core/tests/debug/native-crash?hl=zh-cn#xom
1.0.4 fixed
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.