haidv35/bypass.js

## bypass.js
const commonPaths = [
  "/data/local/bin/su",
  "/data/local/su",
  "/data/local/xbin/su",
  "/dev/com.koushikdutta.superuser.daemon/",
  "/sbin/su",
  "/system/app/Superuser.apk",
  "/system/bin/failsafe/su",
  "/system/bin/su",
  "/su/bin/su",
  "/system/etc/init.d/99SuperSUDaemon",
  "/system/sd/xbin/su",
  "/system/xbin/busybox",
  "/system/xbin/daemonsu",
  "/system/xbin/su",
  "/system/sbin/su",
  "/vendor/bin/su",
  "/cache/su",
  "/data/su",
  "/dev/su",
  "/system/bin/.ext/su",
  "/system/usr/we-need-root/su",
  "/system/app/Kinguser.apk",
  "/data/adb/magisk",
  "/sbin/.magisk",
  "/cache/.disable_magisk",
  "/dev/.magisk.unblock",
  "/cache/magisk.log",
  "/data/adb/magisk.img",
  "/data/adb/magisk.db",
  "/data/adb/magisk_simple",
  "/init.magisk.rc",
  "/system/xbin/ku.sud",
  "/data/adb/ksu",
  "/data/adb/ksud",
];

const ROOTmanagementApp = [
  "com.noshufou.android.su",
  "com.noshufou.android.su.elite",
  "eu.chainfire.supersu",
  "com.koushikdutta.superuser",
  "com.thirdparty.superuser",
  "com.yellowes.su",
  "com.koushikdutta.rommanager",
  "com.koushikdutta.rommanager.license",
  "com.dimonvideo.luckypatcher",
  "com.chelpus.lackypatch",
  "com.ramdroid.appquarantine",
  "com.ramdroid.appquarantinepro",
  "com.topjohnwu.magisk",
  "me.weishu.kernelsu",
];

/**
 * Bypass Root Detection
 * @param {any} function(
 * @returns {any}
 */
setTimeout(function () {
Java.perform(function () {
  var RootPackages = [
    "com.noshufou.android.su",
    "com.noshufou.android.su.elite",
    "eu.chainfire.supersu",
    "com.koushikdutta.superuser",
    "com.thirdparty.superuser",
    "com.yellowes.su",
    "com.koushikdutta.rommanager",
    "com.koushikdutta.rommanager.license",
    "com.dimonvideo.luckypatcher",
    "com.chelpus.lackypatch",
    "com.ramdroid.appquarantine",
    "com.ramdroid.appquarantinepro",
    "com.devadvance.rootcloak",
    "com.devadvance.rootcloakplus",
    "de.robv.android.xposed.installer",
    "com.saurik.substrate",
    "com.zachspong.temprootremovejb",
    "com.amphoras.hidemyroot",
    "com.amphoras.hidemyrootadfree",
    "com.formyhm.hiderootPremium",
    "com.formyhm.hideroot",
    "me.phh.superuser",
    "eu.chainfire.supersu.pro",
    "com.kingouser.com",
    "com.topjohnwu.magisk",
  ];

  var RootBinaries = [
    "su",
    "busybox",
    "supersu",
    "Superuser.apk",
    "KingoUser.apk",
    "SuperSu.apk",
    "magisk",
  ];

  var RootProperties = {
    "ro.build.selinux": "1",
    "ro.debuggable": "0",
    "service.adb.root": "0",
    "ro.secure": "1",
  };

  var RootPropertiesKeys = [];

  for (var k in RootProperties) RootPropertiesKeys.push(k);

  var PackageManager = Java.use("android.app.ApplicationPackageManager");

  var Runtime = Java.use("java.lang.Runtime");

  var NativeFile = Java.use("java.io.File");

  var String = Java.use("java.lang.String");

  var SystemProperties = Java.use("android.os.SystemProperties");

  var BufferedReader = Java.use("java.io.BufferedReader");

  var ProcessBuilder = Java.use("java.lang.ProcessBuilder");

  var StringBuffer = Java.use("java.lang.StringBuffer");

  var loaded_classes = Java.enumerateLoadedClassesSync();

  send("Loaded " + loaded_classes.length + " classes!");

  var useKeyInfo = false;

  var useProcessManager = false;

  send("loaded: " + loaded_classes.indexOf("java.lang.ProcessManager"));

  if (loaded_classes.indexOf("java.lang.ProcessManager") != -1) {
    try {
    } catch (err) {
      send("ProcessManager Hook failed: " + err);
    }
  } else {
    send("ProcessManager hook not loaded");
  }

  var KeyInfo = null;

  if (loaded_classes.indexOf("android.security.keystore.KeyInfo") != -1) {
    try {
      //useKeyInfo = true;
      //var KeyInfo = Java.use('android.security.keystore.KeyInfo');
    } catch (err) {
      send("KeyInfo Hook failed: " + err);
    }
  } else {
    send("KeyInfo hook not loaded");
  }

  PackageManager.getPackageInfo.overload(
    "java.lang.String",
    "int"
  ).implementation = function (pname, flags) {
    var shouldFakePackage = RootPackages.indexOf(pname) > -1;
    if (shouldFakePackage) {
      send("Bypass root check for package: " + pname);
      pname = "set.package.name.to.a.fake.one.so.we.can.bypass.it";
    }
    return this.getPackageInfo
      .overload("java.lang.String", "int")
      .call(this, pname, flags);
  };

  NativeFile.exists.implementation = function () {
    var name = NativeFile.getName.call(this);
    var shouldFakeReturn = RootBinaries.indexOf(name) > -1;
    if (shouldFakeReturn) {
      send("Bypass return value for binary: " + name);
      return false;
    } else {
      return this.exists.call(this);
    }
  };

  var exec = Runtime.exec.overload("[Ljava.lang.String;");
  var exec1 = Runtime.exec.overload("java.lang.String");
  var exec2 = Runtime.exec.overload("java.lang.String", "[Ljava.lang.String;");
  var exec3 = Runtime.exec.overload(
    "[Ljava.lang.String;",
    "[Ljava.lang.String;"
  );
  var exec4 = Runtime.exec.overload(
    "[Ljava.lang.String;",
    "[Ljava.lang.String;",
    "java.io.File"
  );
  var exec5 = Runtime.exec.overload(
    "java.lang.String",
    "[Ljava.lang.String;",
    "java.io.File"
  );

  exec5.implementation = function (cmd, env, dir) {
    if (
      cmd.indexOf("getprop") != -1 ||
      cmd == "mount" ||
      cmd.indexOf("build.prop") != -1 ||
      cmd == "id" ||
      cmd == "sh"
    ) {
      var fakeCmd = "grep";
      send("Bypass " + cmd + " command");
      return exec1.call(this, fakeCmd);
    }
    if (cmd == "su") {
      var fakeCmd =
        "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
      send("Bypass " + cmd + " command");
      return exec1.call(this, fakeCmd);
    }
    return exec5.call(this, cmd, env, dir);
  };

  exec4.implementation = function (cmdarr, env, file) {
    for (var i = 0; i < cmdarr.length; i = i + 1) {
      var tmp_cmd = cmdarr[i];
      if (
        tmp_cmd.indexOf("getprop") != -1 ||
        tmp_cmd == "mount" ||
        tmp_cmd.indexOf("build.prop") != -1 ||
        tmp_cmd == "id" ||
        tmp_cmd == "sh"
      ) {
        var fakeCmd = "grep";
        send("Bypass " + cmdarr + " command");
        return exec1.call(this, fakeCmd);
      }

      if (tmp_cmd == "su") {
        var fakeCmd =
          "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
        send("Bypass " + cmdarr + " command");
        return exec1.call(this, fakeCmd);
      }
    }
    return exec4.call(this, cmdarr, env, file);
  };

  exec3.implementation = function (cmdarr, envp) {
    for (var i = 0; i < cmdarr.length; i = i + 1) {
      var tmp_cmd = cmdarr[i];
      if (
        tmp_cmd.indexOf("getprop") != -1 ||
        tmp_cmd == "mount" ||
        tmp_cmd.indexOf("build.prop") != -1 ||
        tmp_cmd == "id" ||
        tmp_cmd == "sh"
      ) {
        var fakeCmd = "grep";
        send("Bypass " + cmdarr + " command");
        return exec1.call(this, fakeCmd);
      }

      if (tmp_cmd == "su") {
        var fakeCmd =
          "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
        send("Bypass " + cmdarr + " command");
        return exec1.call(this, fakeCmd);
      }
    }
    return exec3.call(this, cmdarr, envp);
  };

  exec2.implementation = function (cmd, env) {
    if (
      cmd.indexOf("getprop") != -1 ||
      cmd == "mount" ||
      cmd.indexOf("build.prop") != -1 ||
      cmd == "id" ||
      cmd == "sh"
    ) {
      var fakeCmd = "grep";
      send("Bypass " + cmd + " command");
      return exec1.call(this, fakeCmd);
    }
    if (cmd == "su") {
      var fakeCmd =
        "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
      send("Bypass " + cmd + " command");
      return exec1.call(this, fakeCmd);
    }
    return exec2.call(this, cmd, env);
  };

  exec.implementation = function (cmd) {
    for (var i = 0; i < cmd.length; i = i + 1) {
      var tmp_cmd = cmd[i];
      if (
        tmp_cmd.indexOf("getprop") != -1 ||
        tmp_cmd == "mount" ||
        tmp_cmd.indexOf("build.prop") != -1 ||
        tmp_cmd == "id" ||
        tmp_cmd == "sh"
      ) {
        var fakeCmd = "grep";
        send("Bypass " + cmd + " command");
        return exec1.call(this, fakeCmd);
      }

      if (tmp_cmd == "su") {
        var fakeCmd =
          "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
        send("Bypass " + cmd + " command");
        return exec1.call(this, fakeCmd);
      }
    }

    return exec.call(this, cmd);
  };

  exec1.implementation = function (cmd) {
    if (
      cmd.indexOf("getprop") != -1 ||
      cmd == "mount" ||
      cmd.indexOf("build.prop") != -1 ||
      cmd == "id" ||
      cmd == "sh"
    ) {
      var fakeCmd = "grep";
      send("Bypass " + cmd + " command");
      return exec1.call(this, fakeCmd);
    }
    if (cmd == "su") {
      var fakeCmd =
        "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
      send("Bypass " + cmd + " command");
      return exec1.call(this, fakeCmd);
    }
    return exec1.call(this, cmd);
  };

  String.contains.implementation = function (name) {
    if (name == "test-keys") {
      send("Bypass test-keys check");
      return false;
    }
    return this.contains.call(this, name);
  };

  var get = SystemProperties.get.overload("java.lang.String");

  get.implementation = function (name) {
    if (RootPropertiesKeys.indexOf(name) != -1) {
      send("Bypass " + name);
      return RootProperties[name];
    }
    return this.get.call(this, name);
  };

  Interceptor.attach(Module.findExportByName("libc.so", "fopen"), {
    onEnter: function (args) {
      var path = Memory.readCString(args[0]);
      path = path.split("/");
      var executable = path[path.length - 1];
      var shouldFakeReturn = RootBinaries.indexOf(executable) > -1;
      if (shouldFakeReturn) {
        Memory.writeUtf8String(args[0], "/notexists");
        send("Bypass native fopen");
      }
    },
    onLeave: function (retval) {},
  });

  Interceptor.attach(Module.findExportByName("libc.so", "system"), {
    onEnter: function (args) {
      var cmd = Memory.readCString(args[0]);
      send("SYSTEM CMD: " + cmd);
      if (
        cmd.indexOf("getprop") != -1 ||
        cmd == "mount" ||
        cmd.indexOf("build.prop") != -1 ||
        cmd == "id"
      ) {
        send("Bypass native system: " + cmd);
        Memory.writeUtf8String(args[0], "grep");
      }
      if (cmd == "su") {
        send("Bypass native system: " + cmd);
        Memory.writeUtf8String(
          args[0],
          "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled"
        );
      }
    },
    onLeave: function (retval) {},
  });


  BufferedReader.readLine.overload("boolean").implementation = function () {
    var text = this.readLine.overload("boolean").call(this);
    if (text === null) {
      // just pass , i know it's ugly as hell but test != null won't work :(
    } else {
      var shouldFakeRead = text.indexOf("ro.build.tags=test-keys") > -1;
      if (shouldFakeRead) {
        send("Bypass build.prop file read");
        text = text.replace(
          "ro.build.tags=test-keys",
          "ro.build.tags=release-keys"
        );
      }
    }
    return text;
  };

  var executeCommand = ProcessBuilder.command.overload("java.util.List");

  ProcessBuilder.start.implementation = function () {
    var cmd = this.command.call(this);
    var shouldModifyCommand = false;
    for (var i = 0; i < cmd.size(); i = i + 1) {
      var tmp_cmd = cmd.get(i).toString();
      if (
        tmp_cmd.indexOf("getprop") != -1 ||
        tmp_cmd.indexOf("mount") != -1 ||
        tmp_cmd.indexOf("build.prop") != -1 ||
        tmp_cmd.indexOf("id") != -1
      ) {
        shouldModifyCommand = true;
      }
    }
    if (shouldModifyCommand) {
      send("Bypass ProcessBuilder " + cmd);
      this.command.call(this, ["grep"]);
      return this.start.call(this);
    }
    if (cmd.indexOf("su") != -1) {
      send("Bypass ProcessBuilder " + cmd);
      this.command.call(this, [
        "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled",
      ]);
      return this.start.call(this);
    }

    return this.start.call(this);
  };

  if (useProcessManager) {
    var ProcManExec = ProcessManager.exec.overload(
      "[Ljava.lang.String;",
      "[Ljava.lang.String;",
      "java.io.File",
      "boolean"
    );
    var ProcManExecVariant = ProcessManager.exec.overload(
      "[Ljava.lang.String;",
      "[Ljava.lang.String;",
      "java.lang.String",
      "java.io.FileDescriptor",
      "java.io.FileDescriptor",
      "java.io.FileDescriptor",
      "boolean"
    );

    ProcManExec.implementation = function (cmd, env, workdir, redirectstderr) {
      var fake_cmd = cmd;
      for (var i = 0; i < cmd.length; i = i + 1) {
        var tmp_cmd = cmd[i];
        if (
          tmp_cmd.indexOf("getprop") != -1 ||
          tmp_cmd == "mount" ||
          tmp_cmd.indexOf("build.prop") != -1 ||
          tmp_cmd == "id"
        ) {
          var fake_cmd = ["grep"];
          send("Bypass " + cmdarr + " command");
        }

        if (tmp_cmd == "su") {
          var fake_cmd = [
            "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled",
          ];
          send("Bypass " + cmdarr + " command");
        }
      }
      return ProcManExec.call(this, fake_cmd, env, workdir, redirectstderr);
    };

    ProcManExecVariant.implementation = function (
      cmd,
      env,
      directory,
      stdin,
      stdout,
      stderr,
      redirect
    ) {
      var fake_cmd = cmd;
      for (var i = 0; i < cmd.length; i = i + 1) {
        var tmp_cmd = cmd[i];
        if (
          tmp_cmd.indexOf("getprop") != -1 ||
          tmp_cmd == "mount" ||
          tmp_cmd.indexOf("build.prop") != -1 ||
          tmp_cmd == "id"
        ) {
          var fake_cmd = ["grep"];
          send("Bypass " + cmdarr + " command");
        }

        if (tmp_cmd == "su") {
          var fake_cmd = [
            "justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled",
          ];
          send("Bypass " + cmdarr + " command");
        }
      }
      return ProcManExecVariant.call(
        this,
        fake_cmd,
        env,
        directory,
        stdin,
        stdout,
        stderr,
        redirect
      );
    };
  }

  if (useKeyInfo) {
    KeyInfo.isInsideSecureHardware.implementation = function () {
      send("Bypass isInsideSecureHardware");
      return true;
    };
  }
});
}, 0);
	const commonPaths = [
	"/data/local/bin/su",
	"/data/local/su",
	"/data/local/xbin/su",
	"/dev/com.koushikdutta.superuser.daemon/",
	"/sbin/su",
	"/system/app/Superuser.apk",
	"/system/bin/failsafe/su",
	"/system/bin/su",
	"/su/bin/su",
	"/system/etc/init.d/99SuperSUDaemon",
	"/system/sd/xbin/su",
	"/system/xbin/busybox",
	"/system/xbin/daemonsu",
	"/system/xbin/su",
	"/system/sbin/su",
	"/vendor/bin/su",
	"/cache/su",
	"/data/su",
	"/dev/su",
	"/system/bin/.ext/su",
	"/system/usr/we-need-root/su",
	"/system/app/Kinguser.apk",
	"/data/adb/magisk",
	"/sbin/.magisk",
	"/cache/.disable_magisk",
	"/dev/.magisk.unblock",
	"/cache/magisk.log",
	"/data/adb/magisk.img",
	"/data/adb/magisk.db",
	"/data/adb/magisk_simple",
	"/init.magisk.rc",
	"/system/xbin/ku.sud",
	"/data/adb/ksu",
	"/data/adb/ksud",
	];

	const ROOTmanagementApp = [
	"com.noshufou.android.su",
	"com.noshufou.android.su.elite",
	"eu.chainfire.supersu",
	"com.koushikdutta.superuser",
	"com.thirdparty.superuser",
	"com.yellowes.su",
	"com.koushikdutta.rommanager",
	"com.koushikdutta.rommanager.license",
	"com.dimonvideo.luckypatcher",
	"com.chelpus.lackypatch",
	"com.ramdroid.appquarantine",
	"com.ramdroid.appquarantinepro",
	"com.topjohnwu.magisk",
	"me.weishu.kernelsu",
	];

	/**
	* Bypass Root Detection
	* @param {any} function(
	* @returns {any}
	*/
	setTimeout(function () {
	Java.perform(function () {
	var RootPackages = [
	"com.noshufou.android.su",
	"com.noshufou.android.su.elite",
	"eu.chainfire.supersu",
	"com.koushikdutta.superuser",
	"com.thirdparty.superuser",
	"com.yellowes.su",
	"com.koushikdutta.rommanager",
	"com.koushikdutta.rommanager.license",
	"com.dimonvideo.luckypatcher",
	"com.chelpus.lackypatch",
	"com.ramdroid.appquarantine",
	"com.ramdroid.appquarantinepro",
	"com.devadvance.rootcloak",
	"com.devadvance.rootcloakplus",
	"de.robv.android.xposed.installer",
	"com.saurik.substrate",
	"com.zachspong.temprootremovejb",
	"com.amphoras.hidemyroot",
	"com.amphoras.hidemyrootadfree",
	"com.formyhm.hiderootPremium",
	"com.formyhm.hideroot",
	"me.phh.superuser",
	"eu.chainfire.supersu.pro",
	"com.kingouser.com",
	"com.topjohnwu.magisk",
	];

	var RootBinaries = [
	"su",
	"busybox",
	"supersu",
	"Superuser.apk",
	"KingoUser.apk",
	"SuperSu.apk",
	"magisk",
	];

	var RootProperties = {
	"ro.build.selinux": "1",
	"ro.debuggable": "0",
	"service.adb.root": "0",
	"ro.secure": "1",
	};

	var RootPropertiesKeys = [];

	for (var k in RootProperties) RootPropertiesKeys.push(k);

	var PackageManager = Java.use("android.app.ApplicationPackageManager");

	var Runtime = Java.use("java.lang.Runtime");

	var NativeFile = Java.use("java.io.File");

	var String = Java.use("java.lang.String");

	var SystemProperties = Java.use("android.os.SystemProperties");

	var BufferedReader = Java.use("java.io.BufferedReader");

	var ProcessBuilder = Java.use("java.lang.ProcessBuilder");

	var StringBuffer = Java.use("java.lang.StringBuffer");

	var loaded_classes = Java.enumerateLoadedClassesSync();

	send("Loaded " + loaded_classes.length + " classes!");

	var useKeyInfo = false;

	var useProcessManager = false;

	send("loaded: " + loaded_classes.indexOf("java.lang.ProcessManager"));

	if (loaded_classes.indexOf("java.lang.ProcessManager") != -1) {
	try {
	} catch (err) {
	send("ProcessManager Hook failed: " + err);
	}
	} else {
	send("ProcessManager hook not loaded");
	}

	var KeyInfo = null;

	if (loaded_classes.indexOf("android.security.keystore.KeyInfo") != -1) {
	try {
	//useKeyInfo = true;
	//var KeyInfo = Java.use('android.security.keystore.KeyInfo');
	} catch (err) {
	send("KeyInfo Hook failed: " + err);
	}
	} else {
	send("KeyInfo hook not loaded");
	}

	PackageManager.getPackageInfo.overload(
	"java.lang.String",
	"int"
	).implementation = function (pname, flags) {
	var shouldFakePackage = RootPackages.indexOf(pname) > -1;
	if (shouldFakePackage) {
	send("Bypass root check for package: " + pname);
	pname = "set.package.name.to.a.fake.one.so.we.can.bypass.it";
	}
	return this.getPackageInfo
	.overload("java.lang.String", "int")
	.call(this, pname, flags);
	};

	NativeFile.exists.implementation = function () {
	var name = NativeFile.getName.call(this);
	var shouldFakeReturn = RootBinaries.indexOf(name) > -1;
	if (shouldFakeReturn) {
	send("Bypass return value for binary: " + name);
	return false;
	} else {
	return this.exists.call(this);
	}
	};

	var exec = Runtime.exec.overload("[Ljava.lang.String;");
	var exec1 = Runtime.exec.overload("java.lang.String");
	var exec2 = Runtime.exec.overload("java.lang.String", "[Ljava.lang.String;");
	var exec3 = Runtime.exec.overload(
	"[Ljava.lang.String;",
	"[Ljava.lang.String;"
	);
	var exec4 = Runtime.exec.overload(
	"[Ljava.lang.String;",
	"[Ljava.lang.String;",
	"java.io.File"
	);
	var exec5 = Runtime.exec.overload(
	"java.lang.String",
	"[Ljava.lang.String;",
	"java.io.File"
	);

	exec5.implementation = function (cmd, env, dir) {
	if (
	cmd.indexOf("getprop") != -1 \|\|
	cmd == "mount" \|\|
	cmd.indexOf("build.prop") != -1 \|\|
	cmd == "id" \|\|
	cmd == "sh"
	) {
	var fakeCmd = "grep";
	send("Bypass " + cmd + " command");
	return exec1.call(this, fakeCmd);
	}
	if (cmd == "su") {
	var fakeCmd =
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
	send("Bypass " + cmd + " command");
	return exec1.call(this, fakeCmd);
	}
	return exec5.call(this, cmd, env, dir);
	};

	exec4.implementation = function (cmdarr, env, file) {
	for (var i = 0; i < cmdarr.length; i = i + 1) {
	var tmp_cmd = cmdarr[i];
	if (
	tmp_cmd.indexOf("getprop") != -1 \|\|
	tmp_cmd == "mount" \|\|
	tmp_cmd.indexOf("build.prop") != -1 \|\|
	tmp_cmd == "id" \|\|
	tmp_cmd == "sh"
	) {
	var fakeCmd = "grep";
	send("Bypass " + cmdarr + " command");
	return exec1.call(this, fakeCmd);
	}

	if (tmp_cmd == "su") {
	var fakeCmd =
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
	send("Bypass " + cmdarr + " command");
	return exec1.call(this, fakeCmd);
	}
	}
	return exec4.call(this, cmdarr, env, file);
	};

	exec3.implementation = function (cmdarr, envp) {
	for (var i = 0; i < cmdarr.length; i = i + 1) {
	var tmp_cmd = cmdarr[i];
	if (
	tmp_cmd.indexOf("getprop") != -1 \|\|
	tmp_cmd == "mount" \|\|
	tmp_cmd.indexOf("build.prop") != -1 \|\|
	tmp_cmd == "id" \|\|
	tmp_cmd == "sh"
	) {
	var fakeCmd = "grep";
	send("Bypass " + cmdarr + " command");
	return exec1.call(this, fakeCmd);
	}

	if (tmp_cmd == "su") {
	var fakeCmd =
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
	send("Bypass " + cmdarr + " command");
	return exec1.call(this, fakeCmd);
	}
	}
	return exec3.call(this, cmdarr, envp);
	};

	exec2.implementation = function (cmd, env) {
	if (
	cmd.indexOf("getprop") != -1 \|\|
	cmd == "mount" \|\|
	cmd.indexOf("build.prop") != -1 \|\|
	cmd == "id" \|\|
	cmd == "sh"
	) {
	var fakeCmd = "grep";
	send("Bypass " + cmd + " command");
	return exec1.call(this, fakeCmd);
	}
	if (cmd == "su") {
	var fakeCmd =
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
	send("Bypass " + cmd + " command");
	return exec1.call(this, fakeCmd);
	}
	return exec2.call(this, cmd, env);
	};

	exec.implementation = function (cmd) {
	for (var i = 0; i < cmd.length; i = i + 1) {
	var tmp_cmd = cmd[i];
	if (
	tmp_cmd.indexOf("getprop") != -1 \|\|
	tmp_cmd == "mount" \|\|
	tmp_cmd.indexOf("build.prop") != -1 \|\|
	tmp_cmd == "id" \|\|
	tmp_cmd == "sh"
	) {
	var fakeCmd = "grep";
	send("Bypass " + cmd + " command");
	return exec1.call(this, fakeCmd);
	}

	if (tmp_cmd == "su") {
	var fakeCmd =
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
	send("Bypass " + cmd + " command");
	return exec1.call(this, fakeCmd);
	}
	}

	return exec.call(this, cmd);
	};

	exec1.implementation = function (cmd) {
	if (
	cmd.indexOf("getprop") != -1 \|\|
	cmd == "mount" \|\|
	cmd.indexOf("build.prop") != -1 \|\|
	cmd == "id" \|\|
	cmd == "sh"
	) {
	var fakeCmd = "grep";
	send("Bypass " + cmd + " command");
	return exec1.call(this, fakeCmd);
	}
	if (cmd == "su") {
	var fakeCmd =
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled";
	send("Bypass " + cmd + " command");
	return exec1.call(this, fakeCmd);
	}
	return exec1.call(this, cmd);
	};

	String.contains.implementation = function (name) {
	if (name == "test-keys") {
	send("Bypass test-keys check");
	return false;
	}
	return this.contains.call(this, name);
	};

	var get = SystemProperties.get.overload("java.lang.String");

	get.implementation = function (name) {
	if (RootPropertiesKeys.indexOf(name) != -1) {
	send("Bypass " + name);
	return RootProperties[name];
	}
	return this.get.call(this, name);
	};

	Interceptor.attach(Module.findExportByName("libc.so", "fopen"), {
	onEnter: function (args) {
	var path = Memory.readCString(args[0]);
	path = path.split("/");
	var executable = path[path.length - 1];
	var shouldFakeReturn = RootBinaries.indexOf(executable) > -1;
	if (shouldFakeReturn) {
	Memory.writeUtf8String(args[0], "/notexists");
	send("Bypass native fopen");
	}
	},
	onLeave: function (retval) {},
	});

	Interceptor.attach(Module.findExportByName("libc.so", "system"), {
	onEnter: function (args) {
	var cmd = Memory.readCString(args[0]);
	send("SYSTEM CMD: " + cmd);
	if (
	cmd.indexOf("getprop") != -1 \|\|
	cmd == "mount" \|\|
	cmd.indexOf("build.prop") != -1 \|\|
	cmd == "id"
	) {
	send("Bypass native system: " + cmd);
	Memory.writeUtf8String(args[0], "grep");
	}
	if (cmd == "su") {
	send("Bypass native system: " + cmd);
	Memory.writeUtf8String(
	args[0],
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled"
	);
	}
	},
	onLeave: function (retval) {},
	});


	BufferedReader.readLine.overload("boolean").implementation = function () {
	var text = this.readLine.overload("boolean").call(this);
	if (text === null) {
	// just pass , i know it's ugly as hell but test != null won't work :(
	} else {
	var shouldFakeRead = text.indexOf("ro.build.tags=test-keys") > -1;
	if (shouldFakeRead) {
	send("Bypass build.prop file read");
	text = text.replace(
	"ro.build.tags=test-keys",
	"ro.build.tags=release-keys"
	);
	}
	}
	return text;
	};

	var executeCommand = ProcessBuilder.command.overload("java.util.List");

	ProcessBuilder.start.implementation = function () {
	var cmd = this.command.call(this);
	var shouldModifyCommand = false;
	for (var i = 0; i < cmd.size(); i = i + 1) {
	var tmp_cmd = cmd.get(i).toString();
	if (
	tmp_cmd.indexOf("getprop") != -1 \|\|
	tmp_cmd.indexOf("mount") != -1 \|\|
	tmp_cmd.indexOf("build.prop") != -1 \|\|
	tmp_cmd.indexOf("id") != -1
	) {
	shouldModifyCommand = true;
	}
	}
	if (shouldModifyCommand) {
	send("Bypass ProcessBuilder " + cmd);
	this.command.call(this, ["grep"]);
	return this.start.call(this);
	}
	if (cmd.indexOf("su") != -1) {
	send("Bypass ProcessBuilder " + cmd);
	this.command.call(this, [
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled",
	]);
	return this.start.call(this);
	}

	return this.start.call(this);
	};

	if (useProcessManager) {
	var ProcManExec = ProcessManager.exec.overload(
	"[Ljava.lang.String;",
	"[Ljava.lang.String;",
	"java.io.File",
	"boolean"
	);
	var ProcManExecVariant = ProcessManager.exec.overload(
	"[Ljava.lang.String;",
	"[Ljava.lang.String;",
	"java.lang.String",
	"java.io.FileDescriptor",
	"java.io.FileDescriptor",
	"java.io.FileDescriptor",
	"boolean"
	);

	ProcManExec.implementation = function (cmd, env, workdir, redirectstderr) {
	var fake_cmd = cmd;
	for (var i = 0; i < cmd.length; i = i + 1) {
	var tmp_cmd = cmd[i];
	if (
	tmp_cmd.indexOf("getprop") != -1 \|\|
	tmp_cmd == "mount" \|\|
	tmp_cmd.indexOf("build.prop") != -1 \|\|
	tmp_cmd == "id"
	) {
	var fake_cmd = ["grep"];
	send("Bypass " + cmdarr + " command");
	}

	if (tmp_cmd == "su") {
	var fake_cmd = [
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled",
	];
	send("Bypass " + cmdarr + " command");
	}
	}
	return ProcManExec.call(this, fake_cmd, env, workdir, redirectstderr);
	};

	ProcManExecVariant.implementation = function (
	cmd,
	env,
	directory,
	stdin,
	stdout,
	stderr,
	redirect
	) {
	var fake_cmd = cmd;
	for (var i = 0; i < cmd.length; i = i + 1) {
	var tmp_cmd = cmd[i];
	if (
	tmp_cmd.indexOf("getprop") != -1 \|\|
	tmp_cmd == "mount" \|\|
	tmp_cmd.indexOf("build.prop") != -1 \|\|
	tmp_cmd == "id"
	) {
	var fake_cmd = ["grep"];
	send("Bypass " + cmdarr + " command");
	}

	if (tmp_cmd == "su") {
	var fake_cmd = [
	"justafakecommandthatcannotexistsusingthisshouldthowanexceptionwheneversuiscalled",
	];
	send("Bypass " + cmdarr + " command");
	}
	}
	return ProcManExecVariant.call(
	this,
	fake_cmd,
	env,
	directory,
	stdin,
	stdout,
	stderr,
	redirect
	);
	};
	}

	if (useKeyInfo) {
	KeyInfo.isInsideSecureHardware.implementation = function () {
	send("Bypass isInsideSecureHardware");
	return true;
	};
	}
	});
	}, 0);