RootRoot
Everyone
info
10+
Downloads
Everyone
Learn more
About this app
RootRoot is an open-source Android security detection toolkit built for security researchers, penetration testers, and Android enthusiasts. It demonstrates how mobile applications detect rooted devices, Magisk installations, and Frida instrumentation frameworks in real time.
The app performs 13 security checks across 4 distinct detection strategies, giving you a comprehensive view of your device's security posture.
▌ DETECTION METHODS
◆ Java Layer Detection
• Root Package Scan — Checks PackageManager against 48 known root app signatures including Magisk, SuperSU, KingRoot, and Xposed
• SU Binary Search — Scans 14 directories for su, busybox, and magisk binaries
◆ Native Static Registration
Uses exported JNI symbols visible in the .so symbol table:
• Su Binary Check via native file access
• Magisk Mount detection through /proc/mounts
• Frida Process scanning via /proc/cmdline
• Frida Library detection through /proc/self/maps
◆ Native Dynamic Registration
Functions registered at runtime via RegisterNatives() in JNI_OnLoad — no exported symbols visible in the symbol table. Same checks, harder to reverse engineer.
◆ Native Dlsym (Hidden Registration)
Functions loaded via dlsym() from a separate shared library — the most obfuscated detection strategy, simulating real-world security SDK behavior.
▌ KEY FEATURES
✦ 13 detection checks across 4 JNI registration strategies
✦ Terminal-style dark UI with expandable result cards
✦ Real-time scan results with execution timing
✦ Detailed descriptions of each detection technique
✦ Pure C native code — zero C++ STL dependency
✦ Educational tool for understanding mobile security
✦ Supports armeabi-v7a, arm64-v8a, x86, and x86_64
▌ WHO IS THIS FOR?
• Security researchers studying Android root detection techniques
• Penetration testers evaluating device security posture
• Android developers implementing or auditing anti-tampering measures
• Students learning about JNI, native code, and mobile security
• ROM/Magisk enthusiasts testing detection bypass methods
▌ EDUCATIONAL PURPOSE
RootRoot is designed as a security research and educational tool. It demonstrates both offensive and defensive mobile security techniques. All detection methods are fully documented and open source on GitHub.
Understanding how root detection works helps both defenders build stronger protections and researchers identify weaknesses in existing implementations.
source code: https://github.com/John-Jung/RootRoot
The app performs 13 security checks across 4 distinct detection strategies, giving you a comprehensive view of your device's security posture.
▌ DETECTION METHODS
◆ Java Layer Detection
• Root Package Scan — Checks PackageManager against 48 known root app signatures including Magisk, SuperSU, KingRoot, and Xposed
• SU Binary Search — Scans 14 directories for su, busybox, and magisk binaries
◆ Native Static Registration
Uses exported JNI symbols visible in the .so symbol table:
• Su Binary Check via native file access
• Magisk Mount detection through /proc/mounts
• Frida Process scanning via /proc/cmdline
• Frida Library detection through /proc/self/maps
◆ Native Dynamic Registration
Functions registered at runtime via RegisterNatives() in JNI_OnLoad — no exported symbols visible in the symbol table. Same checks, harder to reverse engineer.
◆ Native Dlsym (Hidden Registration)
Functions loaded via dlsym() from a separate shared library — the most obfuscated detection strategy, simulating real-world security SDK behavior.
▌ KEY FEATURES
✦ 13 detection checks across 4 JNI registration strategies
✦ Terminal-style dark UI with expandable result cards
✦ Real-time scan results with execution timing
✦ Detailed descriptions of each detection technique
✦ Pure C native code — zero C++ STL dependency
✦ Educational tool for understanding mobile security
✦ Supports armeabi-v7a, arm64-v8a, x86, and x86_64
▌ WHO IS THIS FOR?
• Security researchers studying Android root detection techniques
• Penetration testers evaluating device security posture
• Android developers implementing or auditing anti-tampering measures
• Students learning about JNI, native code, and mobile security
• ROM/Magisk enthusiasts testing detection bypass methods
▌ EDUCATIONAL PURPOSE
RootRoot is designed as a security research and educational tool. It demonstrates both offensive and defensive mobile security techniques. All detection methods are fully documented and open source on GitHub.
Understanding how root detection works helps both defenders build stronger protections and researchers identify weaknesses in existing implementations.
source code: https://github.com/John-Jung/RootRoot
Updated on
Safety starts with understanding how developers collect and share your data. Data privacy and security practices may vary based on your use, region, and age. The developer provided this information and may update it over time.
No data shared with third parties
Learn more about how developers declare sharing
No data collected
Learn more about how developers declare collection
Everyone
Learn moreApp support
About the developer
정성욱
sungwuk98@gmail.com
South Korea