RootCloak

This is a module for Xposed Framework v2.4.1 (with XposedBridge v42).
This allows you to run apps that detect root without disabling root. You select from a list of your installed apps (or add a custom entry), and using a variety of methods, it will completely hide root from that app. This includes hiding the su binary, superuser/supersu apks, processes run by root, and more.

Requires:
-Xposed Framework v2.4.1 (with XposedBridge v42)
-Root (otherwise why use this ;) )

Instructions:
1) Make sure you have Xposed Framework v2.4.1+ installed (with XposedBridge v42+).
2) Install RootCloak.
3) Enable RootClock in the Xposed Installer app. Do this by opening Xposed Installer, going to Modules, and pressing the check box next to RootClock.
4) Reboot your phone.
5) Open RootClock settings (just open the app from the launcher), and then go to Add/Remove. This is where you will change which apps RootCloak hides root from.
6) FIRST TIME USERS ON VERSION 1.2 AND LOWER: Go to the menu (3 dots), and press "Reset to Default Apps".
7) If the app you want is not among the default apps, press the + button to add it. Find the app in the list, and press it to add it to the list.
8) Exit RootCloak settings. If the app you just added was already running, either FORCE CLOSE it, or reboot your phone.
9) Run the app to see if root was successfully hidden.

Devices/OS Tested:
HTC One GPE - 4.3 (Jellybean)
HTC One GPE - 4.4.x (KitKat)

>>Apps successfully tested:
DME Mail - Excitor - https://play.google.com/store/apps/details?id=dk.excitor.dmemail
Fox Digital Copy - Fox - https://play.google.com/store/apps/details?id=com.fde.DomesticDigitalCopy
DirecTV GenieGo - DirecTV - https://play.google.com/store/apps/details?id=com.directv.application.an...
Best Buy CinemaNow - Best Buy - https://play.google.com/store/apps/details?id=com.res.bby
Bright House TV - Bright House - https://play.google.com/store/apps/details?id=com.BHTV
Mobile Pay - Apriva - https://play.google.com/store/apps/details?id=com.apriva.mobile.bams
AprivaPay - Apriva - https://play.google.com/store/apps/details?id=com.apriva.mobile.aprivapay
IKO - PKO Bank Polski SA - https://play.google.com/store/apps/details?id=pl.pkobp.iko
Bradford Mobile Agent - Bradford Networks - https://play.google.com/store/apps/details?id=com.bradfordnetworks.bma
ParcelSend - Australia Post Digital - https://play.google.com/store/apps/details?id=au.com.auspost
Worx Home by Citrix - Zenprise - https://play.google.com/store/apps/details?id=com.zenprise
Movies by Flixster - Flixster - https://play.google.com/store/apps/details?id=net.flixster.android
Sparkasse - Star Finanz GmbH - https://play.google.com/store/apps/details?id=com.starfinanz.smob.androi...
City Video (Citytv) - Rogers Digital Media - https://play.google.com/store/apps/details?id=com.rogers.citytv.phone
ラブライブ!スクールアイドルフェスティバル - KLab - https://play.google.com/store/apps/details?id=klb.android.lovelive
예스24 전자도서관 (Yes24) - YES24 - https://play.google.com/store/apps/details?id=com.incube.epub
Yuppi - Yuppi Mobil A.Ş. - https://play.google.com/store/apps/details?id=com.ovidos.yuppi ( as of v1.2)
AirWatch MDM Agent - AirWatch - https://play.google.com/store/apps/details?id=com.airwatch.androidagent (as of v1.2)
D3 GO - D3 GO - https://play.google.com/store/apps/details?id=com.zappware.twintv.d3 (as of v1.2)

Not currently working (reason to be determined):
Puzzles & Dragons - GungHoOnlineEntertainment - https://play.google.com/store/apps/details?id=jp.gungho.pad
McAfee EMM - McAfee Mobile Security - https://play.google.com/store/apps/details?id=com.mcafee.apps.emmagent
Virgin TV Anywhere - Virgin Media - https://play.google.com/store/apps/details?id=com.virginmedia.tvanywhere

Apps that need more testing/analysis:
App: Good for Enterprise - Good Technology - https://play.google.com/store/apps/details?id=com.good.android.gfe
Reason: It doesn't seem to check for root using the NDK, but I cannot be sure. The updates that I have made to RootCloak may handle GFE, but I have no way of testing.

Apps with calls most likely can never be directly intercepted by Xposed:
App: WebTV - Stofa - https://play.google.com/store/apps/details?id=com.stofa.webtv
Method: Detects root by checking for the existance of the su binary. It uses fopen() and access() in order to do this check via native library (built with Android NDK).
Relevant Files: liblifevibes_openplayer_arm11.so OR liblifevibes_openplayer_armA8.so (internal libraries)

App: Yelo TV - Telenet - https://play.google.com/store/apps/details?id=be.telenet.yelo
Method: Detects root via native library (built with Android NDK). Unsure of exact method, but the strings "ERROR: Device is rooted. aborting execution" and "ERROR: Debbuger running. aborting execution" can be found in the library.
Relevant Files: libDxDrmDlcCore.so

App: Sky Go - BSkyB - https://play.google.com/store/apps/details?id=com.bskyb.skygo
Method: Most likely detects root via native library (built with Android NDK). Unsure of exact method, but the Java portion of the app contains "VGDRM_STATUS_DEVICE_IS_ROOTED = -41942891", and based on the library name, it's a safe bet.
Relevant Files: libvgc.so

App: Barclays Mobile Banking - Barclays - https://play.google.com/store/apps/details?id=com.barclays.android.barcl...
Method: Most likely detects root via native library. Using FileObserver you can see it accessing /system/(x)bin/su, but since I am hooking all File constructors and exec() methods, there is no way it is done without the native library.
Relevant Files: TBD

App: S-pushTAN - Star Finanz GmbH - https://play.google.com/store/apps/details?id=com.starfinanz.mobile.andr...
Reason: Uses a native library to check for root. There is a callback inside the Java code, so it's possible to intercept that at the Java level, but that can be patched fairly easily.
Releveant Files: libshield.so

Apps that need testing (I cannot test due to Play Store restrictions):
Barclays Homeowner - Barclays - https://play.google.com/store/apps/details?id=uk.co.barclays.barclayshom...
MobileTV - Deutsche Telekom AG - https://play.google.com/store/apps/details?id=no.rdml.android.mobiletv

Please post on XDA if you find an app that RootCloak successfully or unsuccessfully works with! In additional, while it shouldn't interfere with any other modules, please let me know if you encounter any bugs or issues!

Author(s): 
Package: 
com.devadvance.rootcloak
Version name: 
1.4
Release type: 
Stable (low risk of bugs)
Number of downloads: 
165,853
MD5 checksum: 
3b1e94db002a61d3cd0da285c34a2094
Changes: 

Added Slovak (thanks pylerSM) and Traditional Chinese(Taiwan) (thanks Eric850130) translations. Reorganized the code so its more legible. Added a lot of default apps and keywords, fixed the broken activities, and fixed how exec() was being handled (sh -c works a differently than I expected).

Version name: 
1.3
Release type: 
Stable (low risk of bugs)
Number of downloads: 
15,403
MD5 checksum: 
5a7037b11ecbc4e82faf8279518a6ca6
Changes: 

Added reset/clear confirmation dialogs. Added hooks for getInstalledPackages (thanks sirdigitalpython) and getPackageInfo. Added the ability to customize which commands and keywords RootCloak hides from the selected apps.

Version name: 
1.2
Release type: 
Stable (low risk of bugs)
Number of downloads: 
5,452
MD5 checksum: 
8698bb19f59bcf18f619842484172496
Changes: 

Cleaned up code. Added sh blocking. Added additional package names. Added ProcessBuilder blocking.

Version name: 
1.1
Release type: 
Stable (low risk of bugs)
Number of downloads: 
3,135
MD5 checksum: 
dd018b9d33fc317ada4cf32c27da364a
Changes: 

Added additional methods for hiding root. Refined existing methods to be more consistent.

Version name: 
1.0
Release type: 
Stable (low risk of bugs)
Number of downloads: 
1,411
MD5 checksum: 
96c83cd6e70d148dd3ee995cab957eae
Changes: 

Initial release.