My bank app (TMB) found a way to detect Magisk!!! - Magisk

This app (https://play.google.com/store/apps/details?id=com.TMBTOUCH.PRODUCTION&hl=en) has found a way to detect magisk WITH magisk hide hide and package rename.
I don't really know how, I've just updated the app, then BOOM.
I've recheck everything, reinstall, even remove magisk doesn't help.
PS. all with latest magisk 20.3.

Well, Magisk can hide from it just fine (I just tested and had no issues). Which means it's likely something else about your device that's triggering the app.
First make sure that MagiskHide is working properly (test SafetyNet), and if it doesn't try toggling MagiskHide off and on again. More tips here:
https://didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps

No it's not.
I did hide it, also change repack name.
Attached screenshot.

As my test shows, Magisk is perfectly capable of hiding from the app. But, as I said, there's likely something about your setup/device that is triggering it.
Have you tested if MagiskHide works? Have you checked for tips in the link I posted?

Yes Magisk hide works with all other of my bank apps, 5 of them, so far.
Actually, Magisk hide worked with this app since 3 years ago, when I've started using Magisk. But a couple days ago, the app was updated, and boom!!! So, I think they find a way to bypass the hide.

Unless your device is outdated and can't utilise the full potential of Magisk's capabilities (full app obfuscation isn't available on Android versions less than 9, for example, but that info is already covered in the linked guide), the app is not circumventing MagiskHide.
There are many other ways of detecting "root" that has nothing directly to do with Magisk (again, see the linked guide).

Maybe magisk is works fine but this application has some problem in inside. "this device does not to meet the minimum security requirements for this app" it's mean security patch is older than this app require as i think, or maybe this app is broken.

Related

Using Software with V-key Components

UPDATE!​NO MORE COMPLICATED SCRIPTS, JUST USE MAGISK 24.1 WITH DENY LIST!
1. Enable Zygisk, add the apps to the deny list
2. Hide Magisk App
3. Install SafetyNet Fix by kdrag0n (Might still need Magisk Hide Props if your device is a little older)
Working on: Poco X3 Pro + Lineage 18.1 (Android 11)
Aurora Store | F-Droid - Free and Open Source Android App Repository
A Google Playstore Client
f-droid.org
^Use aurora store to get the older version of Singapass that's likely to work, I'm using build 100.
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
erOzeOz said:
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Click to expand...
Click to collapse
Disabling the existing vkey components should be enough.
Did you spoof the device signature with the magisk hideprops module?
KrishvY said:
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
Click to expand...
Click to collapse
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Xanth0k1d said:
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Click to expand...
Click to collapse
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
KrishvY said:
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
Click to expand...
Click to collapse
The App Mananger by Muntashir Akon?
I think I need to explain this properly, SIngapass and some apps may not work in the following situations:
You installed a custom rom without a Google approved device ID
You rooted your phone
You have Magisk
etc​
For your case, Singpass does not work because you installed Lineage - a custom rom, which should not have a Google approved device prop by default. It doesn't matter if you are rooted or you have install Magisk at this point.
My suggestion to you is to install Magisk and follow my guide-hide magisk and spoof you device fingerprint so it looks like you are running a stock rom.
hi @Xanth0k1d. Have been using your method to hide singpass in the past. But the app just recently was able to detect root. As someone mentioned above, the updated app has no v-key components listed in the service. Any idea how to circumvent the situation and what services to disable?
Holy ****, I just saw the update.
Probably some dude saw this post...
I have yet updated so I can't test, if anyone's finding any solutions to this pls update as well.
Xanth0k1d said:
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Click to expand...
Click to collapse
heya, I'm the reddit user... I had updated the app, but so far has no luck finding where the detection is hiding now... I might just try turning off services one-by-one with servicely, but I'll keep you all updated if I get any success.
@Xanth0k1d since you haven't updated your singpass, can you check what are the available services and listeners currently your version is using? I want to compare the difference with the latest version.
I managed to get Singapore's GPay app to work by blocking this `com.google.android.gms.gmscompliance.ui.UncertifiedDeviceActivity`. Do your devices pass SafetyNet?
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
Thanks! Can confirm that this works!
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Lu5ck said:
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Click to expand...
Click to collapse
The safetynet api did not get nuked, the api changed so code that use the old api won't work, even on the latest stable build safetynet will still pass when using another checker app. While I won't go into the technical details, singpass spawns a new isolated process to check for root, exploiting the fact that isolated processes are treated differently and is difficult for magisk to hide itself. So the solution is to disable the offending process and not let it spawn. There are several other requirements necessary for singpass to run, which are largely beyond the scope of discussion in this thread.
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
auggie246 said:
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
Click to expand...
Click to collapse
The trick here is to decompile the APK using apktool and inspect the Androidmanifest.xml manually. Search for "ISOLATED" and in the same line you should be able to find the name of the service to be disabled. Of course this assumes that citibank's app used a similar tactic as the other apps.
Edit: I tried the citibank sg app, magisk hide + rename package is sufficient for me to launch the app, don't have an account so I can't test any further.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
I guess there's another update to Singpass that circumvent this circumvention as well lol
Apparently it's now using a service called o.ImmutableSetMultimap for checking root (confirmed by magiskhide entry) and it works for a few seconds after loading Singpass before failing again with different error message. I think it checks for both whether the service is active and found a root (gives error T0), or whether the service is running at all (gives error T-1). I think we need something else to block this.

Banking app detected (Keytrade). I've tried many options from the forum but no success.

I use Fairphone 3+ running Android 10.
Safety Net check is ok.
Magisk hide is configured for keytrade banking and google play services
Magisk is hided with another name
I tried Riru-MomoHider, Riru Enhanced mode for Magisk Hide...
...
Now, I really can't find any new idea.
Hi OpenWorld,
a temporary fix is to downgrade the app (you can use aptoide to do that, make sure you use a trusted source though). I got back to version 5.4.5 and it apparently did the trick. I am afraid however that sooner or later Keytrade will force us to move to the updated version, so a stable solution to this issue is still to be found.
Maybe the Magisk crew could investigate what system the Keytrade is using to spot root? No Keytrade account is needed (root is immediately identified upon opening the app, so if one manages to get to the first screen where an account must be created, this means that Magisk has not been spotted) and it could be of general interest to the Magisk community to see what trick the Keytrade app is using to spot root... I am sorry I am not knowledgeable enough to help with this.
Best, A

clubhouse on rooted devices

Hi
I have a problem in the clubhouse app that login not complete on any rooted device ... no problem on Non Root devices
I hide magisk app add clubhouse to magisk hide and EDExposed blacklist but still not working.
also, the same issue is in Mcdonald's app.
any idea how to solve these issues
Note: My Bank app works after adding it to magisk hide and hide magisk app, which means i did it right.
thanks
anyone help me please
Have you tried removing the Magisk app? That's a popular way of detecting Magisk, even with a repackaged app. It's practically impossible to completely hide it on anything below Android 11, and even then it's necessary for the app to target A11 for full hiding to work (which won't happen until Google enforces that, maybe later this year).
Of course, Xposed/EdXposed/LSPosed tools can probably be used to hide the app fully...
Didgeridoohan said:
Have you tried removing the Magisk app? That's a popular way of detecting Magisk, even with a repackaged app. It's practically impossible to completely hide it on anything below Android 11, and even then it's necessary for the app to target A11 for full hiding to work (which won't happen until Google enforces that, maybe later this year).
Of course, Xposed/EdXposed/LSPosed tools can probably be used to hide the app fully...
Click to expand...
Click to collapse
thanks for your reply
if i removed magisk .. everything that use root will stop and i don't want that
also can you please tell me how to hide the app fully using EDXposed
I did not say "remove Magisk"... I said "remove the Magisk app". Just uninstall the app and try and see if Clubhouse still triggers. If it works we know it's looking for the app and you'll have to either freeze/uninstall the Magisk app when using Clubhouse and then reinstall it again afterwards, or use one of the available isolation methods. I've got a few of those mentioned here, but I'm sure you can find more if you search (it's been covered a lot):
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Isolation_apps
zamlkawy said:
Hi
I have a problem in the clubhouse app that login not complete on any rooted device ... no problem on Non Root devices
I hide magisk app add clubhouse to magisk hide and EDExposed blacklist but still not working.
also, the same issue is in Mcdonald's app.
any idea how to solve these issues
Note: My Bank app works after adding it to magisk hide and hide magisk app, which means i did it right.
thanks
Click to expand...
Click to collapse
for Mcdonald's try this
[MOD][XPOSED][4.1+] McRoot (McDonalds Global App)
McRoot McDonalds Global App security fix Remove checks of: root unacceptable apps unacceptable device properties (developer options etc) Note: The app requests SafetyNet pass! Use Magisk+Riru+Riru-Unshare etc Install notes: install apk...
forum.xda-developers.com
Hi. I also have Magisk installed on my device. I uninstalled Magisk app, tried logging into clubhouse again, but still the issue persists.
After receiving the missed call while trying to sign in, I get the notification, 'There was an error please try again'
Clearing the clubhouse app data, uninstalling and reinstalling the app again hasn't helped at all. I get the same issue.
I have Magisk 23.0 installed on my Oneplus5T running Android 10.

Mitnykredit app does not work stealth root

The latest versions of this application do not work, when trying to open the MitNyKredit app, a website opens with information about the detected root. Is there any way to get this app? I will add that I tried all the available methods with hiding root.
If you truly tried all the available methods then you have your answer. However in the case you missed something you should describe everything you already did.
Are you referring to this app?
MitNykredit - Apps on Google Play
Gives you easy access to manage your daily finances both at home and on the go.
play.google.com
I can open it and get to login screen if it is in denylist, otherwise it opens a website indeed
Yes, it's about this app, Magisk hide, Lsposed, Shamiko.
Do you pass safetynet?
For me this app works with official magisk + denylist enforced + this app in denylist. Didn't even have to clear cache, just adding/removing it in denylist makes it work/not work.
I have universal safetynet fix mod by displax and I have modified props inspired by this post for my device which I believe to be "helpful" in this case.
As I wrote, SafetyNet is of course correct, otherwise other applications would not work for me. I only have a problem with this app (for now), the rest works after hiding root in Magisk. I don't know what the problem is
You never wrote that actually.
Perhaps try official magisk with denylist? Seeing as how that works for me for this app..I am not familiar with the forks of magisk and lsposed/shamiko stuff, but I browsed some of these threads and I saw "HideMyApp" thrown around a lot as well which I assume to be lsposed module, worth looking into I guess.
Of course, the newest Magisk, the newest Lsposed, and the Shamiko don't help. I checked older versions 7.2.1 of MitNyKredit app and it works without problem, and after installing the latest version it detects root ...
Try to use Island or Shelter. most bank Apps able to work this way
@Spartacus500
Ah, a fellow Dane. I know for a fact that MitID won't work because of the installed ROM Lineage OS. The apk somehow extracts information about the ROM.
Maybe the same goes for MItnykredit?
I have tried to make changes to the build prop without success.

Banking app (Starling) detecting Magisk

A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?
What's the banking app name?
Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com
makeyourself said:
A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?
Click to expand...
Click to collapse
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
I was wondering why Starling suddenly started failing - thanks!
Try hide root with some google apps on deny list. (u can search "html", "webview", "feedback" then enable hide them all apps which include these words.
giociampa said:
I was wondering why Starling suddenly started failing - thanks!
Click to expand...
Click to collapse
Ta
For ref - Process for Noobies is here;
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Files and all
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks. Worked for me on my 6t using LOS20 and Starling
surajpai524 said:
What's the banking app name?
Click to expand...
Click to collapse
Starling
surajpai524 said:
Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com
Click to expand...
Click to collapse
If I rename/repackage the Magisk app and use Deny List then the only things Ruru detects is the Magisk app itself (even though it's renamed) and TWRP. TWRP doesn't seem to be the problem because the banking app doesn't seem to care if I've got that installed so long as Magisk isn't installed to ramdisk. And the banking app is clearly detecting something other than just the Magisk app because it trips after flashing Magisk from recovery, even if the Magisk app isn't installed.
I think @spida_singh may have a solution though!
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time. Edit: Just tried and it works !!
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!
makeyourself said:
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time.
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!
Click to expand...
Click to collapse
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.
spida_singh said:
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.
Click to expand...
Click to collapse
Id like to know too - But use my file from post #7 and it should work
I think I spoke to soon. It's still showing up for me when I quit the Starling app.
I tried Starling app and at first it detected root but once I added to Deny list in Magisk. It didn't detect and went to login page.
My root detection bypass configs:-
Magisk (Not hidden/ Name unchanged / Not Frozen)
Magisk Deny List
Shamiko 0.7
Hide My AppList (LSPosed Module)
Universal SafetyNet Fix mod by Displex
I don't know other behaviour like after login and stuff, since I don't have an account.
Ruru screenshot: even with xposed modules and Magisk app not hidden
Prof. Yaffle said:
I think I spoke to soon. It's still showing up for me when I quit the Starling app.
Click to expand...
Click to collapse
Do you have the the domain mentioned above blacklisted in Adaway and the app on Magisk Deny List with Deny List enforcing? All working fine here now.
I also have USNF (kdrag0n) and Magisk Hide Props Config installed. Magisk 26.1
Also you have to clear the app's data before that message will go away.
Yes, I've tried it added manually and also with the file. Same result both ways. I have the Magisk app hidden, Starling in the Deny list but Enforce disabled as I'm using Shamiko.
Edit
I've just cleared the Starling app data and it seems okay at the moment
FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround
fkofilee said:
FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround
Click to expand...
Click to collapse
I'm running the latest starling absolutely fine on my Pixel 6. Same set-up (latest linesgeos nightly)
Magisk Delta
USNF by displax
PCAP block list still contains this host
What is your setup?
Official Magisk, UNSF from Displax, Fingerprint Props.
Adaway still contains the host file I made.
My OnePlus 6t on the latest Lineageos 20 nightly seems fine with Shamiko, USNF Mod and the blocked host in Adaway

Categories

Resources