[MODULE] fakestore2playstore - microG with License Verification + In-App-Purchases - Magisk

microG works great until a paid app tries to verify the license or when it comes to in app purchases. Using existing tools like NanoDroid and microG Installer Revived has disadvantages (see Readme below). That's why I created a Magisk module that replaces FakeStore with a patched version of the PlayStore. After installing the module, licenses can be verified and even in-app-purchases are possible with microG.
Visit on Github or download v0.1 directly.
Readme:
FakeStore 2 PlayStore​This is a Magisk module that replaces FakeStore with the patched Play Store by Nanolx and is mainly intended to be used with LineageOS for microG, which already ships with microG and FakeStore. I only tested it on LineageOS 18.1 for microG. Use at your own risk, if you are on a different ROM.
The module uses fixed permissions settings from nift4's microG Installer Revived. Additionally it adds the Nanolx's NanoDroid companion F-Droid repository to F-Droid for automatic updates of the patched Play Store.
Why you want to use it​You want to have License Verification and In-App-Purchases with microG and already have a system with microG + FakeStore (like LineageOS for microG)
Installation​
Install LineageOS for microG
Install Magisk
Install the module through the Magisk Manager App
Important: Do NOT flash in TWRP, you need to use the Magisk app and have an active internet connection for downloading the patched PlayStore.
NanoDroid or microG Installer Revived already do the job, don't they?​Yes and no. After several tries with combinations of LineageOS 18.1, Lineage OS 18.1 for microG, NanoDroid and microG Installer Revived, I always ended up with either an unbootable system or with configurations that don't survive OTA upates or that would render microG upgrades useless or install too much.
NanoDroid's patcher (currently?) isn't able to successfully patch signature spoofing into LOS 18.1 and I didn't want to fiddle around with deodexing. My intention was to have a ready-to-use solution for LineageOS that survives OTAs. So I had to use LOS for microG, which already has the signature spoofing patch. However installing the patched PlayStore in LOS 18.1 for microG using NanoDroid always resulted in an unbootable system - even when disabling every other feature in .nanodroid-setup and hiding FakeStore with .nanodroid-overlay.
Though microG Installer Revived does a better job (the system was bootable after installing the patched PlayStore , it isn't able to hide FakeStore on it's own. So I had to still hide FakeStore somehow. Additionally microG Installer Revived installs DroidGuard as a system app, which is not what I wanted. Furthermore, it overwrites GmsCore with it's own version and therefor any OTA updates by LineageOS for microG would've been overwritten by the Installer's version.
That said, it's possible to use NanoDroid's .nanodroid-overlay feature to hide FakeStore in combination with microG Installer Revived to install the patched PlayStore and live with the DroidGuard and OTA issues. But I decided to make a Magisk module that does no more than replacing FakeStore with a patched version of PlayStore. Here it is.
Build​Linux, BSD, macOS, Android​Requires wget.
wget -O META-INF/com/google/android/update-binary https://raw.githubusercontent.com/topjohnwu/Magisk/master/scripts/module_installer.sh && zip fakestore2playstore.zip -9r *
Other​Download this and put it into META-INF/com/google/android/update-binary. And ZIP it.
Credits​
Nanolx for the PlayStore patch.
nift4 for microG Installer Revived

wait does this still use the google play in-app purchase dialogue or are in-app purchases just free now?

MirageSteezyBoi said:
wait does this still use the google play in-app purchase dialogue or are in-app purchases just free now?
Click to expand...
Click to collapse
Negative, nothing is for free! Otherwise it'd be considered warez! This means, this modificated Google Play Store allows you to make the same purchases like the "normal" play store despite the lack of Google Play Services and the use of µG.

Oswald Boelcke said:
Negative, nothing is for free! Otherwise it'd be considered warez! This means, this modificated Google Play Store allows you to make the same purchases like the "normal" play store despite the lack of Google Play Services and the use of µG.
Click to expand...
Click to collapse
cool. works great. vouch

now this is helpful - thank you for releasing this!
for me only worked the one to download directly (1.0). generating or updating the zip like described led to "unzipping failed" message in magisk. i don't know, where the pitfall could be, just mentioning this here.

klaasklever said:
now this is helpful - thank you for releasing this!
for me only worked the one to download directly (1.0). generating or updating the zip like described led to "unzipping failed" message in magisk. i don't know, where the pitfall could be, just mentioning this here.
Click to expand...
Click to collapse
Thanks for reporting. However, I double checked the build steps and ended up with the same file as the released one. I guess it doesn't have to do anything with fakestore2playstore, but may be due to your "zip" executable. In fact, Magisk also complains about the unzipping progress itself. Anyway, I'm happy you find this module helpful!

You should check out https://github.com/FriendlyNeighborhoodShane/MinMicroG_releases they already include the same PatchedPhonesky along with a minimal microG setup similar to the revived version from the Magisk repo, all in one package.
As for signature spoofing and all that if your ROM doesn't support it the easiest way is to use f0mey's Smali Patcher:
[MODULE] Smali Patcher 7.4
Smali Patcher WHAT THE HELL IS THIS THING? :: To sum things up this is an application I developed that pulls the android framework from your device, applies what I (or other users) consider useful patches to the sourced files and then...
forum.xda-developers.com

Thank you a big bunch. Very easy to install, and works pretty good. Some paid apps can't be installed for some reaaon, but you can install them with means, and the licence verification later works! Which is the main point.

I've been using this on 3 phones running gappless + microG. All with different custom ROMs and it appears to work wonderfully for license verification on the few apps I have paid for - except one (titanium backup). FWIW 2 are running A10 and one A11.
Thank's to the developer for this useful app!

It used to work for me, but after I reset my phone a few days ago and tried to install the module again I get error message "download failed and installation failed". I use /e/os (a fork of Lineage OS 18.1) on a Galaxy S10+ and Magisk 24.3. Any ideas?

thegreekfreak said:
It used to work for me, but after I reset my phone a few days ago and tried to install the module again I get error message "download failed and installation failed". I use /e/os (a fork of Lineage OS 18.1) on a Galaxy S10+ and Magisk 24.3. Any ideas?
Click to expand...
Click to collapse
Fixed in fakestore2playstore-0.2.zip
The wget version that ships with the busybox provided by Magisk 24 somehow can't download the patched playstore from Nanolx's repository. The server closes the connection because of a tls error. Now the patched playstore is included in this module and a download isn't required any more.
By the way: I'm on Android 12 now, but the Playstore doesn't work properly. Seems like some permissions/settings are missing. Unfortunately I'm quite busy currently and can't look into this deeper right now. Hope to find some sparetime soon.

sn00x said:
Fixed in fakestore2playstore-0.2.zip
The wget version that ships with the busybox provided by Magisk 24 somehow can't download the patched playstore from Nanolx's repository. The server closes the connection because of a tls error. Now the patched playstore is included in this module and a download isn't required any more.
By the way: I'm on Android 12 now, but the Playstore doesn't work properly. Seems like some permissions/settings are missing. Unfortunately I'm quite busy currently and can't look into this deeper right now. Hope to find some sparetime soon.
Click to expand...
Click to collapse
Please fix Android 12 issue! Please!

Hello, your module is running perfetcly on my device. Thanks!
But I'm still have some questions. Is it possible to install the Original PlayStore with microG installed?

I might have the exact case described here (LOS 18.1 for MicroG), but this does work perfectly. Thanks a lot

Well, doesn't work on Android 12+... Any chance for an update ? This was really a neat module :/

lPolarisl said:
Well, doesn't work on Android 12+... Any chance for an update ? This was really a neat module :/
Click to expand...
Click to collapse
I made it work again, but can't really remember how... first thing is enable network access for playstore in app-setting, it was disabled by default. also, try microG_Installer_Revived-Revived_3.0.0. and mess around with it, somehow it turns out ok ...

Jackson Karloff said:
I made it work again, but can't really remember how... first thing is enable network access for playstore in app-setting, it was disabled by default. also, try microG_Installer_Revived-Revived_3.0.0. and mess around with it, somehow it turns out ok ...
Click to expand...
Click to collapse
It works... Can't believe I missed that, that was all, network access was disabled x(
Thanks a lot, I had completely given up on this !

@sn00x In case you're still around... I now have trouble with your module, for some reason, it installs fine and the Play Store's there on the first reboot, but after the second reboot, it still shows up as active in the Magisk module list, but no Play Store app to be found, only FakeStore...
IodéOS, Android 12

Related

Managed to get microG working on OxygenOS 9.5.11

First I made a full backup because I didn't think it would work. You should too if you're going to attempt it.
- I patched my rom's services.jar using the Smali Patcher found HERE, enabling the option for signature spoofing in the app
- I pushed the resulting magisk module to my sdcard
- I flashed the module in magisk (using magisk 19.4-736729f5), rebooted, and confirmed that signature spoofing was working using Signature Spoofing Checker
- I downloaded the microg unofficial installer found HERE, making sure it was available on my sdcard for flashing
- I booted into TWRP recovery, mounted the System partition, and using the file manager found under "Advanced", I deleted Google Play Services, Google Services Framework, and Google Play Store from my /system/priv-app directory (I had already deleted Chrome, Play Movies/Music, Duo, etc. a long time ago, so I'm not sure if that's necessary for this to work)
- I went back to the main menu and installed the microg unofficial installer and rebooted the phone
- microg settings was now visible in my launcher, so i opened it and enabled device registration.
- I opened the the patched Play Store app provided by the microg unofficial installer and added my account when prompted
- I downloaded a previously purchased app to test if the app purchases could be validated. It was successful.
That's it. I read a lot of posts claiming that microg wouldn't work on OxygenOS, but I've been using it for 2 1/2 days now with no issues. UnifiedNLP still doesn't work unless you use the xposed module, but this seems to be an issue on every android pie rom that i've tried so far.
UPDATE:
Due to request, I uploaded my generated Magisk module which replaces services.jar with a patched version as requested. It was generated from OOS 9.5.11.
Please be aware that I cannot guarantee it will be compatible with your particular setup
Thanks for this, will give this a try , cheers.
Just a warning, I noticed I'm not passing safetynet after doing this. I've personally never encountered a situation where safetynet is relevant, but I know it'a a concern for a lot of you. I'll let you know if I figure out what's triggering it.
Hi,,may u share your service jar or signature spoofing magisk module here?
I managed to get UnifiedNlp working on custom ROMs. The culprit is the 'NLP Combo feature' commit present in all major OnePlus 7 Pro ROMs' frameworks/base. I made a custom build with this patch and backported Q animations in LineageOS if anyone is interested.
https://forum.xda-developers.com/oneplus-7-pro/development/rom-lineageos-16-microg-support-t3960116
muphetz said:
Hi,,may u share your service jar or signature spoofing magisk module here?
Click to expand...
Click to collapse
Done. Check original post for attachment.
bsimpson1 said:
Done. Check original post for attachment.
Click to expand...
Click to collapse
Tks,,its work with stock oss 9.5.11,,signature checking was enabled,,
Anyone know how to get UnfiedLP working on 10.0.3 without edexposed?

LSPosed Xposed Framework [8.1-13.0]. Simple Magisk Module

Developers: LSPosed Developers
Homepage: GitHub
✱ Requirements:
• Magisk 21+
• Android 8.1-13
• Riru(NOT NEEDED) USE ZYGISK
Description: Riru module providing ART interception framework (natively for Android Pie) that provides consistent API -interfaces with OG Xposed, using YAHFA (or SandHook) interception environment, supports Android 8.1 ~ 11.
& Installation:
• Install Riru 23+
• Install Riru - LSPosed via Magisk Manager
• Install LSPosed Manager app (Note: No Saparate App and Zip, App Will be Installed Automatically)
• Reboot your device.
Download:
For stable release, please go to Github Release page For canary build use telegram.
Go to second post for latest version Download
Notes:I'm just sharing this from github, I'm not responsible if you bricked your device.
GPay and other banking apps working fine without any issue so this xposed alternative is worth trying and safer.
Note: If anyone facing bootloop issue, don't panic, hard reboot again and it will work.
Screenshot:
Download:
Flash zip file through magisk and then install LSPosed Manager app
Update 1 March 2021
V1.2.0
V1.3.7 Updated 15.May.2021
(Note: No Saparate App and Zip, App Will be Installed Automatically)
For Newer Version Changelogs and Downloads:
LsPosed Github
Changelog
Spoiler: See
Fix manager white screen
[*]Support split-apk modules (LSPosed will choose only one apk with xposed_init to load)
[*]Fix manager crash when launching an uninstalled module from notification
[*]Load modules with SharedMemory (it can speedup app cold launch) 2
[*]New manager icon
[*]Fix incorrect update notification in the first installation
[*]Fix some apps not showing in the scope list in some rare cases
[*]Show notification of module uninstallation
[*]Prevent modules from hooking inner methods (methods from XposedBridge's classloader)
Note:
Previously LSPosed only recognize modules from the primary user. However, this strategy is not good and leads to some problems: some modules require getting installed app lists for configuration but they cannot do so across users; some require reading themselves from the hooked apps but they cannot do so from non-primary users; some users want to configure modules differently on different users which is not feasible previously. Thus LSPosed now requires every module to be installed to the user on which the apps they want to hook are installed. Some devices restrict modules from installing onto some users. In such a case, you can install them from the manager (but it's recommended).
1: For some weird devices that prevent installing apps from the root user, please install the manager from /data/adb/lspd/manager.apk or manager.apk from the zip file manually.
2: Some modules get modules' apk path using reflection of its classloader, it's not recommended and unstable since the apk path from classloader no longer exists when using SharedMemory to load modules. Please use the documented way (from IXposedHookZygoteInit.StartupParam.modulePath) instead.
Reserved 2
Why it's safer than EdXposed?
QkiZMR said:
Why it's safer than EdXposed?
Click to expand...
Click to collapse
I didn't say it's safer than edxposed. I meant xposed alternatives like taichi etc.
All banking apps works, no system slowdown, i got more free ram etc.
In edxposed the hooked apps take time to open, no such issue with LSPosed.
That's why i thought it's worth trying and safer.
And +1 is safetynet passes all the time with LSPosed but, with edxposed safetynet works for some time after every reboot even with blacklisting google framework and services.
This slowdown is caused by YAHFA hook in EdXposed. On Sandhook is much better. Which hook method you use in LSposed?
And +1 is safetynet passes all the time with LSPosed but, with edxposed safetynet works for some time after every reboot even with blacklisting google framework and services
Click to expand...
Click to collapse
SafetyNet works till google patched it no matter which xposed clone you use. Before last patch SN was working fine with EdXposed. I don't needed blacklisting framework and services because EdXposed manager is doing automatically, with special option enabled. So don't say lies about EdXposed but tell us about technical differences between LSposed and EdXposed. What you change after forking EdXposed repo?
looks working good u,till now, just its annoying sometimes to have to choos which app has the module applies. a "select all" option would be welcome in a next release
How do I pass safety net? I have universal safety fix module is installed too.
Antho02 said:
looks working good u,till now, just its annoying sometimes to have to choos which app has the module applies. a "select all" option would be welcome in a next release
Click to expand...
Click to collapse
This is what i was confused about? ive never chosen before. I dont know which ones i need things like HiddenCoreModule to apply to? Everything?
It looks like this xposed clone works only in whitelist mode...
I'm quite amazed that this edxposed alternative is running much better than edxposed itself on my android 11, aosp rom, redmi k30 pro zoom. Really glad that I came across this!
Thanks for the great and awesome work devs!
Preparedtobereckless said:
This is what i was confused about? ive never chosen before. I dont know which ones i need things like HiddenCoreModule to apply to? Everything?
Click to expand...
Click to collapse
Apply to System Framework.
Hidden core module do nothing, try no device check module. BTW safetynet passes for me by default.
darashikoh said:
How do I pass safety net? I have universal safety fix module is installed too.
Click to expand...
Click to collapse
What are LSposed module we can use in A11
Im trying to ask the scope list of my modules. Firefds minminguard hiddencore and hide mock location. Anybody can help for the whitelist ??
what does mean: "select other app for each module" ?
for example for "GravitiyBox" module, which app should be enable and why?!
mrhamed said:
what does mean: "select other app for each module" ?
for example for "GravitiyBox" module, which app should be enable and why?!
Click to expand...
Click to collapse
Android System - android
Call - com.samsung.android.incallui
Camera - com.sec.android.app.camera
Contacts - com.samsung.android.contacts
Email - com.samsung.android.email.provider
Firefds Kit - sb.firefds.r.firefdskit
Messaging - com.samsung.android.messaging
MTP Application - com.samsung.android.MtpApplication
NFC - com.android.nfc
One UI Home - com.sec.android.app.launcher
Settings - com.android.settings
Smart Capture - com.samsung.android.app.smartcapture
Software Update - com.wssyncmldm
System UI - com.android.systemui
It also depends on what firmware you are using amd what features you've enabled in gravity box. Enable these according.
What I've enabled in miui are shown in image below.
a module based selection, what to hook seems a good approach of doing what you want and at the same time saving resources. a more advanced selectiin UI would be good. filter based on words and then select in the filtered list, select deselect all. in addition I have no idea what some modules are hooking like gravity box...this is just an example...I know I can find out however maybe the manager app can support to find out or tick what is recommended
I am trying LSposed on my OnePlus 7 Pro (GM-1917), OOS 10.3.8, Magisk 21.4, xXx 12.4.
I followed these instructions from the OP ...
• Install Riru 23+
• Install Riru - LSPosed via Magisk Manager
• Install LSPosed Manager app
• Reboot your device.
Click to expand...
Click to collapse
I got into what seems to be an infinite boot loop. I waited 3-5 minutes, but the boot loop continued.
Has anyone seen this behavior? If so, is there a workaround?
Thank you in advance.
UPDATE: I must have messed up one or more of the installation steps the first time around. I retried installing, and now LSPosed works for me with no boot loop.
OnePlus 7 Pro (GM-1917)
OOS 10.3.8
Magisk 21.4
Magisk Manager 8.0.7
xXx 12.4
Riru 23.4
LSPosed-v0.5.4.0-5135-release.zip (YAHFA)
LSPosedManager-v0.5.4.0-5175-release-signed.apk
Good work!
Onward!
HippoMan said:
I am trying LSposed on my OnePlus 7 Pro (GM-1917), OOS 10.3.8, Magisk 21.4, xXx 12.4.
I followed these instructions from the OP ...
I got into what seems to be an infinite boot loop. I waited 3-5 minutes, but the boot loop continued.
Has anyone seen this behavior? If so, is there a workaround?
Thank you in advance.
Click to expand...
Click to collapse
Working fine with OnePlus 7t latest beta. There might be some other issue. LSPosed doesn't seem to cause bootloop. Share logcat.

Using Software with V-key Components

UPDATE!​NO MORE COMPLICATED SCRIPTS, JUST USE MAGISK 24.1 WITH DENY LIST!
1. Enable Zygisk, add the apps to the deny list
2. Hide Magisk App
3. Install SafetyNet Fix by kdrag0n (Might still need Magisk Hide Props if your device is a little older)
Working on: Poco X3 Pro + Lineage 18.1 (Android 11)
Aurora Store | F-Droid - Free and Open Source Android App Repository
A Google Playstore Client
f-droid.org
^Use aurora store to get the older version of Singapass that's likely to work, I'm using build 100.
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
erOzeOz said:
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Click to expand...
Click to collapse
Disabling the existing vkey components should be enough.
Did you spoof the device signature with the magisk hideprops module?
KrishvY said:
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
Click to expand...
Click to collapse
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Xanth0k1d said:
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Click to expand...
Click to collapse
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
KrishvY said:
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
Click to expand...
Click to collapse
The App Mananger by Muntashir Akon?
I think I need to explain this properly, SIngapass and some apps may not work in the following situations:
You installed a custom rom without a Google approved device ID
You rooted your phone
You have Magisk
etc​
For your case, Singpass does not work because you installed Lineage - a custom rom, which should not have a Google approved device prop by default. It doesn't matter if you are rooted or you have install Magisk at this point.
My suggestion to you is to install Magisk and follow my guide-hide magisk and spoof you device fingerprint so it looks like you are running a stock rom.
hi @Xanth0k1d. Have been using your method to hide singpass in the past. But the app just recently was able to detect root. As someone mentioned above, the updated app has no v-key components listed in the service. Any idea how to circumvent the situation and what services to disable?
Holy ****, I just saw the update.
Probably some dude saw this post...
I have yet updated so I can't test, if anyone's finding any solutions to this pls update as well.
Xanth0k1d said:
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Click to expand...
Click to collapse
heya, I'm the reddit user... I had updated the app, but so far has no luck finding where the detection is hiding now... I might just try turning off services one-by-one with servicely, but I'll keep you all updated if I get any success.
@Xanth0k1d since you haven't updated your singpass, can you check what are the available services and listeners currently your version is using? I want to compare the difference with the latest version.
I managed to get Singapore's GPay app to work by blocking this `com.google.android.gms.gmscompliance.ui.UncertifiedDeviceActivity`. Do your devices pass SafetyNet?
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
Thanks! Can confirm that this works!
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Lu5ck said:
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Click to expand...
Click to collapse
The safetynet api did not get nuked, the api changed so code that use the old api won't work, even on the latest stable build safetynet will still pass when using another checker app. While I won't go into the technical details, singpass spawns a new isolated process to check for root, exploiting the fact that isolated processes are treated differently and is difficult for magisk to hide itself. So the solution is to disable the offending process and not let it spawn. There are several other requirements necessary for singpass to run, which are largely beyond the scope of discussion in this thread.
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
auggie246 said:
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
Click to expand...
Click to collapse
The trick here is to decompile the APK using apktool and inspect the Androidmanifest.xml manually. Search for "ISOLATED" and in the same line you should be able to find the name of the service to be disabled. Of course this assumes that citibank's app used a similar tactic as the other apps.
Edit: I tried the citibank sg app, magisk hide + rename package is sufficient for me to launch the app, don't have an account so I can't test any further.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
I guess there's another update to Singpass that circumvent this circumvention as well lol
Apparently it's now using a service called o.ImmutableSetMultimap for checking root (confirmed by magiskhide entry) and it works for a few seconds after loading Singpass before failing again with different error message. I think it checks for both whether the service is active and found a root (gives error T0), or whether the service is running at all (gives error T-1). I think we need something else to block this.

Question Arrow OS 12 - Signature spoofing disabled

Hi. I installed AOS12 vanilla and would like the apps that need google play services to work, and while researching I decides to install microg, for which I'd need signature spoofing, however when I check it it says disabled.
How is it possible to enable it?
This feature should be there in the ROM in-built. You can try "Smali patcher" as well. You'll find that here on XDA. You can also try a recovery zip from nanolx website. Or some module from xposed repo with lsposed.

Mitnykredit app does not work stealth root

The latest versions of this application do not work, when trying to open the MitNyKredit app, a website opens with information about the detected root. Is there any way to get this app? I will add that I tried all the available methods with hiding root.
If you truly tried all the available methods then you have your answer. However in the case you missed something you should describe everything you already did.
Are you referring to this app?
MitNykredit - Apps on Google Play
Gives you easy access to manage your daily finances both at home and on the go.
play.google.com
I can open it and get to login screen if it is in denylist, otherwise it opens a website indeed
Yes, it's about this app, Magisk hide, Lsposed, Shamiko.
Do you pass safetynet?
For me this app works with official magisk + denylist enforced + this app in denylist. Didn't even have to clear cache, just adding/removing it in denylist makes it work/not work.
I have universal safetynet fix mod by displax and I have modified props inspired by this post for my device which I believe to be "helpful" in this case.
As I wrote, SafetyNet is of course correct, otherwise other applications would not work for me. I only have a problem with this app (for now), the rest works after hiding root in Magisk. I don't know what the problem is
You never wrote that actually.
Perhaps try official magisk with denylist? Seeing as how that works for me for this app..I am not familiar with the forks of magisk and lsposed/shamiko stuff, but I browsed some of these threads and I saw "HideMyApp" thrown around a lot as well which I assume to be lsposed module, worth looking into I guess.
Of course, the newest Magisk, the newest Lsposed, and the Shamiko don't help. I checked older versions 7.2.1 of MitNyKredit app and it works without problem, and after installing the latest version it detects root ...
Try to use Island or Shelter. most bank Apps able to work this way
@Spartacus500
Ah, a fellow Dane. I know for a fact that MitID won't work because of the installed ROM Lineage OS. The apk somehow extracts information about the ROM.
Maybe the same goes for MItnykredit?
I have tried to make changes to the build prop without success.

Categories

Resources