Banking app (Starling) detecting Magisk - Magisk

A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?

What's the banking app name?

Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com

makeyourself said:
A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?
Click to expand...
Click to collapse
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist

spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
I was wondering why Starling suddenly started failing - thanks!

Try hide root with some google apps on deny list. (u can search "html", "webview", "feedback" then enable hide them all apps which include these words.

giociampa said:
I was wondering why Starling suddenly started failing - thanks!
Click to expand...
Click to collapse
Ta
For ref - Process for Noobies is here;
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Files and all

spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks. Worked for me on my 6t using LOS20 and Starling

surajpai524 said:
What's the banking app name?
Click to expand...
Click to collapse
Starling
surajpai524 said:
Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com
Click to expand...
Click to collapse
If I rename/repackage the Magisk app and use Deny List then the only things Ruru detects is the Magisk app itself (even though it's renamed) and TWRP. TWRP doesn't seem to be the problem because the banking app doesn't seem to care if I've got that installed so long as Magisk isn't installed to ramdisk. And the banking app is clearly detecting something other than just the Magisk app because it trips after flashing Magisk from recovery, even if the Magisk app isn't installed.
I think @spida_singh may have a solution though!

spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time. Edit: Just tried and it works !!
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!

makeyourself said:
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time.
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!
Click to expand...
Click to collapse
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.

spida_singh said:
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.
Click to expand...
Click to collapse
Id like to know too - But use my file from post #7 and it should work

I think I spoke to soon. It's still showing up for me when I quit the Starling app.

I tried Starling app and at first it detected root but once I added to Deny list in Magisk. It didn't detect and went to login page.
My root detection bypass configs:-
Magisk (Not hidden/ Name unchanged / Not Frozen)
Magisk Deny List
Shamiko 0.7
Hide My AppList (LSPosed Module)
Universal SafetyNet Fix mod by Displex
I don't know other behaviour like after login and stuff, since I don't have an account.
Ruru screenshot: even with xposed modules and Magisk app not hidden

Prof. Yaffle said:
I think I spoke to soon. It's still showing up for me when I quit the Starling app.
Click to expand...
Click to collapse
Do you have the the domain mentioned above blacklisted in Adaway and the app on Magisk Deny List with Deny List enforcing? All working fine here now.
I also have USNF (kdrag0n) and Magisk Hide Props Config installed. Magisk 26.1
Also you have to clear the app's data before that message will go away.

Yes, I've tried it added manually and also with the file. Same result both ways. I have the Magisk app hidden, Starling in the Deny list but Enforce disabled as I'm using Shamiko.
Edit
I've just cleared the Starling app data and it seems okay at the moment

FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround

fkofilee said:
FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround
Click to expand...
Click to collapse
I'm running the latest starling absolutely fine on my Pixel 6. Same set-up (latest linesgeos nightly)
Magisk Delta
USNF by displax
PCAP block list still contains this host
What is your setup?

Official Magisk, UNSF from Displax, Fingerprint Props.
Adaway still contains the host file I made.

My OnePlus 6t on the latest Lineageos 20 nightly seems fine with Shamiko, USNF Mod and the blocked host in Adaway

Related

[Help] Magisk hide works only when retoggled

Details: Huawei P20 Pro running 9.0. Magisk Manager v7 (latest), Magisk v18.2 (latest canary) original package name. Safety net passed.
I tested to make sure that magisk hide is working properly on my device. https://play.google.com/store/apps/details?id=com.revolut.revolut&hl=en_GB. This app does not have fingerprint login enabled without magisk hide. Hence when I turn off magisk hide, you can't use fingerprint to login into the app. When I turn it back on, fingerprint login works. Also my bank app works.
Here is the problem. https://play.google.com/store/apps/details?id=com.starlingbank.android&hl=en_GB. This app does not seem to run even when magisk hide is on. Here's the kicker, even though magiskhide has been toggled and confirmed working, upon opening this app it will show the usual "device not secure/rooted" message. After this it somehow disable magiskhide as my revolut app no longer prompts for fingerprint and my bank app stops working.
I have to go back into magisk and retoggle magisk hide for it to work again. (However the starling bank app still fails the root check)
I'm really really frustrated now and will appreciate any help.
UDPATE: I did some stuff from https://forum.xda-developers.com/apps/magisk/how-to-bypass-lloyds-root-detection-t3837206, the adaway host list. Added MagiskHide Props Config. I also set tasker to toggle magiskhide whenever I turn on my screen. Seems to work more consistently for now
Check the Magisk main thread and Github, there is a known problem with Magisk Hide in the 18.x. I went back to 17.x which work for me without any problems.
lambstone said:
Details: Huawei P20 Pro running 9.0. Magisk Manager v7 (latest), Magisk v18.2 (latest canary) original package name. Safety net passed.
I have to go back into magisk and retoggle magisk hide for it to work again. (However the starling bank app still fails the root check)
I'm really really frustrated now and will appreciate any help.
Click to expand...
Click to collapse
If Magisk Hide Of Magisk 18.x Is Working Intermittently (Which Means Also The Device Will Not Pass The SafetyNet Sometimes), Try To Use The Module Of Microsoft Intune Company Portal Hider Which Includes Also The Functionality Of Re-Enabling Magisk Hide Every 5 Min. For Magisk 18.x From This Thread https://forum.xda-developers.com/apps/magisk/module-microsoft-intune-company-portal-t3780451. Awaiting Your Feedback.
Dreamer(3MF) said:
The Functionality Of Re-Enabling Magisk Hide Every 5 Min
Click to expand...
Click to collapse
Doesn't this cause battery drain?
akxak said:
Check the Magisk main thread and Github, there is a known problem with Magisk Hide in the 18.x. I went back to 17.x which work for me without any problems.
Click to expand...
Click to collapse
Hi, some questions. Do I have to install also the Manager v6.10 to install Magisk v17.3? Or can I leave the last Manager? Then, I uninstall Magisk from the app and them I flash the v17.3 from (temporary) TWRP, is it correct?
Simone_ASR said:
Hi, some questions. Do I have to install also the Manager v6.10 to install Magisk v17.3? Or can I leave the last Manager? Then, I uninstall Magisk from the app and them I flash the v17.3 from (temporary) TWRP, is it correct?
Click to expand...
Click to collapse
The latest Magisk Manager dropped support for Magisk 17 or older, you need the matching Manager..
akxak said:
The latest Magisk Manager dropped support for Magisk 17 or older, you need the matching Manager..
Click to expand...
Click to collapse
Thank you so much for your fast reply!
In the exact same situation as OP P20 Pro (maybe except im on LOS 16)
Magisk seems to be working fine passing safteynet and Root Beet finding nothing but yet the Starling Bank app and the Arriva Ticket app both figure out my phone is rooted after a while and lock out.
Had exact problem with Starling app with magisk hide and app on hide list. Turned out to be a direct build.prop modification so after resetprop -p all good now.
gkornaks said:
Had exact problem with Starling app with magisk hide and app on hide list. Turned out to be a direct build.prop modification so after resetprop -p all good now.
Click to expand...
Click to collapse
Can you expand on this a bit?
I've downloaded Magiskhide props config, and what do I have to do now?
For me, starling always works for couple of days and then it locks me out via the root screen.
republicj said:
Can you expand on this a bit?
I've downloaded Magiskhide props config, and what do I have to do now?
For me, starling always works for couple of days and then it locks me out via the root screen.
Click to expand...
Click to collapse
I modified a build.prop directly before magisk install so compromised the system partition. I've used resetprop to mask it. Like you I'm occasionally getting root warning as well and have to re-authorise so magisk hide in 18.1 not perfect as mentioned a lot in a forum.
Hi,
it seams that the problem is still there. I have to retoggle Magisk Hide at every reboot of the phone.
Is there any workaround or any ETA on the fix?
Thank you.
No one?
Never ask for ETAs...
https://github.com/topjohnwu/Magisk/issues/1654
Didgeridoohan said:
Never ask for ETAs...
https://github.com/topjohnwu/Magisk/issues/1654
Click to expand...
Click to collapse
Ok, I'm sorry about that , I just needed a confirmation that the problem was still there. Thank you for the reply!
Yes it's till here. I cannot login to Arriva bus app with Magisk 20.1.

clubhouse on rooted devices

Hi
I have a problem in the clubhouse app that login not complete on any rooted device ... no problem on Non Root devices
I hide magisk app add clubhouse to magisk hide and EDExposed blacklist but still not working.
also, the same issue is in Mcdonald's app.
any idea how to solve these issues
Note: My Bank app works after adding it to magisk hide and hide magisk app, which means i did it right.
thanks
anyone help me please
Have you tried removing the Magisk app? That's a popular way of detecting Magisk, even with a repackaged app. It's practically impossible to completely hide it on anything below Android 11, and even then it's necessary for the app to target A11 for full hiding to work (which won't happen until Google enforces that, maybe later this year).
Of course, Xposed/EdXposed/LSPosed tools can probably be used to hide the app fully...
Didgeridoohan said:
Have you tried removing the Magisk app? That's a popular way of detecting Magisk, even with a repackaged app. It's practically impossible to completely hide it on anything below Android 11, and even then it's necessary for the app to target A11 for full hiding to work (which won't happen until Google enforces that, maybe later this year).
Of course, Xposed/EdXposed/LSPosed tools can probably be used to hide the app fully...
Click to expand...
Click to collapse
thanks for your reply
if i removed magisk .. everything that use root will stop and i don't want that
also can you please tell me how to hide the app fully using EDXposed
I did not say "remove Magisk"... I said "remove the Magisk app". Just uninstall the app and try and see if Clubhouse still triggers. If it works we know it's looking for the app and you'll have to either freeze/uninstall the Magisk app when using Clubhouse and then reinstall it again afterwards, or use one of the available isolation methods. I've got a few of those mentioned here, but I'm sure you can find more if you search (it's been covered a lot):
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Isolation_apps
zamlkawy said:
Hi
I have a problem in the clubhouse app that login not complete on any rooted device ... no problem on Non Root devices
I hide magisk app add clubhouse to magisk hide and EDExposed blacklist but still not working.
also, the same issue is in Mcdonald's app.
any idea how to solve these issues
Note: My Bank app works after adding it to magisk hide and hide magisk app, which means i did it right.
thanks
Click to expand...
Click to collapse
for Mcdonald's try this
[MOD][XPOSED][4.1+] McRoot (McDonalds Global App)
McRoot McDonalds Global App security fix Remove checks of: root unacceptable apps unacceptable device properties (developer options etc) Note: The app requests SafetyNet pass! Use Magisk+Riru+Riru-Unshare etc Install notes: install apk...
forum.xda-developers.com
Hi. I also have Magisk installed on my device. I uninstalled Magisk app, tried logging into clubhouse again, but still the issue persists.
After receiving the missed call while trying to sign in, I get the notification, 'There was an error please try again'
Clearing the clubhouse app data, uninstalling and reinstalling the app again hasn't helped at all. I get the same issue.
I have Magisk 23.0 installed on my Oneplus5T running Android 10.

[Help] Can't reinstall magisk

I upgraded to Magisk v23 without thinking and I am trying to reinstall 22.1 so I can continue with magisk hide, but no matter how I flash the repackaged boot.img, after reboot, installed always shows N/A. I've tried with v22 as well, and the same result.
Am I missing something about downgrading, or am I just doing something way off? Thanks in advance.
Why v22.1? Magisk v23 still has the "normal" MagiskHide...
(And just as a FYI, the new Deny list that is included in the latest Canary, 23010, works just as good to hide Magisk from what I've seen so far.)
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
DrSeussFreak said:
I've tried 23 as well, I am on it as we speak, yet no matter what, I cannot get the boot to flash...
I did try the new version before rolling back and I could not add the RSA app I need for work to the deny list, rather it caught on to root and crapped out.
If I missed how to add to the deny list, I am happy to try again.
Click to expand...
Click to collapse
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
V0latyle said:
So Magisk Canary was released yesterday:
Magisk 23010
Someone who is temp rooting want to patch their boot image with this and see what happens?
Also, Magisk Hide is no longer, so here's what you have to do to pass Safetynet (the check is no longer in Magisk so you'll have to use an external app)
In Magisk:
Remove Universal Safetynet Fix and Riru, if you have them installed, Reboot.
Launch Magisk again
Settings > Magisk:
Enable Zygisk
Enable Enforce Denylist
Enable for Google Play Services components: (I just enabled for all subcomponents)
com.google.android.gms
com.google.android.gms.unstable
That should be enough to pass Safetynet. Don't forget to hide other apps such as banking, GPay, DRM (Netflix, Amazon Prime Video, etc)
Click to expand...
Click to collapse
V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
DrSeussFreak said:
Google play services is what I was missing in my earlier attempts. I cannot thank-you enough!
Click to expand...
Click to collapse
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
I just went through and re-did all my financials and streaming (plus all Amazon apps). I just forgot I had enabled it for these services.
V0latyle said:
No problem. Google Play Services actually provides the security information for applications that depend on it, so it's one of the most important ones to hide.
Don't forget to hide other apps too. I've come across some weird ones; for example, I have a Honeywell WiFi smart thermostat, and for some odd reason the app not only checks for root, but prevents me from remotely controlling the thermostat if root is detected.
In most cases, you should be able to tell if something needs to be hidden or not; some apps just won't work (like Netflix or Amazon Prime Video).
Click to expand...
Click to collapse
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
DrSeussFreak said:
Sorry, 1 additional question I didn't get a clear answer from the forums. I have 4 modules active in Magisk, 3 of them related to safetynet, Riru, MagiskHide Props Config and Universal Safetynet Fix. I disabled them and everything is still working, and I am guessing I do not need them anymore, since it's a whole new setup.
Am I correct that I no longer need these modules anymore? Once again, I appreciate the help.
Click to expand...
Click to collapse
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
V0latyle said:
Correct, I was using the same solution as you - I had Riru, USNF, MagiskHide Props Config, and Systemless Hosts. I removed everything and reenabled Systemless Hosts after a reboot. The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
I may end up going back to 23001 because my banking app (Navy Federal) now refuses to start.
Click to expand...
Click to collapse
Thank you for confirming and good luck with your banking app, I checked all mine, so far so good. New system news bugs
V0latyle said:
I was on Magisk 23001 (albeit on Android 12) and MagiskHide + SafetyNet worked great for me.
I'm currently on 23010, and it's still working:
Click to expand...
Click to collapse
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
That is what i saw. I've been rooted for almost a decade and I've never seen this issue before with magisk. I don't use gpay often, so that is ok, but i appreciate the info.
pippo45454 said:
Hi, gpay does not work anymore....Say system rooted....but safetynet pass....
Aldo there Is no way ti install back 23001
Click to expand...
Click to collapse
Did you use DenyList to hide both GPay, Google Play Services, and Google Play Store?
GPay works for me, but I am getting a CTS profile mismatch on Magisk 23010, so there's more work to be done. For now, I've downgraded to 23001.
I'll confirm gpay working, i hadn't checked earlier, but I'd marked it for the deny list earlier
How you downgrade to 23001?could you write entire procedure please?
I pur all exclusion, in Witch way you obtain CTS profile?
V0latyle said:
The reason this is necessary is because 23010 uses a different language to interface with modules, so a lot of modules are going to have to be rewritten.
Click to expand...
Click to collapse
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
V0latyle said:
I am getting a CTS profile mismatch on Magisk 23010
Click to expand...
Click to collapse
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
pippo45454 said:
I passeri CTS profile with safetynet but anytime i try ti add my card on gpay the band Will block automatically mi credito card...seems that they found that the phone Is not secure do to root....how i can go back ti 23001?
Click to expand...
Click to collapse
Go into Magisk and tap Uninstall > Restore Images, then Uninstall Completely. Allow Magisk to reboot the phone. When it reboots, Magisk and root will be gone.
Install Magisk 23.0. Manually patch the boot image, reboot to bootloader, and flash the patched boot image. Reboot again and you should come back into root with 23.0.
Didgeridoohan said:
Not quite true. 23010 introduces Zygisk that gives module developers way more options on how to create advanced modules. We'll now be able to have Xposed style Magisk mods. Really cool. Old modules still work just as fine though...
Click to expand...
Click to collapse
Thank you for the explanation. I was under the impression that most modules would have to be rewritten to work with Zygisk.
Didgeridoohan said:
Could be because you removed the modules that can help you pass CTS...
MagiskHide Props Config if you need a certified print on a custom ROM (no need on the stock ROM) or if you need to reapply sensitive prop changes that are no longer included in Magisk (although these are also included in Universal SafetyNet Fix v2.1+).
Universal SafetyNet Fix to get around hardware backed key attestation and spoofing model props for Play Services (although currently Magisk Canary 23010 isn't compatible with Riru, so you'll probably have to use an older USNF release for now, and spoof props with MHPC).
Click to expand...
Click to collapse
Well, I tried USNF 2.0.0, CTS profile still failed, so I removed Magisk and went back to the last version that worked for me, 23001. I only use 4 modules: USNF, Riru to support it, MagiskHide Props, and Systemless Hosts. I'm on the stock ROM. I'll just wait until USNF is updated to work with Zygisk.

MagiskHide detected as an Android Emulator in banking app

For context I have "treble_arm64_bvS-userdebug 11 RQ3A.211001.001 eng.crossg.20211108.032335 test-keys" LineageOS custom rom with magisk and safetynet granted (thanks to riru module)
But my banking app got recently updated https://play.google.com/store/apps/details?id=com.cm_prod.bad and now refuses to let me connect because "For security reasons this application does'nt support emulators anymore"
This app has MagiskHide applied otherwise it detects root and refuses to let me connect
I know MagiskHide is discontinued but is there a Magisk module or a tweak that could resolve my issue ?
Thanks in advance for any help
Try install IsLand and add app that detect Magisk into IsLand, also hide magisk app by repacking magisk with random package
Dawnowl444 said:
For context I have "treble_arm64_bvS-userdebug 11 RQ3A.211001.001 eng.crossg.20211108.032335 test-keys" LineageOS custom rom with magisk and safetynet granted (thanks to riru module)
But my banking app got recently updated https://play.google.com/store/apps/details?id=com.cm_prod.bad and now refuses to let me connect because "For security reasons this application does'nt support emulators anymore"
This app has MagiskHide applied otherwise it detects root and refuses to let me connect
I know MagiskHide is discontinued but is there a Magisk module or a tweak that could resolve my issue ?
Thanks in advance for any help
Click to expand...
Click to collapse
https://github.com/kdrag0n/safetynet-fix make sure you use the one for magisk hide not zygisk.
Also make sure that magisk manager is hidden ex in magisk manager settings hide magisk rename. Also make sure gms(play services), play store, and your banking app is hidden
toolhas4degrees said:
https://github.com/kdrag0n/safetynet-fix make sure you use the one for magisk hide not zygisk.
Also make sure that magisk manager is hidden ex in magisk manager settings hide magisk rename. Also make sure gms(play services), play store, and your banking app is hidden
Click to expand...
Click to collapse
There are more and more app now can detect magisk stub apk (random package). Your tutorial is old and already have a post about how to do this ))
Well thanks for your responses and yes I have already have already rename Magisk with random id, I have universal safety net fix with riru, and MagiskHide enabled with my banking app (otherwise it detects root as is). And tough that all of this was enough (I do pass safetynet for now) but seems that it is not for my banking app...
@huskydg.11455139 I installed IsLand but I was a bit too much surprised with all the professional profil tweaking that it was doing without my consent... I kinda panic and uninstall the all thing...
But :
- I don't get in what way this will hide the fact that my banking app detect Magisk as an emulator
- When an app is "professionalised" what does it do and what does happen to my saves ?
- I do need MagiskHide to hide root otherwise my banking app detects it either way, can I do that while having IsLand enabled ?
Dawnowl444 said:
Well thanks for your responses and yes I have already have already rename Magisk with random id, I have universal safety net fix with riru, and MagiskHide enabled with my banking app (otherwise it detects root as is). And tough that all of this was enough (I do pass safetynet for now) but seems that it is not for my banking app...
@huskydg.11455139 I installed IsLand but I was a bit too much surprised with all the professional profil tweaking that it was doing without my consent... I kinda panic and uninstall the all thing...
But :
- I don't get in what way this will hide the fact that my banking app detect Magisk as an emulator
- When an app is "professionalised" what does it do and what does happen to my saves ?
- I do need MagiskHide to hide root otherwise my banking app detects it either way, can I do that while having IsLand enabled ?
Click to expand...
Click to collapse
IsLand is second space, any app in IsLand cannot collect anything in Primary space, prevent it collects app list and scan these apk to detect random package magisk app
You can apply MagiskHide / MagiskDenyList for any app in IsLand
I used this to bypass Techcombank, PUBG NEW STATE which can even detect random package magisk app (stub.apk) without freezing Magisk app
Or Hide your list app by using Xposed module: Hide My List App, because now more and more app can detect magisk even it has random package.
With combo (MagiskHide)+(Random Package Magisk app)
huskydg said:
IsLand is second space, any app in IsLand cannot collect anything in Primary space, prevent it collects app list and scan these apk to detect random package magisk app
You can apply MagiskHide / MagiskDenyList for any app in IsLand
I used this to bypass Techcombank, PUBG NEW STATE which can even detect random package magisk app (stub.apk) without freezing Magisk app
Or Hide your list app by using Xposed module: Hide My List App, because now more and more app can detect magisk even it has random package.
With combo (MagiskHide)+(Random Package Magisk app)
Click to expand...
Click to collapse
Well I did just now tried IsLand and my banking app still detects that my phone is considered as an emulator.
But the thing is MagiskHide and random package repacking do work as long as hiding root is concerned, otherwise by banking app do warn me that it detects root. But I wonder if in that process MagiskHide use some technics that are ones of an emulator in the process and my banking app do detects that...
Dawnowl444 said:
Well I did just now tried IsLand and my banking app still detects that my phone is considered as an emulator.
But the thing is MagiskHide and random package repacking do work as long as hiding root is concerned, otherwise by banking app do warn me that it detects root. But I wonder if in that process MagiskHide use some technics that are ones of an emulator in the process and my banking app do detects that...
Click to expand...
Click to collapse
Are you using Custom ROM?
huskydg said:
Are you using Custom ROM?
Click to expand...
Click to collapse
Well yes I'm using AndyYan's Lineage OS (Android 11) rom thanks to phh experimentation from the Treble Project.
This could could be a thing but I'ts weird that my banking app is warning me about emulator and not custom rom (instead of WhatsApp that clearly says that it detects custom rom).
I'm just speculating at this point but I have my bootloader unlock and the phh/AndyYan rom is userdebug. I think the unlock bootloader is spoofed by safetynet fix but I don't know if the userdebug variant can be detect and can be sign of an emulator...
Dawnowl444 said:
Well yes I'm using AndyYan's Lineage OS (Android 11) rom thanks to phh experimentation from the Treble Project.
This could could be a thing but I'ts weird that my banking app is warning me about emulator and not custom rom (instead of WhatsApp that clearly says that it detects custom rom).
I'm just speculating at this point but I have my bootloader unlock and the phh/AndyYan rom is userdebug. I think the unlock bootloader is spoofed by safetynet fix but I don't know if the userdebug variant can be detect and can be sign of an emulator...
Click to expand...
Click to collapse
So that's why, most Custom ROM has broken rules, do you know? Also app can easily detect if you are running Custom ROM
huskydg said:
So that's why, most Custom ROM has broken rules, do you know? Also app can easily detect if you are running Custom ROM
Click to expand...
Click to collapse
Welp same here but it just bug me that my app detects "emulator" and not custom rom... But it's could be some nonsens from by banking app after all...
And weird think that I need to disable MagiskHide, that is still usefull to me, for Momo checking.
So then I should try to spoof my build id and other stuff that can say that I have custom rom?
Dawnowl444 said:
Welp same here but it just bug me that my app detects "emulator" and not custom rom... But it's could be some nonsens from by banking app after all...
And weird think that I need to disable MagiskHide, that is still usefull to me, for Momo checking.
So then I should try to spoof my build id and other stuff that can say that I have custom rom?
Click to expand...
Click to collapse
Maybe they can mark custom ROM as emulator just to make you fear (sometime they said they found something but not that thing). who know?
Try restore to stock rom (no root) and check
huskydg said:
Maybe they can mark custom ROM as emulator just to make you fear (sometime they said they found something but not that thing). who know?
Try restore to stock rom (no root) and check
Click to expand...
Click to collapse
Yeah sometimes they say stuff because they found root or "insecurity" but the app says something completely different.
I will loose all my data if I restore stock rom plus it's a Chinese bloated rom, so I won't do that. I do really like Lineage OS so I will stay out there. But yeah it will most definitively work with stock rom not rooted that's obvious (well I say that but I still have TWRP and unlock bootloader)
huskydg said:
There are more and more app now can detect magisk stub apk (random package). Your tutorial is old and already have a post about how to do this ))
Click to expand...
Click to collapse
If you are using xposed, you can use dev opts hide and hide my applist modules to hide anything you want. I was going with the simplest answer to see if all the first checks were in place.
toolhas4degrees said:
If you are using xposed, you can use dev opts hide and hide my applist modules to hide anything you want. I was going with the simplest answer to see if all the first checks were in place.
And wasn't tutorial was a question
Click to expand...
Click to collapse
Not all apps you can apply the same way
huskydg said:
Not all apps you can apply the same way
Click to expand...
Click to collapse
Actually you can if they are more invasive you will need more hiding than magisk hide can give you. Which are the lsposed method example of what I said also lua module can do some of it also depends which module you prefer. I use hide my applist and dev opts
Go search lsposed and how to use hide my applist
toolhas4degrees said:
Actually you can if they are more invasive you will need more hiding than magisk hide can give you. Which are the lsposed method example of what I said also lua module can do some of it also depends which module you prefer. I use hide my applist and dev opts
Go search lsposed and how to use hide my applist
Click to expand...
Click to collapse
You think I don't know this , don't you?
If you do you wouldn't be here asking.
Maybe you should try using them correctly and clearing data and cache of the app.
toolhas4degrees said:
If you do you wouldn't be here asking.
Maybe you should try using them correctly and clearing data and cache of the app.
Click to expand...
Click to collapse
What's the question I am asking?
toolhas4degrees said:
If you do you wouldn't be here asking.
Maybe you should try using them correctly and clearing data and cache of the app.
Click to expand...
Click to collapse
Maybe you misunderstand what i am taking?

What is the go-to replacement for MagiskHide & the central module repo?

I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
KaoDome said:
I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
Click to expand...
Click to collapse
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Here. First 5 post and you should know all you need
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Quantumrabbit said:
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Click to expand...
Click to collapse
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.
Click to expand...
Click to collapse
Porpet said:
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
Click to expand...
Click to collapse
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Quantumrabbit said:
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Click to expand...
Click to collapse
And where did you find the deny list?
fusk said:
And where did you find the deny list?
Click to expand...
Click to collapse
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
H
toolhas4degrees said:
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
Click to expand...
Click to collapse
How to add modules shamiko & how to more hide features
Spartacus500 said:
H
How to add modules shamiko & how to more hide features
Click to expand...
Click to collapse
Shamiko is a flashable only need to slash magisk module. You can find it in the magisk alpha thread on telegram. You need to configure denylist first and reboot then turn off the enforce denylist toggle and flash the shamiko module.
If you are using lsposed download hide my applist xposed module and search how to use it if you want more coverage
Pm me if you want links
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Drakinite said:
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
This is quite weird and definitely shows how different devices handle root detection. I a Samsung S10+ and just installed Magisk 24 with enforce DenyList earlier this week. Today I just installed Duo Mobile and it works fine. I do not have it in the DenyList, and Magisk is not hidden. I use a custom SafetyNet fix that was installed when I originally installed an AIO TWRP/Magisk/SafetyNet fix after unlocking my bootloader. I also fail SafetyNet checks.
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Drakinite said:
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
danbest82 said:
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Click to expand...
Click to collapse
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
anonymous-bot said:
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
Click to expand...
Click to collapse
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
Get VD Infos and use it to scan your files. You can find it on XDA.
Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
Click to expand...
Click to collapse
Hmm ok. Like I said shimako didn't work for me either. I'm not sure why Duo is still detecting root. For reference this is what is on my DenyList:
Drakinite said:
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
YASNAC is the replacement for Momo it looks like since Momo is Riru based (https://github.com/canyie/Riru-MomoHider)
simplydat said:
Get VD Infos and use use to scan your files. You can find it in XDA
Click to expand...
Click to collapse
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Drakinite said:
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Click to expand...
Click to collapse
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Drakinite said:
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Click to expand...
Click to collapse
Awesome. Hope it stays that way!
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
antivirtel said:
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
Click to expand...
Click to collapse
Version 24102 would be v24.102. So your Magisk 24.300 is newer.

Categories

Resources