Database Develop

[BUG] MagiskHide does not work on Hanabank app. (strace log attached)

Hello, everyone.
Few days ago, I found Hanabank app (com.hanabank.ebk.channel.android.hananbank) detects Magisk hide. I ran strace against Hanabank app, and I got some suspicious openat(2) returns -EACCES and even some files are not filtered by Magisk Hide (returns file descriptor successfully)
Here are openat(2) calls which don't look good.
Code:
[pid 27855] openat(AT_FDCWD, "/sbin_orig/magisk", O_RDONLY|O_LARGEFILE) = 91
[pid 27855] openat(AT_FDCWD, "/dev/magisk/mirror/system", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
[pid 27855] openat(AT_FDCWD, "/magisk", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
[pid 27855] fstatat64(AT_FDCWD, "99-magisk.sh", {st_mode=S_IFREG|0755, st_size=2011, ...}, 0) = 0
Full strace log of Hanabank app:
Code:
https://pastebin.com/BUiViAbK
I think they should return -ENOENT to pass that magisk detection routine.
I'm using Magisk v14.0
BTW, why Magisk Github issue tracker is disabled?

Having the same issue but with another app.
https://forum.xda-developers.com/showpost.php?p=73968022&postcount=19348
How did you run strace? I used strace -f -p PID-o /sdcard/strace.txt but no reference to Magisk is shown.

olivercervera said:
Having the same issue but with another app.
https://forum.xda-developers.com/showpost.php?p=73968022&postcount=19348
How did you run strace? I used strace -f -p PID-o /sdcard/strace.txt but no reference to Magisk is shown.
Click to expand...
Click to collapse
First, sorry for late reply. I was on vacation.
I used this script to attach strace to fresh app process.
Code:
while true; do
while ! ps | grep -q -i $1; do :; done;
ps | grep -i $1 | while read a b c; do
strace -e open -f -e trace=file,ptrace -p $b 2>&1;
done;
done
For example, if you saved this script as /sdcard/strace.sh, The procedure I take to attach strace to the app is;
1. use killall command to kill all app process. Android pre-forks app, so we need to kill that first.
2. run script using sh /sdcard/strace.sh <app_process_name>. This will attach strace to the app and redirects strace's stderr output to stdout.
2-1. Do whatever you want (use tee or just redirect it to file, etc..) with stdout stream.
3. Analyze collected result.
That's all.

perillamint said:
First, sorry for late reply. I was on vacation.
I used this script to attach strace to fresh app process.
Click to expand...
Click to collapse
Hi
Just now I realised that I responded in the other thread. However your script never worked
I ran the script in a shell with root permission using
Code:
sh /sdcard/strace.sh com.barclays.android.barclaysmobilebanking
Unfortunately this is what I get when I try to run the script
Code:
/sdcard/strace.sh[5]: syntax error: 'done' unexpected
What have I done wrong?
EDIT: I've done this test on another device, a Nexus 5X stock 7.1.2 + Magisk v14. If I run strace it is not found, I have installed busybox but nothing! WAT??? I'll test with the other device later which has strace (Nexus 5).
EDIT2: Nope, I get the same error on the device which has strace.

olivercervera said:
Hi
Just now I realised that I responded in the other thread. However your script never worked
I ran the script in a shell with root permission using
Code:
sh /sdcard/strace.sh com.barclays.android.barclaysmobilebanking
Unfortunately this is what I get when I try to run the script
Code:
/sdcard/strace.sh[5]: syntax error: 'done' unexpected
What have I done wrong?
EDIT: I've done this test on another device, a Nexus 5X stock 7.1.2 + Magisk v14. If I run strace it is not found, I have installed busybox but nothing! WAT??? I'll test with the other device later which has strace (Nexus 5).
EDIT2: Nope, I get the same error on the device which has strace.
Click to expand...
Click to collapse
Hmm, I used sh which included in LineageOS.... I think Android's default sh couldn't handle that script's syntax properly. Default sh is quite crippled compared to GNU/Linux's one (bash, zsh, etc..)
Could you try running this script using bash instead of sh? If you don't have bash on your Android system, this Magisk module could inject bash binary into your system. https://forum.xda-developers.com/apps/magisk/module-magisk-bash-shell-t3609988

perillamint said:
Hmm, I used sh which included in LineageOS.... I think Android's default sh couldn't handle that script's syntax properly. Default sh is quite crippled compared to GNU/Linux's one (bash, zsh, etc..)
Could you try running this script using bash instead of sh? If you don't have bash on your Android system, this Magisk module could inject bash binary into your system. https://forum.xda-developers.com/apps/magisk/module-magisk-bash-shell-t3609988
Click to expand...
Click to collapse
Thanks for your suggestion. In the end I installed LOS on my test device and ran the script.
The funny thing is that I can't find a single reference to Magisk or Root...
The output is attached.

olivercervera said:
Thanks for your suggestion. In the end I installed LOS on my test device and ran the script.
The funny thing is that I can't find a single reference to Magisk or Root...
The output is attached.
Click to expand...
Click to collapse
Indeed. However the app dies shortly after reading the two property files:
/dev/__properties__/ubject_r:default_prop:s0
/dev/__properties__/ubject_r:logd_prop:s0
I would try to get the output of getprop with and without Magisk installed and see if there are any properties being leaked that could give a hint that Magisk is installed.

Fif_ said:
Indeed. However the app dies shortly after reading the two property files:
/dev/__properties__/ubject_r:default_prop:s0
/dev/__properties__/ubject_r:logd_prop:s0
I would try to get the output of getprop with and without Magisk installed and see if there are any properties being leaked that could give a hint that Magisk is installed.
Click to expand...
Click to collapse
You are the man! You definitely spotted the method being used by this app. Thanks.
I had to leave LOS ROM because even without Magisk it would not run, so I installed another ROM. I verified the app runs, got props, installed Magisk and got new props.
There are all changes:
1. [ro.build.selinux]: [1] is changed to [ro.build.selinux]: [0] when Magisk is installed
2. [ro.runtime.firstboot] shows different values but I believe it's fine
3. The following are entirely missing when Magisk is installed
[selinux.reload_policy]: [1]
[service.adb.tcp.port]: [-1]
[sys.retaildemo.enabled]: [0]
[init.svc.clear-bcb]: [stopped]
I have the feeling that [ro.build.selinux]: [1] and [selinux.reload_policy]: [1] are key elements and Magisk is not hiding them properly. I would suppose these elements show that SELinux is not enforcing anymore. I tried changing these values, but at reboot they don't change.
I know obviously Magisk does not enforce SELinux, but hides that got set to Permissive. System thinks that is enforcing, and using command getenforce i get as a result Enforcing, but Barclays (and possibly other apps) are reading that SELinux is not actually being enforced.
Interesting. Will post these finding in the main thread.
Do you have anything to add that could be helpful?

olivercervera said:
You are the man! You definitely spotted the method being used by this app. Thanks.
I had to leave LOS ROM because even without Magisk it would not run, so I installed another ROM. I verified the app runs, got props, installed Magisk and got new props.
There are all changes:
1. [ro.build.selinux]: [1] is changed to [ro.build.selinux]: [0] when Magisk is installed
2. [ro.runtime.firstboot] shows different values but I believe it's fine
3. The following are entirely missing when Magisk is installed
[selinux.reload_policy]: [1]
[service.adb.tcp.port]: [-1]
[sys.retaildemo.enabled]: [0]
[init.svc.clear-bcb]: [stopped]
I have the feeling that [ro.build.selinux]: [1] and [selinux.reload_policy]: [1] are key elements and Magisk is not hiding them properly. I would suppose these elements show that SELinux is not enforcing anymore. I tried changing these values, but at reboot they don't change.
I know obviously Magisk does not enforce SELinux, but hides that got set to Permissive. System thinks that is enforcing, and using command getenforce i get as a result Enforcing, but Barclays (and possibly other apps) are reading that SELinux is not actually being enforced.
Interesting. Will post these finding in the main thread.
Do you have anything to add that could be helpful?
Click to expand...
Click to collapse
If you use "resetprop ro.build.selinux 1" in a root shell, does the app start?
That will disappear at reboot of course, but it's easy to add to /magisk/.core/props to make it stick until Magisk is fixed.
Now, I don't think Magisk disables SELinux, why do you have it disabled?

Fif_ said:
If you use "resetprop ro.build.selinux 1" in a root shell, does the app start?
That will disappear at reboot of course, but it's easy to add to /magisk/.core/props to make it stick until Magisk is fixed.
Now, I don't think Magisk disables SELinux, why do you have it disabled?
Click to expand...
Click to collapse
Yes, Magisk changes SELinux to Permissive and hides this status.
Although my findings would be legit and those props should be hidden, in my Bank's case is not the issue.
I have discovered that if I uninstall Magisk Manager (but not uninstall root, just the app) my bank app works. However it does not work if I use "Hide Magisk".
Since the hidden app is called Unhide Magisk Manager, probably this app is looking for Magisk keyword.
For whatever reason when I run strace the app does crash and always reports that message (crash after reading prop).
I will post these findings in the support thread.
I don't know how to do it, but I would recompile Magisk Manager changing package ID and name, in theory should work.

I am having the same issue on my Galaxy S8 with the Barclays Mobile Banking app. I have tried using every option in Magisk but nothing seems to be working. In fact, the Barclays app actually asked for SU permissions when I first ran it which is odd to me.
Did anyone find a workaround for this? I read the posts in this thread but I am not savvy enough to understand all the codes and technical information written, so please excuse my ignorance in the matter. Is reverting to a completely stock ROM my only option at this point? I really need to start using this application as soon as possible.
Thank you.

Quick update guys!
The great Topjohnwu is working on a new update that includes a key feature for us: reinstalling Magisk Manager with a random package ID.
These changes are in his Github Repo. On this thread you can find unofficial versions of Magisk compiled from Github.
I have tested Magisk-v14.4-20171102-091345.zip: HELL IT WORKS!
In Magisk Manager: go to settings and you will have the option to reinstall Magisk Manager with a random package ID
Install Barclays from Play Store
Add Barclays to Magisk Hide
Open Barclays, it will behave correctly and will work!
This solves my problem, so I will be able to use the latest version of this app very soon (will wait for public beta).
On a side note, this update should als hide /Magisk partition, which was detected by @perillamint banking app, so might be worth trying it.
I have installed this Hanabank app (hopefully is the right one!) and added it to Magisk Hide. The app opens up correctly but I can't understand anything. I see some stuff moving on screen and on the upper left I see a lock icon (to login?)
If I don't add the app to Magisk Hide it shows an incomprehensible message and closes.
Hope you find this helpful.
Please see photos below.

@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!

mundodisco8 said:
@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!
Click to expand...
Click to collapse
Yes, a fresh start from a stock Nexus 5X I have at work. I did not register the app with my account during the test, all I needed to do was to get to the Welcome Screen: if Barclays detects root you don't get anything. Probably you need to reinstall Barclays App.
Once Magisk Manager is hidden with the new ID you can't go back to the original: you don't have any option. So if you still have it means there is a problem.

mundodisco8 said:
@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!
Click to expand...
Click to collapse
He's talking about a new Hide Manager feature that is much improved from the current implementation. It's not yet available officially, so you'll have to build yourself from the GitHub repo, or download from the unofficial snapshots thread that @olivercervera linked.

Didgeridoohan said:
He's talking about a new Hide Manager feature that is much improved from the current implementation. It's not yet available officially, so you'll have to build yourself from the GitHub repo, or download from the unofficial snapshots thread that @olivercervera linked.
Click to expand...
Click to collapse
I didn't even consider the possibility he didn't realise I was using the unofficial/self compiled version... I even linked it!!!
Thanks

olivercervera said:
I didn't even consider the possibility he didn't realise I was using the unofficial/self compiled version... I even linked it!!!
Thanks
Click to expand...
Click to collapse
It's actually quite apparent that he's talking about the current implementation, since the updated, unreleased, feature doesn't have anything named "unhide" to click.
With the new implementation you unhide the hidden Manager by reinstalling and opening it.

Hi guys,
Yes, I installed the latest version, following the link OliverCervera linked. I hid it using the usual method of going to options/hide magisk, and I got a new app, as usual. clicking on it to unhide prompted for root permissions for an app with a random ID (as expected). The next time, I wasn't that lucky, and the whole thing crashed. Anyway, it's a nightly, so I won't complain, and I will check it later, as sadly I don't have time to do it now.
In any case, my app was marked, because I opened it with the official release of Magisk and it detected root, and once it does, it keeps the "this phone is rooted" status until you do a factory reset. I think you can call them to tell them that it was a mistake, and they can unlock it but I'm not 100% sure about this last point.
Thanks for the work, anyway!

mundodisco8 said:
Hi guys,
Yes, I installed the latest version, following the link OliverCervera linked. I hid it using the usual method of going to options/hide magisk, and I got a new app, as usual. clicking on it to unhide prompted for root permissions for an app with a random ID (as expected). The next time, I wasn't that lucky, and the whole thing crashed. Anyway, it's a nightly, so I won't complain, and I will check it later, as sadly I don't have time to do it now.
In any case, my app was marked, because I opened it with the official release of Magisk and it detected root, and once it does, it keeps the "this phone is rooted" status until you do a factory reset. I think you can call them to tell them that it was a mistake, and they can unlock it but I'm not 100% sure about this last point.
Thanks for the work, anyway!
Click to expand...
Click to collapse
If you install the correct version of the Manager you won't have an unhide app after hiding the Manager. That's changed...
Your problem is probably that the unofficial Manager has a different signature, so it won't install over the official Manager. Solution: Uninstall the official Manager before installing the unofficial snapshot.
Have you tried just clearing all data for the app after it detects root? That usually works for an app that "remembers" root. But, I've never tested the app in question so...

Didgeridoohan said:
If you install the correct version of the Manager you won't have an unhide app after hiding the Manager. That's changed...
Your problem is probably that the unofficial Manager has a different signature, so it won't install over the official Manager. Solution: Uninstall the official Manager before installing the unofficial snapshot.
Have you tried just clearing all data for the app after it detects root? That usually works for an app that "remembers" root. But, I've never tested the app in question so...
Click to expand...
Click to collapse
I think they keep your signature and store it on their servers. Barclays is really focused when it comes to not allowing people to use their app on rooted phones, but as I said, I would need to double check. And I kind of get why they do it, as they went all the way to avoid to pay Android to use Android Pay and they developed their own platform to pay over NFC (not judging here, it's up to them if they think it's the best solution). At the end of the day, root is exploited through a security flaw, and "the bad guys could get your moneys", and even though they could display a message at launch that says "hey, you are rooted, the bad guys could get AAAALLL of the moneys, it's up to you" people would still want to sue them if they mess up... but it's funny that they allow you to get into the online banking web on a rooted phone, where the bad guys could see your password...

Bypass DBS banking App

Resently BDS banking app(India) is updated.is there any modules to make that work...

Aniruddhlr said:
Resently BDS banking app(India) is updated.is there any modules to make that work...
Click to expand...
Click to collapse
This isn't xposed, so probably not. As long as your passing safetynet and enabled magisk hide for that and rebooted, in theory you should be fine. The next thing you can try is force closing the app and in Magisk manager, tapping "hide magisk manager" but that's only a temporary fix, some apps now check to see if magisk is installed at all. This will fix that

manor7777 said:
This isn't xposed, so probably not. As long as your passing safetynet and enabled magisk hide for that and rebooted, in theory you should be fine. The next thing you can try is force closing the app and in Magisk manager, tapping "hide magisk manager" but that's only a temporary fix, some apps now check to see if magisk is installed at all. This will fix that
Click to expand...
Click to collapse
Magisk is installed and passes safety net.
Still many banking apps detected root like BHIM.
And is there any way to hide custom ROM?

Aniruddhlr said:
Magisk is installed and passes safety net.
Still many banking apps detected root like BHIM.
And is there any way to hide custom ROM?
Click to expand...
Click to collapse
You can make a script to change the build information in the rom to release-keys instead of test-keys, some apps detect that. Also make sure you tick your banking app in Magisk hide settings. I believe there is a module so ewhere on the forum to do this, I will link it if I see it. Also you can try universal safetynet bypass module

manor7777 said:
You can make a script to change the build information in the rom to release-keys instead of test-keys, some apps detect that. Also make sure you tick your banking app in Magisk hide settings. I believe there is a module so ewhere on the forum to do this, I will link it if I see it. Also you can try universal safetynet bypass module
Click to expand...
Click to collapse
Thank you.ill try and tell you results.

Aniruddhlr said:
Magisk is installed and passes safety net.
Still many banking apps detected root like BHIM.
And is there any way to hide custom ROM?
Click to expand...
Click to collapse
manor7777 said:
You can make a script to change the build information in the rom to release-keys instead of test-keys, some apps detect that. Also make sure you tick your banking app in Magisk hide settings. I believe there is a module so ewhere on the forum to do this, I will link it if I see it. Also you can try universal safetynet bypass module
Click to expand...
Click to collapse
MagiskHide already changes the prop to release-keys (and some other props). And since SafetyNet already passes there's no need for the Universal SafetyNet Fix module.
Only thing to do is to add the app to the Hide list (no module needed for that) and also hide the Magisk Manager (there's an option for that in the Manager settings). Also make sure to use the latest release (currently v14.6 beta) since there's often improvements being done.
It's also possible that the app detects things like Developer options and USB Debugging being enabled. That can't be hidden by Magisk, so try disabling those if they're enabled.

Didgeridoohan said:
MagiskHide already changes the prop to release-keys (and some other props). And since SafetyNet already passes there's no need for the Universal SafetyNet Fix module.
Only thing to do is to add the app to the Hide list (no module needed for that) and also hide the Magisk Manager (there's an option for that in the Manager settings). Also make sure to use the latest release (currently v14.6 beta) since there's often improvements being done.
It's also possible that the app detects things like Developer options and USB Debugging being enabled. That can't be hidden by Magisk, so try disabling those if they're enabled.
Click to expand...
Click to collapse
Yeah just now I saw that release keys in build prop.
I'm not on beta is it safe to install beta(magisk).
I'll try those debugging things.

It's saying runtime tampering.what does it mean?

Aniruddhlr said:
Yeah just now I saw that release keys in build prop.
I'm not on beta is it safe to install beta(magisk).
I'll try those debugging things.
Click to expand...
Click to collapse
Beta is safe... The worst that can happen (that I've seen so far) is a bootloop that can be fixed by flashing a clean boot image or an earlier release (v14.5).
There might also be problems with the su database, but that should be fixed by uninstalling the app (from within the Manager, press Uninstall and choose Uninstall App) and reinstalling it.
It's worth it, since the Hide feature is much improved in v14.6.
---------- Post added at 12:21 ---------- Previous post was at 12:21 ----------
Aniruddhlr said:
It's saying runtime tampering.what does it mean?
Click to expand...
Click to collapse
What is saying that?

https://i.imgur.com/e2rAlNI.png

Didgeridoohan said:
Beta is safe... The worst that can happen (that I've seen so far) is a bootloop that can be fixed by flashing a clean boot image or an earlier release (v14.5).
There might also be problems with the su database, but that should be fixed by uninstalling the app (from within the Manager, press Uninstall and choose Uninstall App) and reinstalling it.
It's worth it, since the Hide feature is much improved in v14.6.
---------- Post added at 12:21 ---------- Previous post was at 12:21 ----------
What is saying that?
Click to expand...
Click to collapse
I added a image.see

Aniruddhlr said:
I added a image.see
Click to expand...
Click to collapse
Hello again.
Yes, I saw the image... But, the only thing you could try is to update Magisk and use the improved hiding features.
There are a few issues with the latest stable v15.0. Many Samsung and Huawei users are experiencing bootloops and some users have had forced encryption issues. Don't think I've seen any issues mentioned for Xiaomi devices though... Just make sure to have a backup and the latest Magisk uninstaller zip available and you should be good to go.
If you're feeling unsure about updating, wait... The issues are under investigation.

Didgeridoohan said:
Hello again.
Yes, I saw the image... But, the only thing you could try is to update Magisk and use the improved hiding features.
There are a few issues with the latest stable v15.0. Many Samsung and Huawei users are experiencing bootloops and some users have had forced encryption issues. Don't think I've seen any issues mentioned for Xiaomi devices though... Just make sure to have a backup and the latest Magisk uninstaller zip available and you should be good to go.
If you're feeling unsure about updating, wait... The issues are under investigation.
Click to expand...
Click to collapse
Thanks for that warning.
I already updated to 15v and found forced encryption issue.
Does runtime tampering have anything to do with this root?

Aniruddhlr said:
Thanks for that warning.
I already updated to 15v and found forced encryption issue.
Does runtime tampering have anything to do with this root?
Click to expand...
Click to collapse
Have you gotten v15.0 up and running? If not you could try again and uncheck "Preserve forced encryption" in the Manager before updating, or if you're flashing from recovery you could run the following code in the recovery terminal first:
Code:
echo KEEPFORCEENCRYPT=false>>/data/.magisk
Runtime tampering is probably just DBS's way of saying your device is rooted.
After getting v15.0 running, add the app to the Hide list and hide the Manager (option in settings). You might also have to clear data for the DBS app.
Also make sure that MagiskHide is working by checking SafetyNet. If at least basic integrity passes we know it does. If it doesn't, toggle MagiskHide off and on in the Manager settings and try again.

Hi, I am also facing same issue. My device is Zuk Z2 and am on Dot-OS rom. Magisk passes SafetyNet, have enabled Magisk Hide but still this DBS bank app detects root.
I also tried after disabling Developer options. Same error. What extra can be done?

+1
I need access to this app too whilst rooted with Magisk

tomdot said:
+1
I need access to this app too whilst rooted with Magisk
Click to expand...
Click to collapse
https://forum.xda-developers.com/apps/magisk/guide-magisk-troubleshooting-t3641417

DBS banking app finally works with Magisk 16.0 (with Magiskhide)

Mine can't work.. there no error code appearing when opening the app but the app hangs at "log in " and "register" page.. anyone can help please
I'm using ressurectiin remix on redmi note 5

tomdot said:
DBS banking app finally works with Magisk 16.0 (with Magiskhide)
Click to expand...
Click to collapse
yes it's work for me,
1st i check it in my hide list
and then i hide my magisk
if only i did my 1st choice it still give some warning and force close the app
thanks

Help with nemid app

Hi
Could use some help getting this app to work.
https://play.google.com/store/apps/details?id=dk.e_nettet.mobilekey.everyone
Safetynet check succes. Certified in play store. Rootbeer fails in busybox.
Log here https://drive.google.com/file/d/1RFjOtX8oGTk2U0qi3n9NMF-8nGZnLbKL/view?usp=drivesdk
Anyone can help??

Just hide the Manager.
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Hiding_the_Magisk_Manager

Thanks. But unfortunately still not work

If I add the app to the Hide list and also have the Manager hidden it starts just fine without complaining about root. Could be your busybox installation that is causing issues. Uninstall it and use @osm0sis busybox from the Magisk Downloads instead. Magisk will take care of hiding that.

Thanks for your advise. Tried several options to remove busybox. No files in system/xbin, but busybox still fails in check. Any solutions?

madsf said:
Thanks for your advise. Tried several options to remove busybox. No files in system/xbin, but busybox still fails in check. Any solutions?
Click to expand...
Click to collapse
Open up a terminal emulator and type the following:
Code:
which busybox
That should tell you where you have busybox installed.

Thanks. Please se attached.
No result with your command, but busybox still detected.

madsf said:
Thanks. Please se attached.
No result with your command, but busybox still detected.
Click to expand...
Click to collapse
I would ask your ROM creator/developer.
---------- Post added at 11:22 ---------- Previous post was at 11:22 ----------
@bernbutt Check out this thread. It's for the same app.

Didgeridoohan said:
I would ask your ROM creator/developer.
---------- Post added at 11:22 ---------- Previous post was at 11:22 ----------
@bernbutt Check out this thread. It's for the same app.
Click to expand...
Click to collapse
Thanks. I am in dialog with with the rom developer to find a solution.

Hi. After upgradring to magisk 16.6 I can't get the app to work. Same setup with magisk hide and hide magisk manager. Any can test if it's a local problem for me or General?
Sendt fra min SM-G965F med Tapatalk

https://forum.xda-developers.com/ap...d-code-app-t3810500/post77005334#post77005334

Magisk NemID FIX
I have been able to hide magisk without removing the magisk manager app as a quick fix.
After the lastest update for nemid, they just searched for the app name (Magisk Manager) and then blocked you cause of root.
Steps for magisk manager to hide it from Nemid
1. Hide magisk manager under settings so it gets another package name.
2. Go to downloads under magisk manager and install the Xposed SDK 27 (for my version of OS 8.1) systemless module
3. Install Xposed installer to manage next step
https://forum.xda-developers.com/xposed/material-design-xposed-installer-t3137758
4. Install Xprivacylua for lastest version of OS like mine
https://github.com/M66B/XPrivacyLua/blob/master/README.md
5. Reboot untill it says active under Xposed installer app.
Maybe flik the status setting in Xposed installer app and reboot again
6. If it says active you are golden. Go to modules in Xposed installer app and enable xprivacylua
8. Go to xprivacylua app and find nemid app and expand and enable the block app overview/list (mine is on Danish so don't know presisely what it's called)
9. Check nemid app
This method worked for me and hope it will help others too.
DISCLAIMER
WITH XPOSED THERE IS A CHANCE TO SOFTBRICK YOUR DEVICE. By following this guide, it's your own responsibility if it's not working or softbricking your device.

madsf said:
Thanks. Please se attached.
No result with your command, but busybox still detected.
Click to expand...
Click to collapse
I have same problem here with Magisk 20 rooted oneplus 7 pro device (android 10.0.1) together with the banking app.
Before the update it used to work in Android Pie. After update it doesn't.
I don't know if there is a way? I hope there is someone will be able to help with this problem of mine. ?

Many app detecting root even saftynet pass

I am using oneplus 6 with latest oos magisk 19.3
Banking app like sbi anywhere, icici detecting root can't use upi.
Also adadhar app detecting root event safety net pass already done magisk hide
Can some help me there or use other versions of magisk
Please help

android_smater said:
I am using oneplus 6 with latest oos magisk 19.3
Banking app like sbi anywhere, icici detecting root can't use upi.
Also adadhar app detecting root event safety net pass already done magisk hide
Can some help me there or use other versions of magisk
Please help
Click to expand...
Click to collapse
Use Hide Magisk manager in settings or Core only mode.
Sent from my MI 8 using Tapatalk

Dexer125 said:
Use Hide Magisk manager in settings or Core only mode.
Sent from my MI 8 using Tapatalk
Click to expand...
Click to collapse
Didn't work either. I guess will have to wait for an update. I have tried so far:
Settings > Magisk Core Only More - On
Magisk Hide - Check against the banking app
Clear app cache
Reboot
Also - Magisk v19.3, Magisk Manager v7.3.1(222)

gagan007 said:
Didn't work either. I guess will have to wait for an update. I have tried so far:
Settings > Magisk Core Only More - On
Magisk Hide - Check against the banking app
Clear app cache
Reboot
Also - Magisk v19.3, Magisk Manager v7.3.1(222)
Click to expand...
Click to collapse
disable developer mode?
and you need to hide magisk manager itself.not just magisk hide.

Try executing
Code:
su -c chmod 000 /proc/net/unix
in a terminal. Several banking apps now use a very stupid and shaky root detection heuristic that is circumvented in this way.
(see https://github.com/Ingan121/UDSBypass).

A banking app on my phone (keytradebank, belgian bank) worked fine with Magisk Hide but after an update stopped working.
Disabling read access to /proc/net/unix did the trick for me!
Looked it up, this rootbeerFresh code is really brain-dead, even the presence of busybox will make isRooted() return true
No concern for false positives at all.

el_perro said:
A banking app on my phone (keytradebank, belgian bank) worked fine with Magisk Hide but after an update stopped working.
Disabling read access to /proc/net/unix did the trick for me!
Looked it up, this rootbeerFresh code is really brain-dead, even the presence of busybox will make isRooted() return true
No concern for false positives at all.
Click to expand...
Click to collapse
Remember that app says it COULD be root.
If anyone is paying attention to it yet.
Also
https://www.didgeridoohan.com/magis...and_other_apps_wont_install_or_doesnt_show_up
Busybox
Some apps detect Busybox and see this as a sign of your device being compromised (rooted). Magisk should be able to hide any Busybox installed as a Magisk module. osm0sis has a great Busybox module available in the Magisk repo (install from the Magisk Manager, under "Downloads").
Figuring out if an app has dependencies, looks for "sensitive props", Busybox, etc
It can be tricky figuring out if an app is dependent on another app or process for detecting root, expects certain prop values, doesn't like Busybox or whatever is triggering a root warning within the app. Apart from trying one thing/prop at a time, finding this out could mean you have to decompile the apk to look at the source code (use search), grab a logcat when the app is detecting root, etc.
Detecting apps requiring root
There are apps that detect known apps that require root and refuse to work properly or even start if that is the case. Usual suspects include (but aren't limited to) busybox apps, Xposed installer, root hiding apps, etc.
This can be worked around by uninstalling or possibly freezing (Titanium Backup can do this, among others) the offending root app when you need to use an app detecting root apps and reinstalling/unfreezing it afterwards. Cumbersome, but it might work. There are also some Xposed modules that can hide apps from other apps, but having Xposed installed might cause other issues with tampering detection...

@mrspeccy Thank you for pointing out that workaround. Works for me too for the Keytrade app

el_perro said:
A banking app on my phone (keytradebank, belgian bank) worked fine with Magisk Hide but after an update stopped working.
Disabling read access to /proc/net/unix did the trick for me!
Looked it up, this rootbeerFresh code is really brain-dead, even the presence of busybox will make isRooted() return true
No concern for false positives at all.
Click to expand...
Click to collapse
How did you do that?
su -c chmod 000 /proc/net/unix didn't work for me.

robuser007 said:
How did you do that?
su -c chmod 000 /proc/net/unix didn't work for me.
Click to expand...
Click to collapse
yes, in a terminal on your phone or using 'adb shell'
be aware it's not a permanent fix, a reboot will restore the old permissions on /proc/net/unix
so you have to remove read access after every reboot.
Quite clumsy.
To make this easier on the go, I installed termux, created in the home directory a small file 'hide' with the one-liner,
Code:
su -c chmod 440 /proc/net/unix
Note: 000 works just as well, but 440 is closer to the original permission and works too.
so after a reboot i open termux terminal and type the command
Code:
. hide

gagan007 said:
Didn't work either. I guess will have to wait for an update. I have tried so far:
Settings > Magisk Core Only More - On
Magisk Hide - Check against the banking app
Clear app cache
Reboot
Also - Magisk v19.3, Magisk Manager v7.3.1(222)
Click to expand...
Click to collapse
Thanks it work...

Got that app working successfully today. Hiding Magisk itself worked I guess. I locked bootloader also.

android_smater said:
I am using oneplus 6 with latest oos magisk 19.3
Banking app like sbi anywhere, icici detecting root can't use upi.
Also adadhar app detecting root event safety net pass already done magisk hide
Can some help me there or use other versions of magisk
Please help
Click to expand...
Click to collapse
Try these...
1. From your magisk, install these 2 modules: Riru - Core, and Riru - EdXposed (Sandbox or Yahfa is okay]
2. Reboot your device to activate both modules.
3. Install Xposed Installer APK by DVDandroid. You can get it here: https://dl-xda.xposed.info/modules/d...v33_36570c.apk
4. Reboot to activate the Xposed Installer app
5. Inside Xposed Installer app, go to downloads and install the HiddenCore Module.
6. Reboot and go back to Magisk, and hide.
7. Test to see if everything is now okay.

wittymav said:
Try these...
1. From your magisk, install these 2 modules: Riru - Core, and Riru - EdXposed (Sandbox or Yahfa is okay]
2. Reboot your device to activate both modules.
3. Install Xposed Installer APK by DVDandroid. You can get it here: https://dl-xda.xposed.info/modules/d...v33_36570c.apk
4. Reboot to activate the Xposed Installer app
5. Inside Xposed Installer app, go to downloads and install the HiddenCore Module.
6. Reboot and go back to Magisk, and hide.
7. Test to see if everything is now okay.
Click to expand...
Click to collapse
Nope! It Doesn't Work With SBI YONO Or BHIM.

My Cofidis app also keeps detecting root.
Have latest version magisk, latest version of magiskmanager and renamed it. Magisk is hidding. App is in magisk hide list.
chmod suggestion did not work
Running latest version of lineageos on my htc u11. I think the issues started when I installed the latest build (11/08).
Any suggestions to fix this?

Same issue here with this app:
https://play.google.com/store/apps/details?id=eu.mobeepass.nfcniceticket
Is there any way to troubleshoot what triggers the root detection?

Ps24u said:
Same issue here with this app:
https://play.google.com/store/apps/details?id=eu.mobeepass.nfcniceticket
Is there any way to troubleshoot what triggers the root detection?
Click to expand...
Click to collapse
Using my app VD INFOS you can see every detectable thing. (Root/Magisk/Xposed/Riru/and others.)
And then you can fix what needs to be fixed.
[APP][v1.10] VD Infos (Package: com.vitaodoidao.vdinfos)
(Para quem fala PORTUGUÊS, o próximo post está totalmente traduzido !) VD Infos v1.10 As we all know, Android is a super powerful and super versatile operating system. What nobody tells you is that all your personal details and confidential...
forum.xda-developers.com

What is the go-to replacement for MagiskHide & the central module repo?

I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!

KaoDome said:
I just realized there was a new public Magisk release yesterday, v24, and reading through the changes I see there are two that kind of impact me: MagiskHide and the central module repository removals.
So far I had been using MagiskHide because of its ease of use, list apps, tick box, and that's it (I haven't encountered apps that detected Magisk or root status, although I know it's insufficient for some). For modules, for example, the one that moves user certs to the system store, I just searched directly from the Magisk app and it was all good as well.
But things change from now on with those things being deprecated and removed and because there isn't much to go about in the release notes I was wondering if someone could direct me to the way of doing things now.
- What's the most apt, prevalent, or recommended replacement for MagiskHide? From the release notes I gather its a module, but I'm clueless as to which one or whether there are more than one option.
- If searching for mods and directly installing them is not available through the app, is there anything like it? Or is it all manual now? I.e. look for a module around the net, download it, copy it / decompress it somewhere in the device and install it.
Thanks for everything!
Click to expand...
Click to collapse
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Here. First 5 post and you should know all you need

So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?

Quantumrabbit said:
So, I read through that thread. It certainly solved a few issues for me. Like getting safety net, getting a repository, etc.
But it didn't have anything I see to replace magisk hide, even in the Fox Magisk Module Manager.
Do I just need to know other terminology now? Or is there something else I'm missing?
Click to expand...
Click to collapse
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
The Deny list is similar but instead of hiding Magisk from the process, Magisk is unloaded so there is nothing to hide.
Click to expand...
Click to collapse

Porpet said:
I don't get it, Magisk Hide is good for passing SafetyNet and you said you got it. Anyway, for SafetyNet you can use the Universal SafetyNet Fix module.
If you meant the hide list, there's now the Deny list. To quote:
Click to expand...
Click to collapse
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you

Quantumrabbit said:
Yes, it's for some banking apps, Concur, and others, none of which have any business checking for root, but all check for Magisk and such in other ways, and prevent usage.
If the deny list is how to do that now, I'll give that a go. Thank you
Click to expand...
Click to collapse
And where did you find the deny list?

fusk said:
And where did you find the deny list?
Click to expand...
Click to collapse
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist

H
toolhas4degrees said:
Settings enforce deny list. You need to enable zygisk and reboot prior also in settings.
Also there is an add on module shamiko that has more hide features after you configure denylist
Click to expand...
Click to collapse
How to add modules shamiko & how to more hide features

Spartacus500 said:
H
How to add modules shamiko & how to more hide features
Click to expand...
Click to collapse
Shamiko is a flashable only need to slash magisk module. You can find it in the magisk alpha thread on telegram. You need to configure denylist first and reboot then turn off the enforce denylist toggle and flash the shamiko module.
If you are using lsposed download hide my applist xposed module and search how to use it if you want more coverage
Pm me if you want links

I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.

Drakinite said:
I'm having a lot of trouble. Duo Mobile (a 2FA app) is still able to detect that I'm rooted. Here's what I've done:
1) Installed Magisk & Manager app version 24.1 (24100)
2) Enabled Zygisk (and rebooted of course)
3) Enabled Enforce DenyList
4) Added com.duosecurity.duomobile and ALL Google Play Services submodules to the DenyList
5) Installed Universal SafetyNet Fix v2.2.1 from https://github.com/kdrag0n/safetynet-fix/releases/tag/v2.2.1
6) Hidden the Magisk app
7) Completely uninstalled & reinstalled Duo Mobile (and verified that it's still on the DenyList
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
This is quite weird and definitely shows how different devices handle root detection. I a Samsung S10+ and just installed Magisk 24 with enforce DenyList earlier this week. Today I just installed Duo Mobile and it works fine. I do not have it in the DenyList, and Magisk is not hidden. I use a custom SafetyNet fix that was installed when I originally installed an AIO TWRP/Magisk/SafetyNet fix after unlocking my bootloader. I also fail SafetyNet checks.
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?

Drakinite said:
This is incredibly annoying, is there anything I'm doing wrong? Is there a way to verify that the SafetyNet Fix is working as expected? Magisk doesn't have a "Check SafetyNet" option on the app anymore.
Click to expand...
Click to collapse
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.

danbest82 said:
Have you tried Shamiko? It didn't help me pass SafetyNet so I removed it.
Unfortunately I don't have any other fixes for you but you can check SafetyNet with apps from the play store, I use YASNAC and SafetyNet 'attest'.
What phone are you using?
Click to expand...
Click to collapse
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
anonymous-bot said:
There are SafetyNet checker apps you can download from the Play Store or F-Droid such as YASNAC.
Click to expand...
Click to collapse
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.

Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
Get VD Infos and use it to scan your files. You can find it on XDA.

Drakinite said:
I'm using a Oneplus 6. At your suggestion, I tried Shamiko, but so far it hasn't worked.
Click to expand...
Click to collapse
Hmm ok. Like I said shimako didn't work for me either. I'm not sure why Duo is still detecting root. For reference this is what is on my DenyList:
Drakinite said:
I tried Momo from the Magisk alpha telegram channel, and it's been helpful so far, but it's detecting Magisk/TWRP files and I don't know where they are located. Is there a way to find where these files it's detecting are? This might be what Duo is detecting.
When I run YASNAC, it passes the SafetyNet check.
Click to expand...
Click to collapse
YASNAC is the replacement for Momo it looks like since Momo is Riru based (https://github.com/canyie/Riru-MomoHider)

simplydat said:
Get VD Infos and use use to scan your files. You can find it in XDA
Click to expand...
Click to collapse
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?

Drakinite said:
Ok so this one is more helpful, but I'm not sure how to hide these that appeared. Any idea what ro.kernel.qemu.gles is? I looked through my list of installed apps and nothing like that showed up.
Should we switch to private messages to not spam the thread? Or perhaps staying in here can be helpful for those with the same problem?
Click to expand...
Click to collapse
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.

Drakinite said:
OMG WAIT, it finally worked! I don't know what changed, but Duo is now no longer detecting root. Gotta love when things magically start working when you don't know what changed.
Click to expand...
Click to collapse
Awesome. Hope it stays that way!

Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!

antivirtel said:
Hi,
I've switched to the new method with the DenyList & Shamiko (v0.5.0) on OnePlus 6 recently - Magisk (v24.3), however it doesn't seem to hide root from Google Pay. Can it still be a bug with Magisk, when it can't hide system apps? In the changelog of Shamiko it mentioned that it was fixed in Magisk "24102+", I'm not sure what version is this, but I imagine it's not released yet. If so, is there a way of installing this version early?
Thank you!
Click to expand...
Click to collapse
Version 24102 would be v24.102. So your Magisk 24.300 is newer.