Feedback

[Razer2015]

Post any feedback on how it works!

[Yakie996]

works great for me 😄

[clodoux]

For me it's ok for the card, but it's sometimes to unable the debug mode to use the xposed app. Now i don't try a paiment ! I don't know if all is ok.

But Thanks

[Razer2015]

@clodoux If you mean that it sometimes shows the Toast message saying to disable usb debugging, it's ok. It's something that I don't know how to bypass with xposed but I know how to make modified apk to bypass it. The thing is that it's only a message, it doesn't affect anything else.

It's this part of the code:

All that obfuscated thing after getContentResolver() is "ADB_ENABLED". Now normally I would just make that method do nothing with xposed but since there is that super.onResume(), I can't because then the app crashes when it's not called.

[clodoux]

Ok thanks

[Xeph20]

Works great thank you very much! Waited a long time for the app to work.

There is also another app that is blocked for root. Do you think you can release a module for it also?

https://play.google.com/store/apps/details?id=be.bnpparibasfortis.helloprepaid&hl=nl it should be very simular to this one https://play.google.com/store/apps/details?id=be.bnpparibasfortis.bnppfprepaid

Would be cool if you can do it for one or both apps!

Thanks again

[Razer2015]

@Xeph20 Well the hello prepaid doesn't look too hard at the first climpse so maybe.

[Razer2015]

Here you go: https://github.com/Razer2015/BNPParibasFortisRootBypasser/releases/tag/v1.0

[Xeph20]

Works great on both apps! Thanks man you are the best!

[CapitalH]

Any chance you can create a module for NAB banking app to not detect root so can use NFC pay wave with app. Thanks

[Razer2015]

@CapitalH I found two detectors but couldn't test either of them since I guess the test is after logging in? I don't have account there so I can't log in.

Anyways, here is a module that should bypass the two I found, please tell me feedback on how it works: https://github.com/Razer2015/NABRootBypasser/releases/

[CapitalH]

@Razer2015

Hi, geez that was quick! Thanks. Haven't had a chance to test the pay wave feature yet but when I log in to set it up I still get this msg

https://drive.google.com/file/d/0B146O8jrEtRuVHc1LVktbzJQbjQ/view?usp=drivesdk

I'm using HTC M9 Android 6.0.1 Viperone 5.2.0 Could it just be the non-stock Rom? Thanks.

[Razer2015]

@CapitalH

I can't seem to find the source of that root detection :(. I however found some method which checks from sharedPreferences if there is a value saved with name "root_exists". So have you tried by deleting all the saved data for that app and then re-open with my module enabled?

[CapitalH]

@Razer2015

Hi, yes I tried deleting data, force stop and re open with module activated. Also uninstalled app, and reinstalled app with reboots along the way.

Yes there is a value in sharedpreference:

https://drive.google.com/file/d/0B146O8jrEtRuelQ5Y3RkbkIyR0k/view?usp=drivesdk

Thanks

[Razer2015]

@CapitalH

Made it return always false when it reads it from the sharedPreferences. I have yet to find out where it does the actual check.

But you can try if this works (there might be even more hidden checks): https://github.com/Razer2015/NABRootBypasser/releases/tag/v1.1

[CapitalH]

@Razer2015

Hi, still getting the "restore official Android" msg inside the app. Also, sharedpreference file value is still "true"? Does the mod overwrite that?

Also noticed in xposed, your mod version is still 1.0?

[CapitalH]

@Razer2015

Anything in au/com/nab/coreSdk/device/Rooted?

I don't know how to code but I'm just looking around for anything that might help

[Razer2015]

@CapitalH

Also noticed in xposed, your mod version is still 1.0?

When I pushed the commit to github, I had forgotten to add version changes. I however changed 1.0 to 1.1 in AndroidManifest.xml before I built the APK. Apparently I should have changed it from the build.gradle as well. Sorry about that, I'm still pretty new to making android apps as well.

Anything in au/com/nab/coreSdk/device/Rooted?

That class calls the DeviceRootUtils.numberOfRootChecksTriggered() to determine the root. But my xposed module should return 0 every time.

Also, sharedpreference file value is still "true"?

I have yet to find where it does the actual check for the root with that but what I have made is so when it reads it from that file, it always returns false. No matter if it's true or false.

[CapitalH]

@Razer2015

Please don't say sorry, you know a lot more than I do! What language do you learn to know these small files?

[Razer2015]

@CapitalH

What language do you learn to know these small files?

Once you decompile them with apktool, baksmali, etc.. They are in "smali" -format.

It would be so much easier if I had access to the root detection with my device :D, I could just add print commands here and there and then look the logcat log for output as to from where it just executed something. Now I have to looking on the smali level and it's not that easy, at least for me.

Not entirely sure but I guess the message you are seeing is printed because the apk at some point threw "RootDetectException" -error. There is however at least a few places where this gets thrown. I'll look if I can bypass them.

[Razer2015]

Sh^t, if I'm not wrong. It seems like the additional checking is done in the "libvisacryptov2x.so" -library. There is no exact call for root check, instead when it decrypts and encrypts data, it does the checking. And if it turns out to be rooted, it throws an "RootDetectException", which then tells the apk that the device is rooted.

I could possibly make it so the apk doesn't know rootdetectexception was thrown, but this might result in that decryption and encryption won't work and so even though the app runs without the rooted error, it might not be running correctly.

This should have the RootDetectException blocked. If I just correctly blocked it with Xposed :D https://github.com/Razer2015/NABRootBypasser/releases/tag/v1.2

[sagredo]

Twyp Cash won't work :-( https://play.google.com/store/apps/details?id=es.ingdirect.twypcash

[Razer2015]

@sagredo Here you go: https://github.com/Razer2015/TWYPCashRootBypasser/releases/tag/v1.0

[CapitalH]

@Razer2015

Hi, OK well I guess if it breaks it and prevents everything from working properly there's not much point in doing that. Hopefully the build a version of the app that allows rooted devices to use their pay feature - fingers crossed! Thanks

[Razer2015]

@CapitalH

Did you try my latest patch? https://github.com/Razer2015/NABRootBypasser/releases/tag/v1.2

It might very well be possible that it works as well. There is a 50/50 chance.

[CapitalH]

@Razer2015

Sorry, I didn't realise you'd done that.

It looks like you've scratched on something but still getting an in-app msg.

I uninstalled the old mod and installed the new version. Restarted and then cleared banking app data. Opened banking app and went to setup pay wave.

First I got this msg :

https://drive.google.com/file/d/0B146O8jrEtRuUGY5MkFLTUNsa00/view?usp=drivesdk

So I forced close app, waited a few minutes and tried again. This time I got to turn the feature on and setup a passcode for the feature. But from there got this msg:

https://drive.google.com/file/d/0B146O8jrEtRuTG9GZHBlTFpTRGM/view?usp=drivesdk

Hope those point u go a right direction

[sagredo]

@razer2015, the app launch OK. This week ,i try used the app in the real world. I tell you if everything works ok.

Thank you very much for your effort

[ptrnmgr]

thx so much!, i could finally install the app, hower did not try actual payment yet but evrything looks ok

could you do the same for the 'yelo play' app? rootcloak also doesn't work for that app

[Razer2015]

@CapitalH

I'll see if I can trace down that error message. Might be because of the very reason I stated before but we will see.

@sagredo

Thank you very much for your effort

No problems :)

@ptrnmgr Have been looking inside the Yelo Play before when I tried cracking the Finnish MTV Katsomo app as well. They both have the same DRM and the root detection is inside the *.SO libraries. Unfortunately I don't know how to crack those :(.

[ptrnmgr]

np, thank you for your answer... and for the bancontact app off course...

[Razer2015]

@CapitalH

All I could trace down was that the first error comes up from "ERROR_DISABLED" and "ERROR_PROVISIONING_DISABLED".

The second error comes from some of these.

Unfortunately without being able to reproduce this myself, I don't know how to trace it any further :(. Have tested if logcat shows anything useful?

Also I don't know if there is same thing in your bank but here in Finland (Nordea) all cards are not NFC payment capable.

[CapitalH]

@Razer2015

Hi, when I go into setup the card for NFC, I have more than one card. The app tells me which card will work for NFC and that is the one I'm working on.

I have a logcat of me opening the app and going through setting up the card but eventually I get the msg to contact the bank.

https://drive.google.com/file/d/0B146O8jrEtRueDA3Q0xadVVCS1U/view?usp=drivesdk

[Razer2015]

@CapitalH Been looking but I can't figure out why that error comes :(. Would need a account in that bank myself and that's not an option.

I can't think of anything else but to try and use suhide instead.

[CapitalH]

@Razer2015

Thank you for all your efforts! I haven't gone systemless yet but may do at some stage. Thanks again!

[csu333]

It worked for me as well but since I wanted to use some other application (MyBank Belgium), I created my own application which allow to configure all the hooks in a GUI.

I allowed myself to implement your hooks from the Bancontact app but also from your other modules (hope you don't mind). I've only been able to test the Bancontact cloaking but the other should work as well (as long as they only require "returnConstant").

Feel free to try Surrogate

[Razer2015]

@csu333

I don't mind, just glad that someone could find use for something I've done :)

[haveneersrobin]

Would it be possible to release this as a seperate APK or something. Currently on Nougat and Xposed is not compatible yet. Thanks in advance

[Razer2015]

@RobinHaveneers Modifying the Bancontact app directly could possibly work but I do not have time to test it :(.

[moplk]

@Razer2015 Thanks, BancontactRootBypasser works perfectly!

Could you have a look at https://play.google.com/store/apps/details?id=be.keytradebank.phone ? Another Belgian banking app which started checking root before enabling use of a "Softkey" authentication token (see comments on Play Store)...

create a profile -> you can use example username -> Softkey "Not supported on this device" due to root check (I guess)

[csu333]

You can try my Xposed module: Surrogate. I've just added a tentative support for Keytrade (I don't have an account myself but the Soft Key method is accepted). Just download the rule set from internet and enable the support for KeyTrade (and Bancontact is you want)

[moplk]

I can confirm this works. Great!

[haveneersrobin]

Alternative for people who can't install Nougat like me. This app does just fine (along with disabling android debugging).

[Yakie996]

I am cerieus if you could make an mod for nougat using magisk? it can hide root for Android pay but not for Bancontact.. Maybe you can handle this? 😋

[csu333]

@Yakie996 As far as I understood how Magisk works, this is just impossible: Xposed allow modification of the application behavior while Magisk allows to fake changes to the system file system.

[ghost]

Hi @Razer2015 , I see your doing some good work here. The bypass for bancontact works great thanks. I did see another request to bypass keytrade. Did you manage to do that? That would be awesome!

@csu333 I did see your surrogate, but I'm still not able to bypass. I might do something wrong but I have no idea what. All apps in list are lightgrey, is that good or bad? The keytrade app is also in that list.

Kind regards,

[csu333]

Hi @Hoolite,

Light gray is bad. This means that the rule is disabled. You need to click on the rule (the application name) you want to enable and check that they're is a button at the top showing "on". By default, it shows "off". Click on the floppy icon to save and kill the Keytrade application. Next time you start the Keytrade application, it should work.

Best regards

On Apr 19, 2017, 20:44, at 20:44, Hoolite notifications@github.com wrote:

Hi @Razer2015 , I see your doing some good work here. The bypass for bancontact works great thanks. I did see another request to bypass keytrade. Did you manage to do that? That would be awesome!

@csu333 I did see your surrogate, but I'm still not able to bypass. I might do something wrong but I have no idea what. All apps in list are lightgrey, is that good or bad? The keytrade app is also in that list.

Kind regards,

-- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/Razer2015/BancontactRootBypasser/issues/1#issuecomment-295385906

[ghost]

Hi @csu333 Thank you for your quick reply. So, I opened the keytrade in surrogate and clicked the arrows to enable it, it's now dark gray. But I'm still not able to bypass in keytrade. I also rebooted phone and tried again.

Am I still doing something wrong?

Kind regards,

[csu333]

Hi @Hoolite,

⁣ I've reinstalled the app and I see they changed their detection method. I'll need to have a look to see what is the new one but I can't promise this will be for this weekend. I keep you posted.

Best regards,

On Apr 19, 2017, 21:12, at 21:12, Hoolite notifications@github.com wrote:

Hi @csu333 Thank you for your quick reply. So, I opened the keytrade in surrogate and clicked the arrows to enable it, it's now dark gray. But I'm still not able to bypass in keytrade. I also rebooted phone and tried again.

Am I still doing something wrong?

Kind regards,

-- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/Razer2015/BancontactRootBypasser/issues/1#issuecomment-295396940

[ghost]

Hi @csu333

That's very kind of you, thanks! I appreciate that you want to look in to this.

Kind regards,

[KevinDenys]

Doesn't work anymore :/

[sigfriedseldeslachts]

It worked, but now it's broken.