bancontact

[Yakie996]

can you make such app for the belgian bancontact? https://play.google.com/store/apps/details?id=mobi.inthepocket.bcmc.bancontact

thank you

[Razer2015]

@Yakie996 I'll look into it.

[Yakie996]

thank you very much! Regards

On 14 Oct 2016 1:42 p.m., "Razer2015" notifications@github.com wrote:

I'll look into it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Razer2015/NordeaRootBypasser/issues/1#issuecomment-253777622, or mute the thread https://github.com/notifications/unsubscribe-auth/AS1RL6xujxfN-OYYFQW0fnfkp3Y7eE_bks5qz2qygaJpZM4KWZpy .

[Yakie996]

@Razer2015 do you think it will work?

[Razer2015]

@Yakie996 I've been looking into it. I thought I found it but it didn't work so there must be something else aswell :(. They have obfuscated the code quite nicely so that it's really hard to read it.

PS: Have you tried if rootcloak works?

[Yakie996]

oh that's regrettable... yes I tried and didn't work also disabled supersu in the app setting didn't work as wel .. also developer options has to be disabled...

[Razer2015]

Making these return 0 didn't work :(

[Yakie996]

I really hate it when they do this... let the user decide if they want to use it with root😔 same goes for android pay... they should make sort of a root safe zone for such apps

[Yakie996]

actually isn't that possible a partition to keep them safe from root?

[Razer2015]

I don't understand it either. You are allowed to be a system administrator in Windows when you log in to your bank, why not allow it with Android? If they can't make the application secure for users with root, then they shouldn't make it at all.

[Yakie996]

yes indeed + its a waste of their time and money to try block us to use it..

[Razer2015]

Yeap!

Anyways, I still have a few things I could try but not sure if they will work. I'll let you know if I can get this working.

[Yakie996]

okay great hope it works 😄

[Razer2015]

I was able to bypass the "USB Debugging enabled" one but still can't get around the main root checking :(.

0x7f080109 is the resource id for the rooted text. "The app could not be started because of a security error. Please check if developer settings are turned off and make sure your device is not rooted."

[Yakie996]

great work 😄 that's one problem out of the way 😋 do you have an idea what the problem could be?

[Razer2015]

There must be another check(s) somewhere in the obfuscated methods that I can't find :(. The problem is that you can't use string search because the strings are obfuscated as well.

[Yakie996]

so stupid that they do this 😔 so if you want to find it you should essentially have to read every line of code?

[Razer2015]

Well not necessarily. You would have to be able to recognize that it in fact is the code that checks it.

[Yakie996]

so it could be another app or service that's checking it?

[Yakie996]

there are also a lot of reports of people that are saying they arent rooted etc but still are getting the warning

[Razer2015]

Found a EmulatorDetector o_O. How many fu****g checks do they have here :D.

[Yakie996]

omg haha enough to keep you buzzy :P

[Razer2015]

Well this looks good: RootedDetector

Hell yeah, it works :D. Atleast for my emulator.

[Razer2015]

S**t

[Yakie996]

what happened?

[Razer2015]

That's what came after entering a pin etc stuff. Idk how far I can actually even go with the app because I don't have account in that bank.

Something I found: Lᵎ; -> AndroidIdDetector Lﺫ; -> DebuggerDetector LaUx; -> DeviceNameDetector LӀ; -> EmulatorDetector Lー; -> ImeiDetector Lᵧ; -> IsScreenOnDetector Lוּ; -> OperatorDetector Lᔇ; -> PhoneNumberDetector Lʟ; -> RootedDetector Lsdhjrjstjnvftm; -> android.intent.action.SCREEN_ON Lܙ; -> SimSerialNumberDetector Lcon; -> LibSSLHash Lї; -> SystemCoreHash Lᵛ; -> HashOfJSC Lᒢ; -> LibWebHash Lᴶ; -> SignatureDetector LΪ; -> MacAdressWifi Lᵙ; -> AndClassLoader Lʼ; -> fingerprint Lˌ; -> WrongLockDetector

[Yakie996]

wauw improvement 😄 If you want, I can test it and give feedback. so many detectors 😳

[Yakie996]

oh great I didn't see the earlier post. did you adapt the code or are you working with xposed?

[Razer2015]

Here is the Xposed module I currently have. https://drive.google.com/file/d/0B6emc59m4xTbQTVWN2YwcGRCUTA/view?usp=sharing

I'm inspecting the smali code -> edit it -> recompile -> install the modified apk.

[Yakie996]

okay great 😄

[Yakie996]

It worked for me! I added a card but after some time I get a toast message with 'developer options is enabled etc..' but the app doesn't stop working 😄 you did it 😁

[Razer2015]

Wuuut :D?

And yeah, the developer options pop up is just a pop up, it doesn't prevent you from using the app. Or well, there is two checks for that. The other one I am bypassing with the Xposed module but the one you are seeing I don't know how to code with Xposed. I can modify the apk to not have it though.

I wonder what is the "security issue" for me then. Country restriction?

[Yakie996]

yeah that could be it maybe you can mock your location to Belgium?

[Yakie996]

or maybe it can detect certain apps installed on your device? rootcloak etc?

[Yakie996]

I don't have these apps installed

[Razer2015]

I should be bypassing them:

[Yakie996]

strange but its working fine for me 😂 this app is some strange alien 😋 was it actually difficult to do?

[Razer2015]

Well the hardest I've come across yet. But I ain't no pro :).

[Yakie996]

haha Belgium unnecessary security 😏 I would love to do this too 😃

[Yakie996]

how come people didn't crack android pay?

[Razer2015]

Made by google. Their OS so they have access/knowledge to make it even harder than what other developers can.

[Yakie996]

oh yeah right.. btw you're pro enough to crack this thing 😄 👍🏼

[Razer2015]

Made own repository for this: https://github.com/Razer2015/BancontactRootBypasser/issues/1