Riru 18-19.1 being detected by a banking app

[dr4go]

If I install and enable the Riru Core submodule in Magisk the attached app detects root (no account needed to test it). Just open the app, click around, go back to home screen and back into the app again a couple of times... Then you will notice the issue. base.apk.zip

[RikkaW]

Decompiled, this app only uses the simplest way, check if su exists, to check root.

Are you using Android Q? Current Maigsk hide not work on Android Q with "process pool" enabled. See this issue.

[dr4go]

Very weird... I only get the issue when having Riru Core installed and enabled... and I still can reproduce this. (As soon as I uninstall riru core, the app doesn't detect root anymore.)

Nope, I'm on Android 9 (May Patch), latest Magisk Canary release, Manager hidden and the app on the hide list on a Galaxy S10.

Thanks for your efforts...

EDIT: When re-thinking about this issue... is it possible, that riru somehow breaks Magisk Hide?

[RikkaW]

Riru itself does bring some traces, and it's nearly impossible to hide these traces. And in fact, Magisk also has some traces unable to hide. But this app does not check any of these traces.

I think you can test if Magisk hide works first. Adding any terminal to Magisk hide and test command stat /sbin/su. If Magisk hide works, you will get a "Permission denied".

[Ingan121]

I have similar issue on 8.0 Oreo. Whenever I enable Riru - EdXposed module, all apps using Liapp 5.1.0+ (example) detects Magisk. (They can detect Magisk using the same method as RootbeerFresh even if it isn't active, but it can be bypassed with a simple script.) Magisk 19.1+ also causes the same issue, regardless of whether EdXposed module is active or not.

[dr4go]

@ Ingan121: No offense, but stop using this ticket as this has nothing to do with EdXposed. When you're using EdXposed things are getting more complicated... Use the blacklist/whitelist to avoid that and / or report the bug to the EdXposed guys if it is really a bug of EdXposed. That here is pure Riru Core related and nothing else.

@ RikkaW: That is exactly what I get... "Permission denied". And when typing su it tells me "Not found". So MagiskHide is working.

[dr4go]

When going from Magisk 19302 to 19305 I accidentally have soft-bricked the device... And since setting it up for the 2nd time... I don't seem to have this issue anymore... So either 19305 solved that or my previous setup was a bit borked. Sorry for having bothered you.

[RaXorX]

Opening the issue again.

On Riru 21.3 and magisk canary 64effe93(21001) Android Q - LineageOS 17.1-20201006 Device - Redmi Note 7 Yono Sbi

It's the same issue, installing riru breaks the app and removing it restores it's functionality. I wonder what it is doing to make it happen. Weird thing is that the app isn't checking for safetynet. My safetynet is broken yet the app works fine. Even if I get the safetynet to work, app wouldn't work if I install riru.

2 logs here, it's just about the app since I had cleared the logs. The app I am talking about is com.sbi.lotusintouch Was testing 2 other apps, which were giving issues in a different phone. Same issue, detecting root. magisk_log_20201007_220420.log magisk_log_20201007_221212.log