Open RichardBeisser opened 11 months ago
alexdonh
commented
11 months ago Can you hide the module a little bit more?
Ruru detects the module, so other apps like banking apps can detect it too.
Hiding various detections is not necessarily part of the module. its sole purpose is to hide accessibility services. so you may want to try using Shamiko and/or HMA to do the job. just like im currently doing:
RichardBeisser
commented
11 months ago so you may want to try using Shamiko and/or HMA to do the job.
I am using HMA too, but this is not enough. I would like to test Shamiko too. But Shamiko is only instalable when using official Magisk. I am using Magisk Delta.
privacyguy123
commented
8 months ago For me, hooking this app to Ruru makes it instant crash on open. Same goes for any app - if you get a chance, I think the code might need an update.
alexdonh
commented
8 months ago For me, hooking this app to Ruru makes it instant crash on open. Same goes for any app - if you get a chance, I think the code might need an update.
Not sure what you are trying to achieve. This service does only one thing: preventing apps (of your choice) from reading a list of enabled accessibility services. Period. It has completely nothing to do with hiding root nor bypassing detections.
If an app crashes, provide as much logs as possible. If every single app crashes on your end, try this combination: Magisk 26.1 + LSPosed 1.9.2 + Shamiko 0.73 + DenyList + HMA 3.2 If it still does not work, well, there's nothing I can help for now. Perhaps it is not compatible with Delta. Never tried.
RichardBeisser
commented
8 months ago This service does only one thing: preventing apps (of your choice) from reading a list of enabled accessibility services...nor bypassing detections
this is a contradiction. If you hide that apps can read a list of apps which can use enabled accessibility services, of course you want to achieve a bypass a detection of this. If the selected apps can still detect that accessibility services are enabled, the module would completely useless.
The promise of using this module is an installed xposed framework. and the promise for using xposed is an installed form of rooting like Magisk or KernelSu. So of course there is a context to rooting.
Ruru, Momo and ApplistDetection are only testing apps to check for certain detection methods. If you set the testing apps in the xposed module, and the testing app still detects other apps which use accessibility services, every other app could do the same.
So, the achievement of an update of the module should be to stop the detection which is used in Testing apps.
alexdonh
commented
8 months ago @RichardBeisser i think you got it wrong.
First, I didn't mean the module has nothing to do with rooting. It does need root, obviously. I did mean the module has nothing to do with hiding root nor bypassing various detection methods. For instance, if an application detects this module, it is NOT my job to make the module invisible to many many different kind of detections. Why? it's because there are already modules made for it! From DenyList itself to Shamiko to HMA, etc. Why do I have to reinvent something that I know I can never make any better than them?
Second, if you see my comment here I got Ruru green with my module installed and HMA to hide it. Here again:
If I must update the module to stop some detection, what should I be doing next?
Also if you check my other comments here and here you can see that I got the aforementioned banking apps be able to open on my end. I just do not have accounts to check further. The SCB EASY app however didn't open perhaps because of another security check (I guessed so, with logcat - not entirely sure tho).
I am not planning to go check every single banking app out there so provide as much detail logs as possible and I will have a look when I have time.
Now it will get a little more technical I just wanted to share what my module really does.
Actually what it does is really really simple. So on Android accessibility services state is stored here:
https://developer.android.com/reference/android/provider/Settings.Secure#ACCESSIBILITY_ENABLED
and here:
What I did was just hooking into the getStringForUser method and return 0 or empty. That's it!
And I like to keep my module as simple as that! The simpler it is the harder for it to be detected!
Let's say an app would have the ability to detect my module, there are probably 2 ways:
Settings.Secure.getStringForUser - I really doubt that. If hooking is detectable then Xposed would have never been successful this far. Even if it is the case, it is beyond my ability to fix. It has to be fixed at Xposed level.Feel free to share if you think there are other places where an app can get accessibility services state.
What I said in previous comment is for the guy privacyguy123 he was just trying to comment in different threads saying this module causing his app to crash instantly. I don't even know what app he was talking about as he provided no information.
Can you hide the module a little bit more?
Ruru detects the module, so other apps like banking apps can detect it too.