Banking app keeps crashing

[Ryanizleee]

Been using a very old version of Shadow (2.0.22) on a old version of this app and it worked fine, that is until I updated Shadow. (Excited for the update since last update was back in 2019.) And then there's also a Substitute update not too long ago.

https://apps.apple.com/sg/app/uob-tmrw/id1049286296

Said app keeps crashing (my dumbass went ahead and updated the app), tried to downgrade it back to one of its older versions but no dice. (Worst part is, I can't remember which exact version it was that works, I tried downgrading to every single possible older version.) And I can no longer find Shadow 2.0.22, which is another bummer.

Here's a crashlog if it helps : https://pastebin.com/kxyKCvsv

I have all options toggled on except for Tweak Compatibility and Use Local Service.

My device is a 12 Pro Max running iOS 14.3 and jailbroken with unc0ver 8.0.2. Would really appreciate it if you'd look into it. 🙏🙏

[jjolano]

Regarding downgrading Shadow, if you view the package in your package manager (not sure if Cydia has this option) you can hit Modify and choose the Downgrade option. Alternatively, the GitHub releases page has the old v2 versions as well. Thanks for the log, I'll see what can be done. Hopefully the app didn't add some crazy detection method

Edit: a quick check with the app (I run all options) shows it is working. How odd.

From the crash log I can tell it is related to the Runtime Class Lookups hook which is known to have issues on unc0ver/substitute. (edited, not the file system hook)

[jjolano]

Turning off Runtime Class Lookups seems to be safe for this app.

[Ryanizleee]

Regarding downgrading Shadow, if you view the package in your package manager (not sure if Cydia has this option) you can hit Modify and choose the Downgrade option. Alternatively, the GitHub releases page has the old v2 versions as well. Thanks for the log, I'll see what can be done. Hopefully the app didn't add some crazy detection method

Edit: a quick check with the app (I run all options) shows it is working. How odd.

From the crash log I can tell it is related to the Runtime Class Lookups hook which is known to have issues on unc0ver/substitute. (edited, not the file system hook)

I swear when I tapped on downgrade, I didn't see version 2 at all. Or I'm just getting old and them eyes is just playing with me.

[Ryanizleee]

Turning off Runtime Class Lookups seems to be safe for this app.

Just tried, app still crashes.

[Ryanizleee]

Downgraded Shadow to 2.0.22 and downgraded the app to version 14.5.2, now it works. Only options I have toggled on in Shadow is selecting the app in whitelist mode and Enable Standard Filters.

[jjolano]

See if version 3.3 has improved things. I have changed some hooking code which should benefit substitute-based jailbreaks. Unfortunately, Runtime Class Lookups will still likely have issues so keep that off.

[Ryanizleee]

See if version 3.3 has improved things. I have changed some hooking code which should benefit substitute-based jailbreaks. Unfortunately, Runtime Class Lookups will still likely have issues so keep that off.

Shadow 3.3 works on v14.5.2 of the app, but will crash any other versions higher than that.

Here's a log if it helps : https://pastebin.com/jW04SVHL

[jjolano]

Thanks! Looks like a similar crash to #50 now. Unfortunately it seems the log doesnt pinpoint the cause this time. I hate to ask, but would you be able to test each hook individually on the app?

[Ryanizleee]

Thanks! Looks like a similar crash to #50 now. Unfortunately it seems the log doesnt pinpoint the cause this time. I hate to ask, but would you be able to test each hook individually on the app?

Sure, will test each hook individually and report back when done.

Edit : Just finish testing each of the hooks individually but unfortunately the app still crashes, and crash log still not pinpointing the cause.

[jjolano]

Hopefully fixed with 3.3.3, though you may still need to use a downgraded app as it appears (at least on my end) to detect something very specific to Substitute

[Ryanizleee]

Still works on version 14.5.2 of the app, but any version higher than that will crash with the error "Runtime Tampering" from the app.

Here's the most recent crashlog, although I doubt it'll help much but hey at least the recent Shadow updates works on a older version of the app. https://pastebin.com/5p3QzY8z

[jjolano]

Thanks for confirming. Will close this for now as detection is Substitute specific. I have an idea of the detection method used as I also use it in my own detection app, but definitely needs more research time in terms of countering it.

[jjolano]

I think i figured out a bypass. But chance that it may break in future updates. Stay tuned for next update