[Feature request] Extend support to banking apps using Zimperium

salvogiangri / KnoxPatch

LSPosed module to get Samsung apps/features working again in your rooted Galaxy device.

GNU General Public License v3.0

819 stars 34 forks source link

[Feature request] Extend support to banking apps using Zimperium #52

Open Pharaoh2k opened 1 year ago

Pharaoh2k commented 1 year ago

Device name:

Galaxy Note 10 Plus

Device model number:

SM-N975F

OS version:

Android 12

Software info:

Any

Magisk/KernelSU version:

26301 (Magisk Alpha)

Hook framework app:

LSPosed 1.9.1 (6990)

KnoxPatch version:

v0.6.1 (Enhancer v0.4)

Steps to reproduce:

Some baking apps such as DBS PayLah have introduced an advanced root check by Zimperium. One of the components of Zimperium is called Knox license receiver. On Samsung phones using the latest Alpha+Shamiko+Zygisk the app detects root. On Xiaomi phones with the same exact apps and settings, it doesn't detect root. I assume the reason is Knox's presence on Samsung devices. I have tried adding the app to Knox Patcher in LSPosed, but then it doesn't even start at all. Easily reproducible. Would be great if you could add compatibility for such banking apps.

Thank you.

Expected behaviour:

As above.

Actual behaviour:

As above.

Logs:

None available.

salvogiangri commented 1 year ago

I need system logs to see what's going on.

Pharaoh2k commented 1 year ago

Oh, I assumed you have a samsung device and can simply install this DBS paylah app and reproduce it very easily....

salvogiangri commented 1 year ago

Oh, I assumed you have a samsung device and can simply install this DBS paylah app and reproduce it very easily....

I don't use my Samsung devices as daily drivers. Also, isn't a banking account required to use a banking app?

Pharaoh2k commented 1 year ago

No, I don't have an account either, the error is on launch and I guess that anyway you'll need to have it installed and test it to be able to fix it.

salvogiangri commented 1 year ago

Looks like the library checks for Knox support via Samsung's API's in system (https://docs.samsungknox.com/devref/knox-sdk/reference/com/samsung/android/knox/EnterpriseDeviceManager.html#getAPILevel()), issue is ZImperium has some anti-hook protection which prevents hooking the desired API's to disable any Knox code in the app.

salvogiangri commented 1 year ago

There's already this hook in the module used for the Samsung Health app: https://github.com/BlackMesa123/KnoxPatch/blob/188d7d77ff36e572087468da15824fc2cd4d694e/app/src/main/java/io/mesalabs/knoxpatch/hooks/SamsungHealthHooks.kt#L31-L42

But as I said there's nothing that can be done with the anti-hook protection in place, unfortunately this goes beyond my current knowledge+the fact I'm very busy lately due to university. Manually spoofing the Knox API version in frameworks like https://github.com/ShaDisNX255/NcX-S21FE/commit/d97ec1672fe9e1b3f8c241ec96b3c0a9e096bfea might do the trick.

Pharaoh2k commented 1 year ago

Yeah, I am afraid that more and more banking and wallet apps will start using Zimperium. Other brands' devices work just fine, as they don't use Knox. Thank you so much for looking into it. I wish I was a dev myself, so I could resolve it somehow :) Hopefully, you'll find the time and knowledge to fix this challenging and interesting issue.

Garfield-Z commented 11 months ago

There's already this hook in the module used for the Samsung Health app:

https://github.com/BlackMesa123/KnoxPatch/blob/188d7d77ff36e572087468da15824fc2cd4d694e/app/src/main/java/io/mesalabs/knoxpatch/hooks/SamsungHealthHooks.kt#L31-L42

But as I said there's nothing that can be done with the anti-hook protection in place, unfortunately this goes beyond my current knowledge+the fact I'm very busy lately due to university. Manually spoofing the Knox API version in frameworks like ShaDisNX255/NcX-S21FE@d97ec16 might do the trick.

On KSU v0.7.1, current latest paylah detect shamiko v0.7.4, I have to disable shamiko and reboot before I can use it and this is quite annoying. I am trying to follow your suggestion to apply this fix to S23U A13 rooted system-rw stock rom. After applying the smali fix and re-compile, zip to knoxsdk.jar, replacing /system/framework/knoxsdk.jar with this mod is enough? Need to do sth to knoxsdk.art or knoxsdk.oat files?

salvogiangri commented 11 months ago

On KSU v0.7.1, current latest paylah detect shamiko v0.7.4, I have to disable shamiko and reboot before I can use it and this is quite annoying.

I am trying to follow your suggestion to apply this fix to S23U A13 rooted system-rw stock rom, after applying the smali fix and re-compile, zip to knoxsdk.jar, replacing /system/framework/knoxsdk.jar with this mod is enough? Need to do sth to knoxsdk.art or knoxsdk.oat files?

Modding knoxsdk.jar is all you need to do. You can ignore/delete the prebuilt oat/odex/vdex/art files