Company Portal Detects Zygisk

snake-4 / Zygisk-Assistant

A Zygisk module to hide root for KernelSU, Magisk and APatch, designed to work on Android 5.0 and above.

MIT License

1.17k stars 81 forks source link

Company Portal Detects Zygisk #42

Open FroggMaster opened 5 months ago

FroggMaster commented 5 months ago

Describe the bug Root / Zygisk is detected by Company Portal.

Steps To Reproduce

Install Latest Magisk (V27)
Hide Magisk Application package name
Add Company Portal, Teams, Google Play Store, Google Play Service to Hide List
Install ZygiskAssist, Zygisk-LSPosed, PlayIntegrityFork
Try to launch teams, Company Portal will detect root.

Context

Device: Pixel 6 Pro
OS: A14
Version of Magisk, KSU or APatch: Magisk 27
Other Root Module(s): Play Integrity Fork Zygisk - LSPosed Zygisk - Detach
LSPosed Module(s): Lucky Patcher SnapEnhance XPL-EX Hide My Applist

Logcat

jiatern commented 4 months ago

Just commenting here how I managed to make it work with intune company portal:

Magisk v27 stable, LSPosed mod by mywalkb, Hide-My-Applist (HMA) v3.2, latest Zygisk-Assistant
Enable built-in zygisk > add Teams, Company Portal to Deny List > disable built-in zygisk
Install zygisk-next
Reboot

Seems like zygisk-next is essential to make this work.

FroggMaster commented 4 months ago

I appreciate the thought, but I've already got a bypass. I've written an article on XDA, along with many many hours testing different setups. The setup you've shared unfortunately does not work for me on a Google Pixel 6 Pro running Android 14.

Be happy to share more information with the developer so their root hiding methods work consistently. I had to use Shamiko over Zygisk-Assistant with a similar configuration and that does indeed work however. Latest detection methods are relative to Zygisk which is why you had to disable the native zygisk and use Zygisk-Next. It use's ptrace which has yet to be detected by most detection methods.

jiatern commented 4 months ago

Hi, glad to hear that you managed to bypass. Could you share a link to your article on XDA? Having another method as a backup is always great, in case my method gets patched. Thanks in advance!

EDIT: I found the thread ;)

raghua19 commented 3 months ago

Just commenting here how I managed to make it work with intune company portal:

Magisk v27 stable, LSPosed mod by mywalkb, Hide-My-Applist (HMA) v3.2, latest Zygisk-Assistant

Enable built-in zygisk > add Teams, Company Portal to Deny List > disable built-in zygisk

Install zygisk-next

Reboot

Seems like zygisk-next is essential to make this work.

Hi, glad to hear that you managed to bypass. Could you share a link to your article on XDA? Having another method as a backup is always great, in case my method gets patched. Thanks in advance!

EDIT: I found the thread ;)

Hi, could you pls share the link

jiatern commented 3 months ago

Hi, could you pls share the link https://xdaforums.com/t/how-to-bypass-microsoft-intune-company-portal-root-checks-working-as-of-march-2024.4663331/

Just want to add that I tried using shamiko but didn't work for me on Android 15 beta 4. So I am still using zygisk assistant.

I also did not use HMA because I have another banking app detecting root if HMA is installed.