[feature request] add app/file hiding to Magisk Hide

[meiser79]

I'd like to request the following feature:

Some apps (e.g. Sparkasse+, DKB TAN2go) check for some specific apps or files on the device. I could just check for Xposed as it was a bit easier. If I have the Xposed app installed, the Sparkasse+ app force-closes. If the Xposed framework is installed and the Xposed app is not installed, it shows the same behaviour. So I suppose that the app checks for some files in the filesystem. The DKB TAN2go app still detects root even when putting it on the Magisk Hide list, so I assume the same for the root detection mechanism.

It would be great if Magisk Hide supported some kind of mechanism to hide dedicated apps or files.

Thanks in advance!

[jpdribbler]

same issue here :(

[tkuehling]

Same here.

When i use the feature "Magisk Core Only Mode", it worked once and then not anymore. Damn. :(

Log:

MagiskHide: com.starfinanz.mobile.android.dkbpushtan(PID=7101 ns=mnt:[4026534646]) MagiskHide: Unmounted (/sbin) MagiskHide: Unmounted (/magisk) MagiskHide: com.starfinanz.mobile.android.dkbpushtan(PID=7153 ns=mnt:[4026534529]) MagiskHide: Unmounted (/sbin) MagiskHide: Unmounted (/magisk) MagiskHide: com.starfinanz.mobile.android.dkbpushtan(PID=8260 ns=mnt:[4026534637]) MagiskHide: Unmounted (/sbin) MagiskHide: Unmounted (/magisk) MagiskHide: com.starfinanz.mobile.android.dkbpushtan(PID=8501 ns=mnt:[4026534647]) MagiskHide: Unmounted (/sbin) MagiskHide: Unmounted (/magisk)

[tkuehling]

Bump

[porst17]

Does anyone know which files or apps these banking apps check for? DKB TAN2go just crashes on my phone (Samsung Galaxy S4 mini (serranoltexx) + Lineage OS 14.1 + Magisk 12.0 + Magisk Hide On + Safety Net passes). There is no error message or anything visible to the end user. It just force closes. Knowing the requirements of the apps would aid debugging a lot, I assume.

[Didgeridoohan]

DKB themselves tell you they are looking for root, cleaner apps, battery apps, screen readers, etc.

Apart from that, you're probably gonna have to use a combination of logcat and decompiling the apk to figure out what's actually going on.

[porst17]

I also tested with unrooted Lineage OS 14.1. No Magisk. All screen readers disabled, no cleaners or battery savers installed. SafetyNet test passes.

DKG TAN2go app just force-closes for no obvious reason.

I doubt decompiling will help much. The app contains a native shared library called libshield. I assume most of the additional checks are done via this library (just guessing).

[Didgeridoohan]

Yes. Many apps use native libraries like that and are quite tricky to fool...

There's also different prop values, like ro.build.tags=test-keys, that might cause an app to protest.

[porst17]

logcat doesn't contain anything useful. TAN2go just crashes with a NullPointerException in a random class (class and method names suggest that the code is also obfuscated). The null pointer is a return value of some method in the libshield native code (it's also different for each run). The NullPointerException then occurs when the Java part tries to do something with the unexpected null (e.g. do a string comparison like null.equals(someString)). That's all I could get via logcat.

Even with a Magisk module that hides files and apps, we would need to know what these apps actually require to start up properly ... As I pointed out above, they seem to test far more than they claim to do (no root, no screen reader, no cleaner, no battery saver, valid safetynet, but app still crashes without a user facing error message on custom roms).

It would be nice if the requested module could aid the process of finding such information (kind of tracing what the app does). I am not experienced enough to know if such a thing is possible on Android.

[daenny]

A little update: For me it works at the moment. I have Magisk 13.3. Coremode only. Hide active. Then UNINSTALL magisk magager. Then it works :) Re-install after you are finished with banking ;)

[leezu]

I'm not that familiar with how Magisk currently works and if the approach is feasible on Android, so take the following with a grain of salt : Can we use strace to get a list of system calls that e.g. Tan2Go makes (which should reveal every file or other system resource that they check) and with that knowledge preload a shared library (via LD_PRELOAD) that claims these files were non-existant?

[tobiasdroste]

A little update: For me it works at the moment. I have Magisk 13.3. Coremode only. Hide active. Then UNINSTALL magisk magager. Then it works :) Re-install after you are finished with banking ;)

The uninstall of magisk manager made the app work for me too.

[huckleberrypie]

Yes. Many apps use native libraries like that and are quite tricky to fool...

There's also different prop values, like ro.build.tags=test-keys, that might cause an app to protest.

One example being the World Rally Championship app. I've decompiled said app and it does have a routine that checks if test-keys is present.