Closed kam821 closed 2 years ago
Well, it's not in Russian, it's in Ukrainian, stop misinforming people please, English community thinks Ukraine is part of Russia because of that.
Sorry, but you wrong. I found that post about detection details on 4pda forum. The post is in Russian language, so I've translated it for everyone. That's all.
Well, it's not in Russian, it's in Ukrainian, stop misinforming people please, English community thinks Ukraine is part of Russia because of that.
Sorry, but you wrong. I found that post about detection details on 4pda forum. The post is in Russian language, so I've translated it for everyone. That's all.
I misunderstood it, I was thinking you are referring to app description on play store or something…
My bank app "C6 Bank" appears to be using this exploit to detect root even with hide + package rename
https://play.google.com/store/apps/details?id=com.c6bank.app
I'm using latest Magisk Canary on my Mi 9T Pro
Edit: On manifest file have a declaration of an isolated process "hj.Oj"
Edit 2: Maybe we will have great news soon https://github.com/topjohnwu/Magisk/commit/8e61080a4a80396e57c2ef9ddc02f068b66a4fe3
With the canary build installed Sky Go can still detect root, despite magisk detecting the isolated process and hiding everything.
hide_list add: [isolated/com.bskyb.skygo:vgdrm_helper:com.nds.vgdrm.impl.generic.VGDRMHelperService] hide_list add: [com.bskyb.skygo/com.bskyb.skygo]
They updated their lib/drm last year and now it circumvents MagiskHide and detects /sbin/su. I know that because if I launch a file manager with root and temporarily rename the su binary then Sky Go lets me watch live TV and movies again.
With the canary build installed Sky Go can still detect root, despite magisk detecting the isolated process and hiding everything.
hide_list add: [isolated/com.bskyb.skygo:vgdrm_helper:com.nds.vgdrm.impl.generic.VGDRMHelperService] hide_list add: [com.bskyb.skygo/com.bskyb.skygo]
They updated their lib/drm last year and now it circumvents MagiskHide and detects /sbin/su. I know that because if I launch a file manager with root and temporarily rename the su binary then Sky Go lets me watch live TV and movies again.
I think this feature (hiddind root from isolated process) is not yet fully implemented
Anyone can confirm magiskhide now successfully hides root from isolated process?
Pada tanggal Sen, 18 Jan 2021 00.28, jh0bc notifications@github.com menulis:
With the canary build installed Sky Go can still detect root, despite magisk detecting the isolated process and hiding everything.
hide_list add: [isolated/com.bskyb.skygo:vgdrm_helper:com.nds.vgdrm.impl.generic.VGDRMHelperService] hide_list add: [com.bskyb.skygo/com.bskyb.skygo]
[image: 2021-01-16] https://user-images.githubusercontent.com/54548942/104815891-6f4cf400-580f-11eb-9d84-f1340fada49d.png
They updated their lib/drm last year and now it circumvents MagiskHide and detects /sbin/su. I know that because if I launch a file manager with root and temporarily rename the su binary then Sky Go lets me watch live TV and movies again.
I think this feature (hiddind root from isolated process) is not yet fully implemented
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/topjohnwu/Magisk/issues/2406#issuecomment-761848027, or unsubscribe https://github.com/notifications/unsubscribe-auth/AI2MEN5TVUMGX4SOWHQO32LS2MM3VANCNFSM4KQZJLQQ .
I think this feature (hiddind root from isolated process) is not yet fully implemented
It looks like it should be functioning, but maybe there's still issues that need to be worked out.
I do see this in the log...
proc_monitor: [com.bskyb.skygo] PID=[14355] UID=[10320] hide: handling PID=[14355] hide: Unmounted (/system/xbin) hide: Unmounted (/system/lib64) hide: Unmounted (/system/lib) hide: Unmounted (/system/app) hide: Unmounted (/sbin) hide: Unmounted (/system/etc/hosts)
But there's no mention of the isolated process other than it being added to the hide list.
I have a Magisk branch that solves this problem. Magisk Lite only has SU and no Magisk module function. If your banking apps detected Magisk, and you don't use Magisk module, you can try this branch.
Download: https://github.com/vvb2060/magisk_files Source code: https://github.com/vvb2060/Magisk Before installation, all modules must be disabled/removed!! Then, you can only use Magisk Lite's Magisk Manager.
Test detection app: https://github.com/vvb2060/MagiskDetector/releases/latest
Does Magisk Lite's Magisk Manager support hiding itself via repack/rename? I tried the hide manager option in settings, but it seems doesn't work.
EDIT: It works, but download speed is slow (60 KB/s ~ 80 KB/s) when hiding.
I have a Magisk branch that solves this problem. Magisk Lite only has SU and no Magisk module function. If your banking apps detected Magisk, and you don't use Magisk module, you can try this branch.
Download: https://github.com/vvb2060/magisk_files Source code: https://github.com/vvb2060/Magisk Before installation, all modules must be disabled/removed!! Then, you can only use Magisk Lite's Magisk Manager.
Test detection app: https://github.com/vvb2060/MagiskDetector/releases/latest
Is there anyway we can use Riru Module with your Magisk?
https://github.com/vvb2060/riru-unshare/actions riru module, enable enhanced mode for Magisk Hide, allow Magisk Hide to handle isolated processes. !!need 5e56a6b !!
Hi, my app suddenly detect my rooted device and it is not functioning anymore.
I tested MagiskDetector and found out Magisk Hide is not working. I tried termux SU, nagiskhide disable, Magiskhide enable. Toggle Off MagiskHide button, restart. Toggle On MagiskHide button.
Still showing Magisk Hide is not working in detector.
Please kindly suggest solution and assist, thank you.
https://github.com/vvb2060/riru-unshare/actions riru module, enable enhanced mode for Magisk Hide, allow Magisk Hide to handle isolated processes. !!need 5e56a6b !!
Just a little feedback
Flashed latest Canary (22002) + Riru Core (v. 23.9) + Riru Unshare Module and boom!
Now Magisk fully hide from any root detection! Including Isolated Process 😏
Many thanks my friend! 😁😁😁
@jh0bc can you guide me on how to install riru unshare module? I have searched on magisk manager module, but I can't get it
@jh0bc can you guide me on how to install riru unshare module? I have searched on magisk manager module, but I can't get it
Flash latest Magisk Canary
Install the Riru core module v. 23.9 from Magisk repo.
Now download the zip from the link below:
https://github.com/vvb2060/riru-unshare/releases
Flash the zip trough Magisk Manager
Enable Magisk Hide for the app including their isolated process (if you don't know what is the correct one just mark all)
Enjoy! ;)
I successfully bypassed root detection using this method !!!
Thanks buddy 😀
Now I have some doubts :-
I was using a edxposed module before to bypass some other detections like usb debugging , developer options enabled or not ,etc .. I don't want to disable these settings while app is running
I have another fix for these settings without xposed but I need my exposed module working for that app for some other hooks
But now the problem is : after hiding, my xposed module doesn't work ( it doesn't trigger loadPackage)
So what I have assumed , magisk hidden apps can't use xposed coz thats also may be a workaround to check root using stack trace or something (just assumption , definately there would be other reasons )
At last my question is , can I somehow use xposed module on app which has magisk hide on ?
I know java and android so I was capable of building my own xposed but not magisk modules , but just imagine if I was able to build magisk modules , then can there be a solution to fake that Settings ?? Coz I think magisk hide unmounts all that redirected/fake paths for that app n it means we can't use fake props for that app ??
What I need is either make xposed work or magisk module that may do this ..
Before that main question is , Is that possible ?
https://github.com/vvb2060/riru-unshare/actions riru module, enable enhanced mode for Magisk Hide, allow Magisk Hide to handle isolated processes. !!need 5e56a6b !!
Hello Thanks for the Extension it was working great as indented until just yesterday one of my bank mobile app decided to push and update and it started detecting root again. i also noticed that it has 2 processes in magic hide but one of the process i cant seem to enable magisk hide on. everytime i put a check on it go back to menu and open magisk hide again it keep unchecking it self. Im not a dev, im just reporting this issue for now maybe someone will have a workaround
Here is the app if anyone is curious https://play.google.com/store/apps/details?id=com.bankmandiri.mandirionline&hl=en&gl=US
@TheOnlyZii https://github.com/topjohnwu/Magisk/pull/4056/commits/5f0623332eb7331da34c30b77797514efcad7051
@TheOnlyZii
https://github.com/topjohnwu/Magisk/pull/4056/commits/5f0623332eb7331da34c30b77797514efcad7051
What this URL means? I'm also having problem while hiding root. My phone is OnePlus8Pro (Android 11+ Riru-unshare + Safetynet passed) installed. If you are interested My banking app (Yapı Kredi Mobil)
And I'm going to share my own story about it, If you someone want any logs or infos about this spesific root detection method I free I can share everything with some dev:
Device: OnePlus 8 Pro / OOS11_OB7(Android 11) / Magisk Canary (f152b4c2,22005) / Kernel( Omega & Official stock both tried. )
Installed Magisk Modules: "ADB&Fastboot for Android NDK / MagiskHide Props Config / OOS Native Call Recording Enabler / Systemless Host / Riru / Riru - Enchand mode for Magisk Hide / Riru - LSPosed"
LSPosed modules: xPrivacyLua (Disabled app listing for Yapıkredi Mobil)
About the app: "Yapı Kredi Mobil" it is a well known Turkish bank. Google Play URL
SafetyNet is passed, "Rootbeer Sample" app is passing all tests. Root is obtained with boot.img patching method, No custom Recoveries. There is no root related apps, magisk app is repacked with random name. I tried this xPrivacyLua method from here. App crashes when I enable "use tracking" checkbox. Not worked. Then I tried Riru-unshare method. Also failed. Tried vvb2060/MagiskDedector and it says "init.rc has been modified by Magisk" this app also can detect root." In every process I made. I rebooted and cleared cache. FYI I can install Netflix in Google Play.
I tried App made by VD171@xda-forum called "VD Infos xda page" and app given this output to me. Output:
---------------------------------------
-> Quantities
Total Time: 23 minutes and 57 seconds.
Total of tries: 6,062,778.
Total found: 4.
* Emulator detected.
---------------------------------------
-> ROOT
#1. [* EMULATOR]: [ro.kernel.qemu.gles]: 0
#2. [Found]: /system/lib/libsigchain.so
#3. [Found]: /system/lib64/libsigchain.so
#4. [Found]: com.dolby.daxservice.DaxApplication
---------------------------------------
If it is not releated or is my bad I'm sorry I can delete my comment after that. Thanks.
@emirefek for my particular case the fix is already been made just need to be implemented in the next releases by the dev
im not a dev i cant comment about your issue. im just putting mine for awareness
Hi All, Currently, is there a way to hide "Magisk su processes"?
Hi, my app suddenly detect my rooted device and it is not functioning anymore.
I tested MagiskDetector and found out Magisk Hide is not working. I tried termux SU, nagiskhide disable, Magiskhide enable. Toggle Off MagiskHide button, restart. Toggle On MagiskHide button.
Still showing Magisk Hide is not working in detector.
Please kindly suggest solution and assist, thank you.
You realize your screenshots are taking too much space?
I imagine this is resolved with MagiskHide's replacement with DenyList, which is powered by Zygisk? Try again in 23013.
@vvb2060 I also see the init.rc modification detection is the only Magisk Detector test which fails on 23013 on modern devices/Android with DenyList. Any fix for that?
@osm0sis Magisk Detector has been archived, I am currently working on momo: https://www.coolapk.com/apk/io.github.vvb2060.mahoshojo
MagiskHide has been removed
First of all, I would like to say that I am aware of the fact that raising the issue of MagiskHide is usually irritable and I will understand if my thread will be ignored.
I recently read an article: https://darvincitech.wordpress.com/2019/11/04/detecting-magisk-hide/
It describes issue in MagiskHide mount points hiding for isolated processes - and detect Magisk by exploiting this issue.
I tested it on my own by activating MagiskHide for Brave and all subprocesses.
For every sandboxed_processX, the mount list looks like MagiskHide is off, other processes (like main/privileged_processX) are property hidden.
Main process - mountstats: https://pastebin.com/6t1p1wxs
Sandboxed_process - mountstats: https://pastebin.com/YasyF3tV
Magisk/Magisk Manager: 20.4-ed58cf95. Xiaomi Mi 8 / Android 10 / xiaomi.eu 20.1.21
Regards.