Related
Hello folks of XDA, especially the Italians one since i'm creating this thread to address one of the most wanted feature of the Italian Intesa San Paolo home banking mobile application for Android, that is making PayGo work with a custom ROM, rooted phone, ecc....
Now let's first state what PayGo is and what's the problem:
PayGo it's a feature of the application that allows you to emulate the contactless chip of one of you credit/debit card through NFC.
PayGo requires your phone to be unrooted and unmodified.
Every attempt to hide the modifications through Magisk Hide allows you to pass the initial warning of the application about Root and Custom ROM but the feature then fails to start with an unknown error.
So, summing up, PayGo won't work even if you pass SafetyNet checks and no one seems to understand what it checks.
Now, I'm a developer but I'm not even close to understand how security checks and stuff works under the hood in Android but my guess is that PayGo checks somehow if the bootloader is unlocked or not. Following this intuition I Googled how to check from application code if the bootloader is unlocked or not. One answer on Andorid Stack Exchange seemed to be really useful: it states that from a dialer app you can check if the bootloader is unlocked or not. Now, that answer reminded me that I was always wondering why Intesa San Paolo app was asking for phone permissions even if it never used them (at least apparently) and an idea popped to my mind:
what if the app asks for phone permissions only to check as dialer if the phone has unlocked bootloader or not?
Well, I revoked phone permission to the app and tried to open PayGo and guess what, it asks phone permissions right away! If you deny them and check "don't ask me again" it won't even open anymore, so my guess may be right.
The problem now is to understand what values is returned to the dialer and how to modify it so that we can test it.
Any good soul that can offer a solution through, i don't know, a Magisk module or something?
Thank you for your time in reading this, I hope it helps someone
@Diomorgan, @Errtu73, @olivercervera may find this thread useful
Have you tried disabling ADB debugging? I have personally tested PayGo and works
olivercervera said:
Have you tried disabling ADB debugging? I have personally tested PayGo and works
Click to expand...
Click to collapse
Yes, it passes the first warning but then fails to start with unknown error
You are lucky because I'm customer of the Intesa group (although I usually don't use this app)
As I said earlier, it works perfectly on my device. The issue is specific to your ROM/device.
I just activated the App and PayGo right now...
olivercervera said:
You are lucky because I'm customer of the Intesa group (although I usually don't use this app)
As I said earlier, it works perfectly on my device. The issue is specific to your ROM/device.
I just activated the App and PayGo right now...
Click to expand...
Click to collapse
Well I tried it on a OnePlus One with Sultanxda LOS but no luck, same on LG G4 with official LOS. Which phone and ROM are you using?
I'll try with my OnePlus 5 keeping the stock ROM, hoping it will work
Lamba92 said:
Well I tried it on a OnePlus One with Sultanxda LOS but no luck, same on LG G4 with official LOS. Which phone and ROM are you using?
I'll try with my OnePlus 5 keeping the stock ROM, hoping it will work
Click to expand...
Click to collapse
I'm on Xiaomi Mi5 and LOS 15.1 (Android 8.1)
LOS is not the problem, probably there was something weird in the ROMs you tried. Some old ROMs are implemented in a way that Magisk can't really work/hide everything, most of them before SafetyNet/Magisk era.
Try with stock ROM and Magisk, you should be fine.
The latest updates to these apps on the 18th and 19th of June 2018 produce "Error 04 Security Check failed" at launch. Dismissing the message exits the app.
Rolling back to the previous versions of the apps or even a year old version fixes the problem (for now).
Are these apps finally rejecting 'insecure' devices?
I've got the same error.
It was working this morning but root was disabled as I had done a software update a few days ago and not reinstalled magisk.
Installed 05.09.0000.43.0 May 14, 2018 from apkmonk and I can login again.
Every week I'm almost finding more reasons to give up on rooting. I only use it for a few convenience things mainly but they are so useful. I couldn't have a phone without online banking though...
Just point your stock web browser at nwolb.com.
intrepidis said:
Just point your stock web browser at nwolb.com.
Click to expand...
Click to collapse
Not really the same though? The login process takes longer, the information isn't as nicely formatted etc..
roll back to the previous update.
jeffbesoz said:
Agree with you. :good::good:
Click to expand...
Click to collapse
If you use natwest current version you will get this error if you are rooted - I tried using magisk and hide root but that did not work.
use natwest app version V05.03.0001.125.0 this one will not detect root but it is not as secure as the latest version
https://natwest.en.aptoide.com/?store_name=monadiva&app_id=30626821
I spoke to Natwest support about this and got a call back from one of their techies... he stated that the error message was not from the Natwest app, but from Android itself... this could mean (if true) that Natwest isn't checking for root, but offloading the check onto Google Pay, which in turn gives the error 04...
shayraz said:
I spoke to Natwest support about this and got a call back from one of their techies... he stated that the error message was not from the Natwest app, but from Android itself... this could mean (if true) that Natwest isn't checking for root, but offloading the check onto Google Pay, which in turn gives the error 04...
Click to expand...
Click to collapse
Interesting..
I also saw that they are now saying that finger print logins will not work unless you update. Can't do fingerprint anyway because of root etc..
Update: I received a text message saying that older versions of the app will no longer work in 30 days.
You are using an old version of our app which we will be switching off in 30 days. To continue to use our Mobile Banking app, you will need to update your phones operating system to 6.0 and visit your app store to update to the latest version of our app. If you are unable to update your phones operating system, you can continue to use Online Banking as an alternative.
Click to expand...
Click to collapse
The most recent version of the app (Dec-3rd-2018, 05.14.0000.63.0) continues to give the aforementioned error message. In the meantime, I will continue to use version 05.14.0000.36.0.
It would be nice for Natwest to give an official statement on this.
htr5 said:
Update: I received a text message saying that older versions of the app will no longer work in 30 days.
The most recent version of the app (Dec-3rd-2018, 05.14.0000.63.0) continues to give the aforementioned error message. In the meantime, I will continue to use version 05.14.0000.36.0.
It would be nice for Natwest to give an official statement on this.
Click to expand...
Click to collapse
I've not received a text but keep getting a popup when I login...
Not sure what version I'm on though ... no idea what will do if it stops working
I had the same problem too. I have figured out that the incompatibility seems not to be with root but with Xposed.
The app works with root enabled, it does not when Xposed is on.
Here how I managed to make it work:
I uninstalled the app, disabled root from my settings, turned off Xposed, restarted the phone and then installed the app again.
The RBS app worked perfectly, also with root on, until I re-enabled Xposed. Once I enable Xposed, I get the Error 04 message.
It works again every time I disable Xposed and restart the phone. It is a bit of a workaround but it works, and luckily it is not an app I use every day.
I am on an S5 with Lineage 15.1.
I can also confirm the issue is with xposed. If you turn off xposed from the installer and an then reboot, the app banking app will work fine.
I have tried installing NatWest in the work profile using the Islands app but it didn't work. The Sudohide xposed module also didn't work. There are no relevant permissions in the NatWest app that can be revoked.
Maybe something similar to DBXposed module could be a workaround?
https://forum.xda-developers.com/xposed/modules/dbxposed-bypass-root-xposed-detection-t3536406
I have no experience in compiling or programming though
I suppose if you turn off Xposed from the installer all of the xposed modules stop working?
Got my 29 day count down now before this version of Natwest stops working .. ugh ... theres just a few simple things I have on Xposed but they make the phone so much better.. e.g. Xinsta and ChromePie
oli356 said:
I suppose if you turn off Xposed from the installer all of the xposed modules stop working?
Got my 29 day count down now before this version of Natwest stops working .. ugh ... theres just a few simple things I have on Xposed but they make the phone so much better.. e.g. Xinsta and ChromePie
Click to expand...
Click to collapse
I have systemless Xposed installed meaning that it can be disabled really easily from within the app. A soft reboot keeps some of my modules to continue working such as the cosmetic tweaks.
The reboot process takes about 45 seconds each way but I'm finding myself using the browser website for quick transfers anyway.
Hi guys, i was researching a bit how to make natwest app working along with magisk and edxposed, i found that adding natwest to edxposed blacklist did the job, since i saw natwest has an activity looking for hooks...
As simple fingerprint works
Of course also box checked in magisk hide
pincopallowfs said:
Hi guys, i was researching a bit how to make natwest app working along with magisk and edxposed, i found that adding natwest to edxposed blacklist did the job, since i saw natwest has an activity looking for hooks...
As simple fingerprint works
Of course also box checked in magisk hide
Click to expand...
Click to collapse
Frustratingly this doesn't work for me.
Brig1979 said:
Frustratingly this doesn't work for me.
Click to expand...
Click to collapse
Have you cleared natwest data app before?
After set natwest in magiskhide and set natwest in edxposed blacklist can try to clean dalvik and reboot...
It's kinda strange indeed, on my tablet lenovo running aospextended natwest works outofthebox without doin nothing apart from set it into magiskhide, on mi mix3 it worked only after setting it into magiskhide and edxposed blacklist.... It should work as well putting magisk into core mode, but no modules get loaded, so you need reboot, use natwest and then reboot again to reload modules...
pincopallowfs said:
Have you cleared natwest data app before?
After set natwest in magiskhide and set natwest in edxposed blacklist can try to clean dalvik and reboot...
It's kinda strange indeed, on my tablet lenovo running aospextended natwest works outofthebox without doin nothing apart from set it into magiskhide, on mi mix3 it worked only after setting it into magiskhide and edxposed blacklist.... It should work as well putting magisk into core mode, but no modules get loaded, so you need reboot, use natwest and then reboot again to reload modules...
Click to expand...
Click to collapse
Completely forgot to answer this, but i'd tried literally everything!
Updated the natwest app last night and it's now working again (I do still have it added to the the blacklist in Edxposed, and magisk hide set)
I also updated to 05.18.0000.85.0 and it is working now with xposed and root. I am not using any masking tools.
Updated to latest version today as it said app would stop working in couple of days. With magisk hide on and xposed disabled I still get an error and can't login.
OnePlus 7 , OOS 10.0.7 GM57BA
- rooted with Magisk
- busybox installed
- NO Xposed!!
- magisk package name changed
- magisk Hide enabled in settings
- safetyNet passed
- packages hidden: Barclays and com.anfroid.phone
Issue: cannot set up fingerprint authentication in Barclays app. It works well in any other apps. When following the procedure, the app throws an error T0009 and the message "Error during fingerprint authentication/registration"
I contacted the Barclays team, they don't seem to have the error in their errors list. Possibly to be forwarded from the system?
I also tried to hidein magisk the fingerprint authentication services com.qualcomm.qti.biometrics.fingerprint.service
Maybe I didn't hide all services involved in fingerprint authentication? What else should I try to hide from root?
I'm looking for suggestions.
Hi,
i've got the same issue for ages (with my previous OP6 too) and it's the same with the BA Amex app.
I think it's just an issue of these apps with our OP7 phone?
Have you ever been able to make it work with the phone un-rooted?
bay12 said:
Hi,
i've got the same issue for ages (with my previous OP6 too) and it's the same with the BA Amex app.
I think it's just an issue of these apps with our OP7 phone?
Have you ever been able to make it work with the phone un-rooted?
Click to expand...
Click to collapse
Yes, my wife's phone (also OP) was never rooted and it worked just fine. OP5T, then OP7 and now OP8. And yes, the OP7 Which is mine now,was hers before.
On the default phone configuration it seems to be working just fine.
derei said:
Yes, my wife's phone (also OP) was never rooted and it worked just fine. OP5T, then OP7 and now OP8. And yes, the OP7 Which is mine now,was hers before.
On the default phone configuration it seems to be working just fine.
Click to expand...
Click to collapse
oh interesting! i don't think i've ever tried to used these apps with an unrooted phone.
Please let me know if you manage to solve this issue
Same problem forever with Barclays and OP6
I have the same issue with my OP8T, rooted with patched Magisk image, MagiskHide, but otherwise stock OS. I'm also unable to get any useful information out of Barclays.
This worked fine on my OP3T so it seems to be something with the newer phones.
Hello guys,
I have the same issue with my OP8P, magisk hide,safety net passed. I have another banking app which is working perfect but this for some reason it is not working
I've just had my S9+ replaced on insurance. However I've had to have the phone replaced again as the first replacement they sent had an issue with the touchscreen.
My original phone worked fine with fingerprint authentication in banking apps.
The first replacement I rooted with Magisk and both my banking apps worked OK, but the newest replacement doesn't work with either banking app and just errors when trying to enable fingerprint authentication.
All phones were running the same Alexis ROM, same configuration with Magisk and same kernel.
Really weird.
Hello,
I have an unlocked, rooted Pixel 7, Android 13 panther. My device is rooted, and the bootloader is unlocked. I have Magisk 25.2 installed with Zygisk and enforce denylist active.
I cannot seem to get my device to pass SafetyNet. I use YASNAC and am continually getting a CTS profile Match Fail.
I have installed the magisks modules, Universal SafetyNet fix, and Magisk Hide Props Config.
I cannot figure out a sequence of options using Hide Props Config that will get me to pass SafetyNet.
Is there anyone who might have any suggestions?
i have the exact same issue
captain_howdy said:
Hello,
I have an unlocked, rooted Pixel 7, Android 13 panther. My device is rooted, and the bootloader is unlocked. I have Magisk 25.2 installed with Zygisk and enforce denylist active.
I cannot seem to get my device to pass SafetyNet. I use YASNAC and am continually getting a CTS profile Match Fail.
I have installed the magisks modules, Universal SafetyNet fix, and Magisk Hide Props Config.
I cannot figure out a sequence of options using Hide Props Config that will get me to pass SafetyNet.
Is there anyone who might have any suggestions?
Click to expand...
Click to collapse
dangercl0se said:
i have the exact same issue
Click to expand...
Click to collapse
you both need to check out the post below (or better yet, get from his Github) and use Displax's updated mod to Universal SafetyNet fix. The original USNF hadn't worked with the Pixel 6 (or Pixel 7), where his original mod worked and passed everything but Strong Integrity. Then, when it came to the Pixel 7 Pro, he needed to mod it again and we all have been using his mod_2.0 to get things to work.
Of course, after applying the module and putting Google Play Store, Google Services Framework, & Google Play Protect Service in the Denylist (every entry in its subdirectory ticked), be sure to clear data from them to make sure you get the best chance at passing safetynet...
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
simplepinoi177 said:
you both need to check out the post below (or better yet, get from his Github) and use Displax's updated mod to Universal SafetyNet fix. The original USNF hadn't worked with the Pixel 6 (or Pixel 7), where his original mod worked and passed everything but Strong Integrity. Then, when it came to the Pixel 7 Pro, he needed to mod it again and we all have been using his mod_2.0 to get things to work.
Of course, after applying the module and putting Google Play Store, Google Services Framework, & Google Play Protect Service in the Denylist (every entry in its subdirectory ticked), be sure to clear data from them to make sure you get the best chance at passing safetynet...
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Click to expand...
Click to collapse
the 2.0 file worked for me, i get CTS pass now
but cannot hide root from Citibank app though. any chance you may know a fix? or the citibank guys are that good?
I vey same issue with my bank app Bt Pay. Only reason i cant stay rooted.
dangercl0se said:
the 2.0 file worked for me, i get CTS pass now
but cannot hide root from Citibank app though. any chance you may know a fix? or the citibank guys are that good?
Click to expand...
Click to collapse
Need Shamiko. Set apps in deny list but don't enforce the deny list.
LLStarks said:
Need Shamiko. Set apps in deny list but don't enable the deny list.
Click to expand...
Click to collapse
Unless the app is even "smarter". Like my own bank app.
dangercl0se said:
the 2.0 file worked for me, i get CTS pass now
but cannot hide root from Citibank app though. any chance you may know a fix? or the citibank guys are that good?
Click to expand...
Click to collapse
I was having trouble with Chase a while back. What I did was clear the banking app's cache/data, enable airplane mode, and reboot after passing safetynet adding the banking app to DenyList. I was then able to log in and successfully hide root from the app. Good luck!
LLStarks said:
Need Shamiko. Set apps in deny list but don't enforce the deny list.
Click to expand...
Click to collapse
still doesn't work, citibank can detect magisk (which was hidden) before i login lol
dangercl0se said:
the 2.0 file worked for me, i get CTS pass now
but cannot hide root from Citibank app though. any chance you may know a fix? or the citibank guys are that good?
Click to expand...
Click to collapse
I use the Citibank app myself and am able to get it to work. You gotta make sure that everything under its sub-directory is ticked as well -- just checked and there's 4 entries in its subdirectory that needs to be ticked. Another thing that might help is to Click Hide the Magisk app; when you hide it, you'll have the optional opportunity to change the Magisk app's name to whatever you wish. Also, you can do what kornball said below as that's also a good idea as well.
kornball said:
I was having trouble with Chase a while back. What I did was clear the banking app's cache/data, enable airplane mode, and reboot after passing safetynet adding the banking app to DenyList. I was then able to log in and successfully hide root from the app. Good luck!
Click to expand...
Click to collapse
Try to use Ice Box app and freeze magisk, then see if banking app works. I had to do that on my last phone. You can easily open magisk by opening ice box app first.
Weird stuff, folks. I imagine that something else is being done amiss as I have a similar setup and don't have any safetynet issues that affect the access to my banking apps/GPay/Prime Video/etc.
I don't even use Displax's USNF mod. Heck, I barely even use the denylist.
I would suggest that you wipe the device clean, re-image it with the latest A13 build, re-root and then set everything up again. But this time, do not install the Magisk Hide Props. That is only needed for those on custom ROMs (which I imagine you aren't using).
dangercl0se said:
still doesn't work, citibank can detect magisk (which was hidden) before i login lol
Click to expand...
Click to collapse
Did you enable Zygisk?
I'm honestly having trouble with Chase at the moment. Usually I'm able to hide Magisk enough to get fingerprints working.
The Citi app doesn't work for me either, despite all other workarounds, and everything else works other than setting the fingerprint reader for use with the Chase app (but that can be worked around while temporarily not rooted). I'll just use the Citi website if I need to.
LLStarks said:
Did you enable Zygisk?
I'm honestly having trouble with Chase at the moment. Usually I'm able to hide Magisk enough to get fingerprints working.
Click to expand...
Click to collapse
I forgot to set the fingerprint before I rooted when I updated the firmware, but I'm just going to try to remember to do it on the next firmware update, hopefully. I never found any other workaround that always works.
roirraW edor ehT said:
The Citi app doesn't work for me either, despite all other workarounds, and everything else works other than setting the fingerprint reader for use with the Chase app (but that can be worked around while temporarily not rooted). I'll just use the Citi website if I need to.
I forgot to set the fingerprint before I rooted when I updated the firmware, but I'm just going to try to remember to do it on the next firmware update, hopefully. I never found any other workaround that always works.
Click to expand...
Click to collapse
For Chase, here's how I got it to work on my P6 previously. There's an old thread where someone installed a downgraded version, but I didn't need to do that:
I force stopped the app and cleared cache/data. I then enabled airplane mode, went into the Chase app and entered my credentials. I hit the fingerprint option and hit "sign on." I got the error saying no data connection available. I reenabled data and signed on.
kornball said:
For Chase, here's how I got it to work on my P6 previously. There's an old thread where someone installed a downgraded version, but I didn't need to do that:
I force stopped the app and cleared cache/data. I then enabled airplane mode, went into the Chase app and entered my credentials. I hit the fingerprint option and hit "sign on." I got the error saying no data connection available. I reenabled data and signed on.
Click to expand...
Click to collapse
I've tried that before on my Pixel 6 Pro and it didn't work. I just tried it again, exactly as you said, and it didn't work for me this time either. I'm glad it works for you. It's no big deal for me to do it while unrooted - just too lazy to unroot until I have to manually update the firmware anyway.
The downgrade app solution worked for a short while, but the app requires that it's reasonably up to date to work at all, so that option was never for the long term.
kornball said:
For Chase, here's how I got it to work on my P6 previously. There's an old thread where someone installed a downgraded version, but I didn't need to do that:
I force stopped the app and cleared cache/data. I then enabled airplane mode, went into the Chase app and entered my credentials. I hit the fingerprint option and hit "sign on." I got the error saying no data connection available. I reenabled data and signed on.
Click to expand...
Click to collapse
This unfortunately did not work for me. I pass safetynet and have magisk hidden as well as Chase on the deny list with all the ticks selected.
roirraW edor ehT said:
The Citi app doesn't work for me either, despite all other workarounds, and everything else works other than setting the fingerprint reader for use with the Chase app (but that can be worked around while temporarily not rooted). I'll just use the Citi website if I need to.
I forgot to set the fingerprint before I rooted when I updated the firmware, but I'm just going to try to remember to do it on the next firmware update, hopefully. I never found any other workaround that always works.
Click to expand...
Click to collapse
I can't believe you and dangercl0se haven't gotten Citi app to work!!! You, the creator the the quintessential guide of whom I followed step by step to get my root working, are having troubles with it when I haven't done anything particular or different than you would have done?! Doesn't seem right to me....i'm baffled as to why things are seamless for some people are are stubborn/difficult for others....
simplepinoi177 said:
you both need to check out the post below (or better yet, get from his Github) and use Displax's updated mod to Universal SafetyNet fix. The original USNF hadn't worked with the Pixel 6 (or Pixel 7), where his original mod worked and passed everything but Strong Integrity. Then, when it came to the Pixel 7 Pro, he needed to mod it again and we all have been using his mod_2.0 to get things to work.
Of course, after applying the module and putting Google Play Store, Google Services Framework, & Google Play Protect Service in the Denylist (every entry in its subdirectory ticked), be sure to clear data from them to make sure you get the best chance at passing safetynet...
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Click to expand...
Click to collapse
Did all this, still failing for me.
Beefheart said:
Did all this, still failing for me.
Click to expand...
Click to collapse
I can only assume you mean passing safetynet and not getting the banking apps to work....
Only thing left that I can think of that I didn't include in that post is to make sure you have "systemless hosts" module installed as well; i know it's pretty obvious but just trying to cover all the bases....
If so and still failing, I suggest going to roirraW "edor" ehT's guide/thread -- it's probably the most active thread on this forum and is where many is bringing up their failing to pass it while going through all the steps...
*there's also Homeboy76's guide HERE if it's clearer/easier to follow for you...
unfortunately there's no real debug logs to state why it's not working out, so the best that I can suggest is that you're going to have be a lot more descriptive on what & how you "did all this" with luck that that'll show something you may have missed and/or start from scratch and follow each and every step exactly of roirraW "edor" ehT's/Homeboy76's guide and hope it works out that way.
Good luck to you and I hope this helps...
Dear all, I am writing here because I have a very specific issue and I need to deal with it myself.
I have Xiaomi Poco x3 nfc, and I love this phone to bits. I never bothered rooting or flashing any roms so far because I was always happy with stock. Recently however, an issue has popped up.
Grindr, an app I use regularly, has recently pushed an update down our throats that cuts off your access if you are spoofing your location. This is a hazard for me, because I cannot have strangers know exactly how many meters I am from them. So far, I've been able to use mock gps fine, until this update. Mock GPS works even if your phone is not rooted so I used that. However, it no longer serves me now
How can I workaround this? Would root/installing a custom ROM, help with this? Is there a superior way of spoofing your location that Grindr wouldn't be able to detect? Please advise, I literally have no clue how to do this, the last phone I rooted and flashed was the Galaxy S lol. (Original one)
Appreciate the views but a response would be helpful. I can't be the only person on this forum interested in spoofing location
Chrsp said:
How can I workaround this?
Click to expand...
Click to collapse
The app is detecting that you are spoofing the location. To bypass that in unrooted device, you will need to decompile the apk and remove the checks which do that. If you are in rooted device with Magisk, you only need to install this LSPosed module: https://github.com/ThePieMonster/HideMockLocation
If you can't find a modded apk or made one yourself, you will need to root the phone
Ok thx for the help. Will Grindr detect magisk?
Or maybe are you able to provide me with a modded Grindr apk?
Lastly. I'm in stock. Never rooted or unlocked anything. How do I get started?