[Discussion] The root-and-mod-hiding / fingerprint-spoofing / keybox-stealing cat-and-mouse game

11 min read Original article ↗
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

[Discussion] The root-and-mod-hiding / fingerprint-spoofing / keybox-stealing cat-and-mouse game

Thanks for the suggestion, wish I'd seen it earlier. Clearing Play Store and Services cache/data didn't help, it wouldn't allow the store to even check for updates. Install location I was able to set to 1, though it was auto. After reboots, disabling GMS and Play Store spoofing in PI, I was able to at least check for updates again. Even if I disable all settings in PI, still says not enough room, there must be a setting there I'm forgetting? FWIW, I can't even get play store to update from within the About tab in Store. I don't know what I did here haha.
Again (see previous response above) which PI spoofing you use?

PI Fork or PI Fix Inject or something else?

Again (see previous response above) which PI spoofing you use?

PI Fork or PI Fix Inject or something else?

I'm using PI Fork, but spoofing is disabled. I'll be honest, i didn't understand all the nuances of the apps like Integrity Box. It's complicated
I'm using PI Fork, but spoofing is disabled. I'll be honest, i didn't understand all the nuances of the apps like Integrity Box. It's complicated
Ok, still you can check PI Attesting directly in PlayStore. Go to Settings, General, About and keep tapping to the Playstore version until you become a developer

Then go a step back, into that new Developer Options and run Check Integrity there

You should pass PI Attest but for the Brand, Device, Model, PlayStore must properly show your actual values, not the spoofed values

Also, check in your custom.pif.prop, your spoof settings should be
spoofBuild=1 spoofProps=1 spoofProvider=0 spoofVendingSdk=0 spoofVendingFinger=0

and in target txt you must have (among others - depending which apps you use):
com.android.vending com.google.android.gms

Ok, still you can check PI Attesting directly in PlayStore. Go to Settings, General, About and keep tapping to the Playstore version until you become a developer

Then go a step back, into that new Developer Options and run Check Integrity there

You should pass PI Attest but for the Brand, Device, Model, PlayStore must properly show your actual values, not the spoofed values

Also, check in your custom.pif.prop, your spoof settings should be
spoofBuild=1 spoofProps=1 spoofProvider=0 spoofVendingSdk=0 spoofVendingFinger=0

and in target txt you must have (among others - depending which apps you use):
com.android.vending com.google.android.gms

Ok, within the play store integrity, this checks out. It passes and shows my actual values.

My custom.pif.prop had so of those but also spoofSignature=1

Target.txt had many items but also those 2 required ones. I went back to tricky store and selected only necessary including those 2, then realized the target file. None of this worked however, i still have no room it claims.

This might be my opportunity to switch from latest Magisk to ksun?

Ok, within the play store integrity, this checks out. It passes and shows my actual values.

My custom.pif.prop had so of those but also spoofSignature=1

Target.txt had many items but also those 2 required ones. I went back to tricky store and selected only necessary including those 2, then realized the target file. None of this worked however, i still have no room it claims.

This might be my opportunity to switch from latest Magisk to ksun?

Maybe disable all Magisk modules, or remove Magisk entirely, before jumping to another rooting method.
Jan 11, 2010
3,600
1
2,306
Thanks for the suggestion, wish I'd seen it earlier. Clearing Play Store and Services cache/data didn't help, it wouldn't allow the store to even check for updates. Install location I was able to set to 1, though it was auto. After reboots, disabling GMS and Play Store spoofing in PI, I was able to at least check for updates again. Even if I disable all settings in PI, still says not enough room, there must be a setting there I'm forgetting? FWIW, I can't even get play store to update from within the About tab in Store. I don't know what I did here haha.
Fix the Pending Update Loop with ADB
# Clear Play Store and GMS data with shell more thorough than the UI
adb shell pm clear com.android.vending
adb shell pm clear com.google.android.gms

# Reset the Package Mgr temp cache
adb shell rm -rf /data/local/tmp/*

You also might need to address the PI and Device Spoofing issue. Make sure that you haven't enabled Force Basic Attestation with a fingerprint from a device with very little storage because you’ve been messing with PI modules and now the Store thinks it’s living on a 2012 toaster with 8GB of storage.

Check /data/adb/modules/ for any folder related to PI or spoofing.

adb shell getprop | grep -E "model|product|fingerprint"
If these values don't jive with your actual phone, your spoofing module is still active even if disabled in the app.

Since your About tab won't update, the bin might be corrupted. Sideloading a fresh version sometimes fixes the installation directory permissions and remember to reboot in between any changes that you make. ( ͡° ͜ʖ ͡°)

Fix the Pending Update Loop with ADB
# Clear Play Store and GMS data with shell more thorough than the UI
adb shell pm clear com.android.vending
adb shell pm clear com.google.android.gms

# Reset the Package Mgr temp cache
adb shell rm -rf /data/local/tmp/*

You also might need to address the PI and Device Spoofing issue. Make sure that you haven't enabled Force Basic Attestation with a fingerprint from a device with very little storage because you’ve been messing with PI modules and now the Store thinks it’s living on a 2012 toaster with 8GB of storage.

Check /data/adb/modules/ for any folder related to PI or spoofing.

adb shell getprop | grep -E "model|product|fingerprint"
If these values don't jive with your actual phone, your spoofing module is still active even if disabled in the app.

Since your About tab won't update, the bin might be corrupted. Sideloading a fresh version sometimes fixes the installation directory permissions and remember to reboot in between any changes that you make. ( ͡° ͜ʖ ͡°)

I had the nohello module active for reasons. Once I disabled it, the store works again. I can't pass device security, but much happier to be able to update me apps 😂
Well it's over. It was fun while it lasted. My country officially banned ADB and bootloader unlocked devices fromm using banking apps. Effective from Mar 1.
1000001155.png

Regulated in Circular 77/2025/TT-NHNN amending Circular 50 on online service security in the banking industry, to be in affect from March 1st:
Clause 2, Article 5: Amend and supplement Clause 4 of Article 8 as follows:

4. Implement solutions to prevent, combat, and detect unauthorized interference with the Mobile Banking application installed on customers' mobile devices. The Mobile Banking application must automatically exit or stop functioning and notify the customer of the reason if any of the following signs are detected:

a) A debugger is attached or the environment has a debugger running; or when the application is running in an emulator/virtual machine/emulator; or operating in a mode that allows the computer to communicate directly with the Android device (Android Debug Bridge);

b) The application software is injected with external code while running, performing actions such as monitoring executed functions, logging data transmitted through functions, APIs, etc. (hooks); or the application software is tampered with or repackaged.

c) The device has been rooted/jailbroken; or its bootloader has been unlocked."

But it doesn't say:
4.Implement solutions to prevent, combat, and detect unauthorized interference with the Mobile Banking application installed on customers' mobile devices, including but not limited to deploying a 'device destruct' mechanism, inducing electric shock or otherwise limiting a user's capacity to continue to use the device by any means deemed necessary. The Mobile Banking application must automatically exit or stop functioning and then notify the Police of the reason and specifics of any offending party if any of the following signs are detected:

Does it?

😃 PW

But it doesn't say:
4.Implement solutions to prevent, combat, and detect unauthorized interference with the Mobile Banking application installed on customers' mobile devices, including but not limited to deploying a 'device destruct' mechanism, inducing electric shock or otherwise limiting a user's capacity to continue to use the device by any means deemed necessary. The Mobile Banking application must automatically exit or stop functioning and then notify the Police of the reason and specifics of any offending party if any of the following signs are detected:

Does it?

😃 PW

I mean if they could find a reason to do it then they would. People may have wild conspiracy theories but that's very reasonable, given that I said a while ago that the head of our political system was the minister of public security aka the police.
Well it's over. It was fun while it lasted. My country officially banned ADB and bootloader unlocked devices fromm using banking apps. Effective from Mar 1.
We're resilient. We'll find a way around it.
Well it's over. It was fun while it lasted. My country officially banned ADB and bootloader unlocked devices fromm using banking apps. Effective from Mar 1.

This indeed sad news. And unfortunately, it isn't very surprising news ... which is even more sad.

😭

It's just part of a world-wide trend.

hippo-horseman-small.jpg
Hippopotamum hodie ad prandium affer.

Vision

Recognized Contributor / Recognized Translator
New Year, new version.

Targeted Fix v4


  • Add nlohmann/json as submodule
  • Update 5ec1cff/local_cxa_atexit_finalize_impl submodule
  • Improved target.txt handling and organization
Get the latest from GitHub (Or update directly, also i have attached in TargetedFix):

Best, Vision.
New Year, new version.

[ ... ]


Happy New Year, and good news!

Just out of curiosity, what is "nlohmann"? Is it just a particular json-parsing implementation?

hippo-horseman-small.jpg
Hippopotamum hodie ad prandium affer.

Vision

Recognized Contributor / Recognized Translator
Happy New Year, and good news!

Just out of curiosity, what is "nlohmann"? Is it just a particular json-parsing implementation?

hippo-horseman-small.jpg
Hippopotamum hodie ad prandium affer.
Happy New Year.

The name of the author is Niels Lohmann.

We're resilient. We'll find a way around it.
I have enough devices lying around my room to act as a banking phone should this happen
It is already in place at India. None of the banking apps run on rooted devices. Though some works after some workaround, it is still a hassle to bank with rooted device and being a developer with limited devices. Also. some of the apps even check for the presence of VPNs (even local wireguard ones are flagged!) and additional SSL Root Certificates! It is getting crazier by day and I believe it is time to switch (ditch!) Android and requesting the community to create a pure Linux phone that gives full control to the users rather than every feature controlled by the organisations!!
It is already in place at India. None of the banking apps run on rooted devices. Though some works after some workaround, it is still a hassle to bank with rooted device and being a developer with limited devices. Also. some of the apps even check for the presence of VPNs (even local wireguard ones are flagged!) and additional SSL Root Certificates! It is getting crazier by day and I believe it is time to switch (ditch!) Android and requesting the community to create a pure Linux phone that gives full control to the users rather than every feature controlled by the organisations!!
Can you do your "banking" by using a browser to connect to the bank's web site? Maybe "request desktop site" in the browser?

Vision

Recognized Contributor / Recognized Translator
I read the metamodule info.

Very nice.

Now we have so much options, i don't know what to choose.

It is already in place at India. None of the banking apps run on rooted devices. Though some works after some workaround, it is still a hassle to bank with rooted device and being a developer with limited devices. Also. some of the apps even check for the presence of VPNs (even local wireguard ones are flagged!) and additional SSL Root Certificates! It is getting crazier by day and I believe it is time to switch (ditch!) Android and requesting the community to create a pure Linux phone that gives full control to the users rather than every feature controlled by the organisations!!
Then the issue would be if there's any apps made for it. Web apps are clunky the way they're made now.
Can you do your "banking" by using a browser to connect to the bank's web site? Maybe "request desktop site" in the browser?
Not where I live, and I have mentioned this several times in this thread.

Rooting and modding in general is getting more and more fruitless each day.

Similar threads