Singpass App on Custom ROMs

[IOKNEE]

We're cooked. POSB app also can't work now on KSU PIF w basic integrity. Idk what's next. Gpay works with basic integrity.

With basic integrity, GPay NFC doesn't work, only GPay scan-to-pay is allowed.
For now, device integrity is still within reach for rooted devices. Let the experts worry about the future, us noobs live in the present.
Are you sure POSB app stops working because of basic integrity, not other things?

 

[spinning_quirK]

We're cooked. POSB app also can't work now on KSU PIF w basic integrity. Idk what's next. Gpay works with basic integrity.

If POSB and DBS are the same, then the problem is scanning applist. Get Lsposed and HMA the POSB app.

 

[SkyShroud]

When KSU unmount injector is installed, the hosts file in my /system/etc/ is 4MB, and my Singpass app doesn't complain.
When KSU unmount injector is uninstalled, the hosts file in my /system/etc/ is 56 bytes, and I'm unable to modify it.

I'm not using AdAway, I use shell commands to download & directly update /system/etc/hosts.

Xiaomi Redmi Note 9 Pro Global (joyeuse)
MIUI Global 14.0.3 Stable (Android 12)
KSU 11366

If you want to modify it, you have to do it via recovery, by mounting it as rw then remount it as r when come.

What you see through file manager is just the overlay but system don't see the overlay, they see the actual file which is why it doesn't work.

 

[IOKNEE]

If you want to modify it, you have to do it via recovery, by mounting it as rw then remount it as r when come.

What you see through file manager is just the overlay but system don't see the overlay, they see the actual file which is why it doesn't work.

hosts blocking still works for my phone. How I test:

1. Restore original hosts file, open a test site kost.tv using Firefox Android Private Tab (no addon). Result: kost.tv can be loaded using Firefox Android.
2. Close Firefox Android.
3. Install adblock hosts file, open the test site kost.tv again using Firefox Android Private Tab (no addon). Result: "Unable to connect"

Notes:

• I use kost.tv to test because it's in my adblock hosts file so the result is very obvious. A decent adblock hosts file should be able to block all ads on common websites such as ChannelNewsAsia.
• Chrome Android in recent versions seems to ignore hosts file, that's why I switch to Firefox Android.

 

[koji]

If POSB and DBS are the same, then the problem is scanning applist. Get Lsposed and HMA the POSB app.

I'm new to Lsposed and HMA. Does these conflict with Magisk 26.4, MagiskHide, Universal Safetynet Fix?

 

[IOKNEE]

I'm new to Lsposed and HMA. Does these conflict with Magisk 26.4, MagiskHide, Universal Safetynet Fix?

They're compatible, but it's a good habit to backup before trying new Magisk modules.
If USNF still works for you, you can keep using it, otherwise you need to switch to play integrity fix.

 

[spinning_quirK]

Instead of hosts files maybe can try NextDNS, Adguard DNS, Control D

 

[Nuclear Boy]

We're cooked. POSB app also can't work now on KSU PIF w basic integrity. Idk what's next. Gpay works with basic integrity.

I have to try this on my unit with Magisk.

I remember it working with just Basic integrity, rooted but without PIF, and app in hide list.

Singpass and GPay/wallet on the other hand requires Device integrity as well. Otherwise, straight away will throw the warning.

 

[SkyShroud]

hosts blocking still works for my phone. How I test:

1. Restore original hosts file, open a test site kost.tv using Firefox Android Private Tab (no addon). Result: kost.tv can be loaded using Firefox Android.
2. Close Firefox Android.
3. Install adblock hosts file, open the test site kost.tv again using Firefox Android Private Tab (no addon). Result: "Unable to connect"

Notes:

• I use kost.tv to test because it's in my adblock hosts file so the result is very obvious. A decent adblock hosts file should be able to block all ads on common websites such as ChannelNewsAsia.
• Chrome Android in recent versions seems to ignore hosts file, that's why I switch to Firefox Android.

Very interesting, it doesn't work on my phone, argh.

When I do "cat /system/etc/hosts" in terminal, it only show the default localhost addresses.
When I see "/system/etc/hosts" via file manager, it show all the blocked addresses
So yea, on my phone, "mount --bind" doesn't work.
I guess I might need a magic_overlayfs related solution

Instead of hosts files maybe can try NextDNS, Adguard DNS, Control D

Eats more battery >.<

On a side note, people who still using ksu unmount injector but sometimes your device hang after reboot. You can try moving this from "service.sh" to "boot-completed.sh". Don't forget the MODDIR variable.

exec "$MODDIR/ksuhide"

 

[IOKNEE]

• Chrome Android in recent versions seems to ignore hosts file, that's why I switch to Firefox Android.

Instead of hosts files maybe can try NextDNS, Adguard DNS, Control D

after switching to Firefox for a month, I have to switch back to Chrome and use NextDNS (in Chrome setting, not system-wide) because Chrome is deeply integrated into Android and Firefox is not able to provide a seamless replacement. Add-on is the prominent feature of Firefox Android, but not really a must-have for me. Adblocking using hosts isn't as clean as using addon, but I can live with it.
I'm still using systemless hosts (HuskyDG), but with a less strict list of hosts.

Eats more battery >.<

any source?

 

[SkyShroud]

after switching to Firefox for a month, I have to switch back to Chrome and use NextDNS (in Chrome setting, not system-wide) because Chrome is deeply integrated into Android and Firefox is not able to provide a seamless replacement. Add-on is the prominent feature of Firefox Android, but not really a must-have for me. Adblocking using hosts isn't as clean as using addon, but I can live with it.
I'm still using systemless hosts (HuskyDG), but with a less strict list of hosts.


any source?

Chrome doesn't ignore hosts. It just that KSU has overlay over a overlay, so that's like two overlays. These so-called systemless hosts KSU module does a "bind" mount but all they did is mount on the top overlay and not the bottom overlay. Chrome doesn't see the top overlay, it see the bottom overlay. If you run "termux" and do a "cat /system/etc/hosts", that is what your chrome see.

The solution is to disable the double overlay using https://github.com/HuskyDG/magic_overlayfs which you also need to add

export DO_UNMOUNT_KSU=true

in the file.

Since already using magic overlay, I also made a module https://github.com/Lu5ck/Adaway-Overlayfs-Helper which use https://github.com/HuskyDG/magic_proc_monitor

The module basically dynamically enable readwrite on magic overlay when adaway is running, disable readwrite when adaway is not running. This effectively replace "bind host", so there won't be any detectable mount point.

any source?

hosts is just a file. nextdns is an online dns

 

[IOKNEE]

If you run "termux" and do a "cat /system/etc/hosts", that is what your chrome see.

I ran cat /system/etc/hosts once and it almost killed my phone.

Maybe Chrome sees the hosts file differently because it's a system app?

The solution is to disable the double overlay using https://github.com/HuskyDG/magic_overlayfs which you also need to add

export DO_UNMOUNT_KSU=true

in the file.

Is this the alternative to the abandoned KSU unmount modules but with direct writing to the hosts file?
Will there be any side effect regarding root detection?
All the apps on my phone are working perfectly, so I'm reluctant to poke around.

hosts is just a file. nextdns is an online dns

you're right, I forgot that the phone would need to send requests to the remote servers, not locally.

 

[spinning_quirK]

The solution is to disable the double overlay using https://github.com/HuskyDG/magic_overlayfs which you also need to add

export DO_UNMOUNT_KSU=true

in the file.

This is added to the mode.sh file of the overlayfs module's folder right? But the command doesn't seem to work, as in when I executed manual unmount of the KSU overlay, I succeeded. Meaning that the boot-up unmount wasn't done. Singpass also doesn't remain open as a result, in contrast to the KSU unmount module.

 

[spinning_quirK]

Eats more battery >.<

Ok leh, as compared to the extra battery eaten by all the ads and tracking.
Anyway also been disabling trackers per-app using App Manager.

 

[albertlee]

I dun quite understand, my Xiaomi phone running on stock rom failed YASNAC and Play IPC check (actually only pass the Basic Integrity) and yet have no issue running Singpass and banking apps. On another Xiaomi phone running CrDroid have the same result but have no such luck with the mentioned apps. Even stranger, Wireless@SGx apps cannot run on the former but work fine on the latter phone! BTW, bootloader is unlock in both phone.

So can someone care to explain why is this so?

 

[spinning_quirK]

I dun quite understand, my Xiaomi phone running on stock rom failed YASNAC and Play IPC check (actually only pass the Basic Integrity) and yet have no issue running Singpass and banking apps. On another Xiaomi phone running CrDroid have the same result but have no such luck with the mentioned apps. Even stranger, Wireless@SGx apps cannot run on the former but work fine on the latter phone! BTW, bootloader is unlock in both phone.

So can someone care to explain why is this so?

You didn't mention which version and/or fork of Magisk or KSU is on each phone, as well as what methods of obfuscation you attempted.

Anyway the Safetynet API which YASNAC tests is obsolete, it's Play Integrity from now onwards.

1st phone:
None of the apps require Device Integrity, and none of them could detect Magisk/KSU, or Zygisk.

2nd phone:
Something is being detected, whether Magisk or KSU or Zygisk.

Check with Momo, Ruru, Native Detector etc

 

[albertlee]

You didn't mention which version and/or fork of Magisk or KSU is on each phone, as well as what methods of obfuscation you attempted.

Anyway the Safetynet API which YASNAC tests is obsolete, it's Play Integrity from now onwards.

Thank for the quick reply.

Didn't install Magisk or KSU on both phone, in short, both are in "virgin" state. Miui rom on 1st phone is Android 11, whilst CrDroid rom on 2nd is Android 13.

 

[spinning_quirK]

Thank for the quick reply.

Didn't install Magisk or KSU on both phone, in short, both are in "virgin" state. Miui rom on 1st phone is Android 11, whilst CrDroid rom on 2nd is Android 13.

Hmm. Might be a custom ROM detection in this case. Your phones have bootloaders unlocked, but are unrooted?

 

[albertlee]

Hmm. Might be a custom ROM detection in this case. Your phones have bootloaders unlocked, but are unrooted?

Yes, both are unrooted (not rooted).

And yes, seem like the local apps doesn't like custom ROM with the exception of Wireless@SGx !

 

[coseas]

Shamiko v1.0

1.0​

1. Hide more traces of Zygisk, passing more detection (e.g., ACE, GoTyme Bank, MyTransport.SG, ZainCash, DBS PayLah!, Singpass, Marriott, BPI, Apps using liapp, Apps using Arxan like CaixaBank Sign, etc.)
2. Better support KSU
3. Hide some traces introduced by other modules (e.g. PlayIntegrityFix)
4. Guards the peace of Machikado