Santander app is not working on custom ROM or root device

Search This thread
By:
Advanced…
A

alpsayin

Senior Member
Feb 11, 2010
120
54
sanguinesaintly said:
Still no luck even with reboots.
Click to expand...
Click to collapse

Have you cleared the app data and re-registered after doing all this? Once the app marks itself unsafe, there's no going back from that one.

On another note, this is pretty bad security practice from Santander isn't it?...
I'm sure they'll patch this up soon, so while you're at it block their analytics from AdAway too. Host is: e.crashlytics.com . Should slow the apps from sending back reports on what we're up to :)

---------- Post added at 06:12 PM ---------- Previous post was at 06:04 PM ----------
Zentachi said:
Worked for me too. Things that I needed were: MagiskHide props config, Adaway and Magisk hide.

If a similar exercise could be done for the Halifax app to determine whether it communicates with some domains that could be blocked, would be great!

Thanks again
Click to expand...
Click to collapse

Don't have an account w/ Halifax but i was easily able to get to the register/sign in screen with the existing setup if that helps? Try the suggestion below, and if you're in doubt send the DNS log here.

Didgeridoohan said:
That's an interesting find. You should also be able to use AdAway's DNS requests monitor to find what domains the app connects to, and then directly add it to the blacklist from there.
Click to expand...
Click to collapse
 
Last edited:
  • Like
Reactions: Legoman6, sanguinesaintly and Didgeridoohan
Z

Zentachi

Member
Jan 21, 2015
13
1
N

nickster_uk

Senior Member
Apr 6, 2016
87
9
www.nick-thompson.co.uk
sanguinesaintly said:
Success at last. Used AdGuard to block the 4 offending domains Don't need to hide Magisk, or use the Magisk prop module. just hide Santander app from Magisk. Then clear Santander data and cache, reboot and activate and authorise. Survives reboots fine. Thanks to all.
Click to expand...
Click to collapse

Hi...

Is your resolution still working for you?

I've recently rooted my S7 Edge SM-935F with Magisk running stock. After rooting, I was able to get the Santander app working after hiding Magisk and hiding Santander in Magisk and it worked ok for a couple of days, but earlier today, it detected root again.

Thought it may be due to installing Xposed and Busybox so I hid both of them, plus all other apps that have root access in Magisk, but it's still not working. Also tried clearing Santander cache and data as well as rebooting, but no joy. Also blocked the domains using Adguard but not 100% correct the user filter rule is correct...

Does the following look right to you?
||*trusteer.com*^

Thanks for any help :)

---------- Post added at 01:17 AM ---------- Previous post was at 12:36 AM ----------

Got it working after uninstalling Xposed and related modules.

Looks like I need to try other methods to hide Xposed and any related apps.
 
M

metrize

Senior Member
Nov 29, 2013
156
20
Nice find! It works! Blocking trusteer.com on it's own didn't work so it must be one of the other ones in that screenshot. Will leave them all though for now. Cheers
 
N

nickster_uk

Senior Member
Apr 6, 2016
87
9
www.nick-thompson.co.uk
MrPhilo said:
When I use Magisk Hide on my Satander app it force closes. Anyone else?
Click to expand...
Click to collapse

I had this a few times.

Do you have Xposed installed?

Have you cleared cache and data in Santander?

Have you hidden Magisk as well as Santander?

---------- Post added at 01:53 AM ---------- Previous post was at 01:25 AM ----------
metrize said:
Nice find! It works! Blocking trusteer.com on it's own didn't work so it must be one of the other ones in that screenshot. Will leave them all though for now. Cheers
Click to expand...
Click to collapse

What rules did you add to get it working please?

I've tried a few variations on the ones from the screenshot, but none have work as yet.

---------- Post added at 02:02 AM ---------- Previous post was at 01:53 AM ----------

It's definitely Xposed that is tripping things my end. When it's uninstalled, the app works perfectly after registering. When Xposed is present, root is detected. Adding the domains or hiding Santander and Xposed makes no difference.
 
S

sanguinesaintly

Senior Member
Apr 16, 2011
2,627
1,312
Redmi Note 9 Pro Max
nickster_uk said:
I had this a few times.

Do you have Xposed installed?

Have you cleared cache and data in Santander?

Have you hidden Magisk as well as Santander?

---------- Post added at 01:53 AM ---------- Previous post was at 01:25 AM ----------



What rules did you add to get it working please?

I've tried a few variations on the ones from the screenshot, but none have work as yet.

---------- Post added at 02:02 AM ---------- Previous post was at 01:53 AM ----------

It's definitely Xposed that is tripping things my end. When it's uninstalled, the app works perfectly after registering. When Xposed is present, root is detected. Adding the domains or hiding Santander and Xposed makes no difference.
Click to expand...
Click to collapse

These are the domains I'm blocking with AdGuard
 

Attachments

  • Screenshot_20180815-192138_1.png
    Screenshot_20180815-192138_1.png
    58.8 KB · Views: 644
  • Like
Reactions: nickster_uk
S

sanguinesaintly

Senior Member
Apr 16, 2011
2,627
1,312
Redmi Note 9 Pro Max
  • Like
Reactions: dead0 and dunjamon
A

alpsayin

Senior Member
Feb 11, 2010
120
54
Here's my final list including analytics reports as well. Payments/transfers/otp work fine. If it detects root it's probably because Santander managed to make a DNS query before your hosts file was updated. That's why you need systemless hosts. To guarantee my position I also now Greenify Santander to prevent it from waking up and doing stuff without my knowledge hehe

Sent from my Ulefone Armor 2 using XDA Labs
 

Attachments

  • Screenshot_20180816-121236.png
    Screenshot_20180816-121236.png
    78 KB · Views: 587
  • Like
Reactions: ahac85, tr0ubles0me, dead0 and 3 others
N

nickster_uk

Senior Member
Apr 6, 2016
87
9
www.nick-thompson.co.uk
Made a bit of progress.

Uninstalled Xposed modules and framework, rebooted and Santander was good again.

Installed Xposed, rebooted, still ok.
Installed some modules and activated in Xposed and rebooted after each. All good until I got to Gravity Box. I got the Santander keeps closing error so I wasn't even able to get to the log in screen. I then tried checking the 'Disabled resource hooks' setting in Xposed. Rebooted and Santander was working again, logged in fine too. Downside is that any Xposed modules which try to change resources will no longer work with the setting activated. Shame as Gravity Box is rather good.

Also, added all the domains in Adguard for filtering.
 
M

metrize

Senior Member
Nov 29, 2013
156
20
nickster_uk said:
I had this a few times.

Do you have Xposed installed?

Have you cleared cache and data in Santander?

Have you hidden Magisk as well as Santander?

---------- Post added at 01:53 AM ---------- Previous post was at 01:25 AM ----------



What rules did you add to get it working please?

I've tried a few variations on the ones from the screenshot, but none have work as yet.

---------- Post added at 02:02 AM ---------- Previous post was at 01:53 AM ----------

It's definitely Xposed that is tripping things my end. When it's uninstalled, the app works perfectly after registering. When Xposed is present, root is detected. Adding the domains or hiding Santander and Xposed makes no difference.
Click to expand...
Click to collapse



All of them in the screenshot I had added
 
S

sanguinesaintly

Senior Member
Apr 16, 2011
2,627
1,312
Redmi Note 9 Pro Max
The app updated itself a couple of days ago - still worked. Then this morning it says I'm rooted again. Cleared data and cache from app, re-entered credentials and, although it FC'd first time around. it's working OK.
 
L

Legoman6

Member
Nov 23, 2014
31
23
Honor 6, Honor 6 Plus
Honor 7X
I have Magisk v16 and Xposed Framework (Systemless) v89.3 installed.

I've added the Root Cloak module to Xposed Framework.

Systemless hosts support for Adblock apps is enabled in Magisk Manager.

Added the Santander app to Magisk Hide and Root Cloak.

Added the entries advised by alpsayin to the AdAway blacklist.

Cleared the Santander app data and cache.

Santander app works fine and survives a reboot.
 
  • Like
Reactions: alpsayin
You must log in or register to reply here.

Similar threads

Didgeridoohan
[MODULE] [DEPRECATED] MagiskHide Props Config - SafetyNet, prop edits, and more - v6.1.2
Replies
7K
Views
1M
T
_tyler_
Setialpha
[MODULE/SYSTEM] NanoDroid 23.1.2.20210117 (microG, pseudo-debloat, F-Droid + apps)
Replies
9K
Views
955K
B
Bracher
B
Working: Magisk with Google Pay as of gms 17.1.22 on Pie
Replies
1K
Views
384K
P
pndwal
M
[How To] Bypass Lloyds and Santander Root Detection
Replies
892
Views
150K
S
samftw24
P
Tez app is not working on custom ROM or root device
Replies
275
Views
67K
A
arc_knight

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 14
    A
    alpsayin
    I finally I have something.

    Went back to my original proposed idea and tried to monitor network connections. Finally, I give you a permanent solution. Using Netguard app I noticed Santander contacts trusteer.com an IBM initiative for security. I was able to block trusteer from Netguard and bypass security checks for good.

    However Netguard is a bit too much, it's a full networks monitoring app and a VPN service. So I tried putting the hosts in AdAway blacklist and voila. No fuss blocking. Survives a reboot.

    You need systemless hosts + magisk hide and AdAway. You can find the list of blocked addresses in the screenshot. AdAway is running a webserver and I have no xposed.

    THIS METHOD HIGHLY UNDERMINES YOUR BANK APPS SECURITY, AND IM NOT RESPONSIBLE IF YOU LOSE YOUR MONEY. BECAUSE AT THE END OF THE DAY YOU'RE CUTTING OFF ALL SECURITY CHECKS FROM YOUR BANK APP.

    Sent from my Ulefone Armor 2 using XDA Labs
    View
    8
    M
    mrspeccy
    They seem to use a root detection called mount leak (https://github.com/topjohnwu/Magisk/issues/2406) that is still possible with the latest canary build. However, by changing the path where Magisk resides you can circumvent this detection. I have a private build of Magisk that is not detected by the latest Santander UK app (tried this just out of curiosity since I do not have an account with them). It also allows me to run Epic 7 with Magisk which previously was not possible. Send me a PM if you would like to try it.
    View
    6
    A
    alpsayin
    Here's my final list including analytics reports as well. Payments/transfers/otp work fine. If it detects root it's probably because Santander managed to make a DNS query before your hosts file was updated. That's why you need systemless hosts. To guarantee my position I also now Greenify Santander to prevent it from waking up and doing stuff without my knowledge hehe

    Sent from my Ulefone Armor 2 using XDA Labs
    View
    5
    A
    alpsayin
    Guy with ulefone armor 2, android 7.0, magisk 16.01 Permission13 branch here. Without an app update I now get this warning too. I had Titanium backups for which I used to restore. Even the previous versions were detecting. I'm suspecting remote code execution...

    EDIT: it's definitely some kinda remote code download and execution because I was able to bypass root check in Santander UK app by disconnecting wifi+4g. But basically below steps allowed me to register my device again. Although once I logged out and tried to log in again it went wild. I'll leave this to you to test/expand my findings.

    1. force stop and clear data of banking app
    2. disconnect all internet connectivity
    3. open banking app, wait until it complains about to connectivity. do not press ok nor cancel, leave the dialog.
    4. re-enable connectivity from quicksettings without changing foreground app.
    5. press retry, it's now asking for customer number
    6. profit.

    potiential permanent fix; find the host/url where root checking codes are fetched from and block/redirect it. also as a security note, if this indeed remote code execution, this is very unsecure as anyone can perform a mitm attack and execute code within the app, geez :|. anyways, i'm waiting on your findings more technical peeps :)

    EDIT2: can someone dig deeper with a hotspot+wireshark setup to monitor requests when bank app is fired up?

    EDIT3: yeah as soon as the banking app is gone (from memory), it re-downloads root checkin mechanism in the "securing your device" screen and complains about root.

    ---------- Post added at 07:20 PM ---------- Previous post was at 06:25 PM ----------

    Sorry, false alarm it's not remote code execution it sends a list of apps you have and sends it off to probably compare it to a repo.


    EDIT: sorry for the false alarm, there's no permanent fix yet.
    View
    3
    F
    freezoid
    sanguinesaintly said:
    Still no luck even with reboots.
    Click to expand...
    Click to collapse

    what worked for me:
    - added modules: magiskhide props config and unified hosts adblock
    - reboot
    - installed adaway
    - hide magisk manager
    - install santander
    - force stop + clean santander data
    - magisk hide -> santander
    - updated hosts + blacklist with adaway
    - reboot
    View

New posts