Comdirect photoTAN app detecting root

Search This thread
By:
Advanced…
Laptapper

Laptapper

Senior Member
Jan 17, 2016
1,542
763
If in future we can't get it working with any other tricks may we try this Methode and post the mod APK here


forum.xda-developers.com

[GUIDE] Remove Root Detection and App Protection from an APK

Hi all! I've been using USAA mobile app for a while now but a recent updated added root detection in which the app would immediately close itself. It was incredibly annoying but I figured out how to remove it and thought I would share it here...
forum.xda-developers.com forum.xda-developers.com
 
A

Asellus

Senior Member
Sep 12, 2008
130
26
Aachen
Or, easier, take a file manager with built-in text editor like the file manager plus, allow it to access /, navigate to the file and edit it using the editor
 
A

Asellus

Senior Member
Sep 12, 2008
130
26
Aachen
The path is /data/data/...

And in the session above a blank is missing between ...8.2.0' and setup-phototan.json
 
A

Asellus

Senior Member
Sep 12, 2008
130
26
Aachen
You need to get access to / in order to be able to access /data/data. /Android is wrong.

Use

sed -i...

not sed-i.

You must not install 8.5.0, because it detects root w/o Zygisk
 
A

Asellus

Senior Member
Sep 12, 2008
130
26
Aachen
It is changed if you start the phototan app with internet access. Otherwise you need to change it again.

But, to be honest, with this lack of understanding how Android and Linux work you should consider not to root your phone...
 
Last edited:
H

hansidieter

New member
Jan 12, 2022
1
2
Another solution is using Version 6 or 7 of the photoTAN app. They do not use this PushTAN stuff and do not even need internet. (I use 6.0.6 but I read that 7 should also work)

If you cannot access your comdirect account anymore (because a TAN is needed) go to "TAN-Verfahren wiederherstellen" (TAN recovery) and then select, that you have a "Lesegerät" instead of a "Smartphone".

Now scan with your old version of the app scan the image on the Aktivierungsbrief (activation letter) and then the code on the website.

The old app gives you a TAN. Enter the TAN on the website and you are in.

Guess this will work until comdirct decides to get rid of these dedicated photoTAN devices which hopefully will not happen soon.

Only disadvantage is that "Push PhotoTAN" does not work anymore, you must always scan the photoTAN codes now.

-----------

When this workaround does not work anymore I will consider changing my Bank.

I also an account with ING Diba and they do not appear to do any serious root detection at all.

Even without MagiskHide the ING Banking app does not complain about root.
 
Last edited:
  • Like
Reactions: reayard and gorthon
D

diemadedrei

Senior Member
Mar 13, 2012
680
253
OnePlus 6
Google Pixel 6 Pro
hansidieter said:
Another solution is using Version 6 or 7 of the photoTAN app. They do not use this PushTAN stuff and do not even need internet. (I use 6.0.6 but I read that 7 should also work)

If you cannot access your comdirect account anymore (because a TAN is needed) go to "TAN-Verfahren wiederherstellen" (TAN recovery) and then select, that you have a "Lesegerät" instead of a "Smartphone".

Now scan with your old version of the app scan the image on the Aktivierungsbrief (activation letter) and then the code on the website.

The old app gives you a TAN. Enter the TAN on the website and you are in.

Guess this will work until comdirct decides to get rid of these dedicated photoTAN devices which hopefully will not happen soon.

Only disadvantage is that "Push PhotoTAN" does not work anymore, you must always scan the photoTAN codes now.

-----------

When this workaround does not work anymore I will consider changing my Bank.

I also an account with ING Diba and they do not appear to do any serious root detection at all.

Even without MagiskHide the ING Banking app does not complain about root.
Click to expand...
Click to collapse
AFAIK they cannot get rid of dedicated TAN devices because they are regulatorily obliged to offer a SCA method that works without a phone. So your workaround should just continue working
 
E

endrancer

Senior Member
Sep 8, 2012
392
84
Frankfurt am Main
carstengrimm.com
Xiaomi Poco X3 Pro
hansidieter said:
Another solution is using Version 6 or 7 of the photoTAN app. They do not use this PushTAN stuff and do not even need internet. (I use 6.0.6 but I read that 7 should also work)

If you cannot access your comdirect account anymore (because a TAN is needed) go to "TAN-Verfahren wiederherstellen" (TAN recovery) and then select, that you have a "Lesegerät" instead of a "Smartphone".

Now scan with your old version of the app scan the image on the Aktivierungsbrief (activation letter) and then the code on the website.

The old app gives you a TAN. Enter the TAN on the website and you are in.

Guess this will work until comdirct decides to get rid of these dedicated photoTAN devices which hopefully will not happen soon.

Only disadvantage is that "Push PhotoTAN" does not work anymore, you must always scan the photoTAN codes now.

-----------

When this workaround does not work anymore I will consider changing my Bank.

I also an account with ING Diba and they do not appear to do any serious root detection at all.

Even without MagiskHide the ING Banking app does not complain about root.
Click to expand...
Click to collapse

Version 7.x doesn't seem to enable the camera for me. could activate 6.x though, will see if that's good enough. i have a non-rooted backup device but it's annoying to use that ....

i also can't get the regular comdirect and trading app to work anymore, while on non-rooted device there's no problem.
 
E

endrancer

Senior Member
Sep 8, 2012
392
84
Frankfurt am Main
carstengrimm.com
Xiaomi Poco X3 Pro
Laptapper said:
Somebody checked out this app for all?
finanzblick Online-Banking
play.google.com

finanzblick Online-Banking - Apps on Google Play

Secure online banking for each account and each credit card
play.google.com play.google.com
Click to expand...
Click to collapse
I'm using Finanzblick to manage several accounts and services, however they are just accessing each banks data endpoints to request for account statement or bank transfer, which will prompt your banks method of tan authentication... So in case for Comdirect it will also send a pushtan which you would have to enable in your regular tan app ... So it's not an replacement for us here...
 
  • Like
Reactions: reayard and Laptapper
E

endrancer

Senior Member
Sep 8, 2012
392
84
Frankfurt am Main
carstengrimm.com
Xiaomi Poco X3 Pro
endrancer said:
Version 7.x doesn't seem to enable the camera for me. could activate 6.x though, will see if that's good enough. i have a non-rooted backup device but it's annoying to use that ....

i also can't get the regular comdirect and trading app to work anymore, while on non-rooted device there's no problem.
Click to expand...
Click to collapse
Ok.

Comdirect and trading app was not working because I added the Comdirect Server to my blacklist (didn't think of that) so this is resolved.

Phototan ... Have tried 6.x, 7.x which unfortunate does not help at all, because after enabling phototan-push there is no actual way back to those apps.

In trading and banking app both applications prompt you to start the phototan app to get your pushtan ... Which will fail for these older versions. So the use case is quite limited the other two apps then not being very useful

I have a working workaround and Backup non-rooted device, will have to wait and see when android 12 and zygisk stable come around for my device.

It's extremely frustrating where as any kind of transaction above 30 euro requires pushtan, ... For the time spending to get a workaround we could've just used the sms tan for the small fee. But I guess we start to take this matter personal.
 
r4p70r

r4p70r

Senior Member
Jun 23, 2010
70
40
Hamburg
Google Nexus 4
Sony Xperia Tablet Z
edwardenglish said:
addition:
you have to manually enable zygote option in settings after installing the canary version of magisk-app. If you miss that part you cant enable the safenet-fix module. so you should add this as 1a). (its what you basically did under bullet point 6)

unfortunately the whole process doesnt work for me... Redmi note 7, miui EU, android 10
Click to expand...
Click to collapse
The problem is Android 10
You need 11 or 12.
 
B

bgsdeluxe

Senior Member
Feb 23, 2013
126
40
Hello everybody.
Am following this thread and came across a strange issue. To avoid any issues with already given and working permissions I did not uninstall magisk and switched to canary version. Before I wanted to try the riru module instead.
After installing the module Magisk wanted to restart system. Unfortunately neither the installation out of Magisk, nor the installation from internal source resulted in riru showing up under installed modules.
Taking a look in the log reveals the following error: sh:20400 unknown operand, followed by a path to a local directory: line 32: install_module: not found
My device is running Android 12 (LOS 19), rooted with Magisk v23 and with working safetynet. No issues with anything so far. Magisk Hide is enabled for Playstore and is working fine. At the moment the issue turned up Magisk itself was hidden. I restored the app by now, but error is still the same.
Might be a wild guess, but do I need to create that path myself perhaps before trying to install riru?

Any hint is highly appreciated! Thanks in advance!

EDIT: Nope, that didn't solve the issue. Log still mentions install_module: not found
EDIT 2: Weird...after re-installing Magisk within Magisk itself, modules can be installed now. Safetynet still fine, but although Magisk is hidden again, riru + riru unshared are activated and all options within Magisk Hide for the photoTAN app are enabled it still detects root. Looks like this method isn't working. Although this was reported here earlier I wanted to try for myself, before going on with any other weird method (airplane mode, older versions...those are definitely no options for me!).
 
Last edited:
You must log in or register to reply here.

Similar threads

Setialpha
[MODULE/SYSTEM] NanoDroid 23.1.2.20210117 (microG, pseudo-debloat, F-Droid + apps)
Replies
9K
Views
884K
B
Bracher
S
[MODULE] App Systemizer for Magisk v9-v14 -- DEPRECATED
Replies
900
Views
279K
t-ryder
t-ryder
veez21
[MODULE][Terminal] App Systemizer v17.3.1
Replies
1K
Views
321K
B
BloodyFruitDestroyer
yochananmarqos
  • Sticky
Collection of Magisk Modules v2
Replies
1K
Views
1M
M
manthes
ahrion
ViPER4Android FX Legacy/XHiFI [Unity][Deprecated]
Replies
5K
Views
917K
F
furomin

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 13
    S
    swour
    Since version 8.3.0 additional measures to detect root have been added, do not update as MagiskHide won't be able to prevent detection. Until a solution is found I would recommend staying on the previous version for as long as possible.

    Finding out what exactly is causing the root detection is beyond my technical abilities but I would provide as much information needed to those willing to help.

    ---

    Update: December 14th 2021 - Method no longer sufficient

    ---

    The solution found by @pxrave appears to be working:


    pxrave said:
    Hey fellas I got it working and others apps detect magisk before.

    Update to latest v23
    Install modules riru and riru unshare
    Remove data from tan app
    Go to magisk hide and tick all process to hide included the isolated
    Start the tan app and do the activation again.

    Problem you need wait 2 days to activate because comdirect use new activation process for photo tan app.

    Working fine all version 8.3
    Click to expand...
    Click to collapse


    Link to the Riru Unshare module:

    GitHub - vvb2060/riru-unshare

    Contribute to vvb2060/riru-unshare development...
    github.com github.com
    View
    11
    T
    tko
    1. deinstall old magisk-app
    2. install canary.apk
    https://raw.githubusercontent.com/topjohnwu/magisk-files/canary/app-debug.apk
    2.1 install safenet-fix modul
    https://github.com/kdrag0n/safetynet-fix/releases/download/v2.2.1/safetynet-fix-v2.2.1.zip
    (will not be active until you finished step 3.)
    3. repatch boot.rom with "install" & "direct" (installieren & direkte installation)
    4. after that reboot, etc... it should look sth like this
    1.jpg

    5. go to settings (red arrow)
    6. hide app (2.), enable zygisk (if not allready running) 3, enable deny-list (4), config deny-list (5)
    2.jpg

    7. enable all 3 processes
    3.jpg

    8. add other apps you may need in deny-list... like google pay & google play services

    during the hole process you may have to reboot your phone
    View
    9
    pxrave
    pxrave
    Hey fellas I got it working and others apps detect magisk before.

    Update to latest v23
    Install modules riru and riru unshare
    Remove data from tan app
    Go to magisk hide and tick all process to hide included the isolated
    Start the tan app and do the activation again.

    Problem you need wait 2 days to activate because comdirect use new activation process for photo tan app.

    Working fine all version 8.3
    View
    6
    P
    pixel-smee
    To get rid of the Airplane mode (or toggling data off/on) I figured how to block the connection to the upgrade service right on the phone. The requests go to 'api.comdirect.de'.

    Use blacklist in TrackerControl
    -> Settings / Advanced options / Import hosts file (append)

    Create a file on the phone with this content:
    0.0.0.0 api.comdirect.de

    This way I can leave the connection to the internet on when starting/using the app.
    No version check can be performed, so the app should work forever ...

    One cannot use the TAN push service anymore but only the „photoTAN Grafik“.
    View
    6
    Laptapper
    Laptapper
    So guys
    My favorite solution:
    Magisk canary
    Riru
    Riru unshare
    Riru lsposed
    Xprivacilua 1.30

    Safety net is ok
    Phototan working
    View

New posts