Comdirect photoTAN app detecting root

[bgsdeluxe]

Short update. With the module "Core patch" i downgraded the APP and i works fine now.

Hi Killerbaer,

since my phototan app updated to 8.10 as well I'm facing same issues. Although I'm not a fan of using older apps, for me it's more convenient than installing magisk delta, therefor I decided to give the CorePatch workaround a try.
Am using Lygisk (magisk fork) and installed LSPosed and CorePatch. When in CorePatch settings a warning is telling me that the phototan app is still on denylist and changes in CorePatch might not have an effect.
Disabled force denylist in Lygisk/Magisk and even removed the phototan app from denylist before performing a reboot.
Now I'm trying to downgrade the phototan app, but am not sure how to do this. I disabled automated updates in playstore and optimized app in corepatch, but when opening the app now it forcecloses instantly.
Would you mind guiding me on how to proceed?
Thanks in advance!
EDIT: Should have refreshed page before posting.
Regarding downgrade: Any trustworthy sites to download old apk from you'd suggest?
EDIT 2: Done and working.

 

[Killerbaer]

Hi Killerbaer,

since my phototan app updated to 8.10 as well I'm facing same issues. Although I'm not a fan of using older apps, for me it's more convenient than installing magisk delta, therefor I decided to give the CorePatch workaround a try.
Am using Lygisk (magisk fork) and installed LSPosed and CorePatch. When in CorePatch settings a warning is telling me that the phototan app is still on denylist and changes in CorePatch might not have an effect.
Disabled force denylist in Lygisk/Magisk and even removed the phototan app from denylist before performing a reboot.
Now I'm trying to downgrade the phototan app, but am not sure how to do this. I disabled automated updates in playstore and optimized app in corepatch, but when opening the app now it forcecloses instantly.
Would you mind guiding me on how to proceed?
Thanks in advance!
EDIT: Should have refreshed page before posting.
Regarding downgrade: Any trustworthy sites to download old apk from you'd suggest?
EDIT 2: Done and working.

hehe . i downloaded it from APKmonk works fine

 

[swour]

The key step is to change the filename of /system/addon.d/99-magisk.sh. So basically just add it to magiskhide list (enforce sulist disabled), change the filename, reboot, and it works!

Thanks for the workaround! Just wondering does changing the filename would affect functionality?

It appears that renaming the file is the only step necessary on my device running Lineage 16, no reboot required. That brings up the question why non root apps can read files inside /system/addon.d/ at all. And if there is a more elegant way of denying access to those files.

However on another device running stock ROM Android 13 there is no addon.d folder from Magisk. Most files reside in /data/adb/magisk. There must be other files the phototan app is scanning for.

 

[System23]

i am on magisk delta 25210 (system crdroid 8.14) and it works with the new phototan version 8.10.0.
this is a result of try and error, maybe this wont work for you guys but you can give it a try.

-first you need magisk delta 25210 (canary) and setup in a usual way
-enable "Enforce SuList" and add photontan app to deny list.
-restart phone
-check phototan app -> it still detects root
-disable "Enforce SuList" and add photontan app to MagiskHideList
-restart phone
-phototan app is working again

i also renamed the file under /system/addon.d/99-magisk.sh to something like 99-helloworld.sh

Thats one of the Intressting thing i would testing out, thx your knowledge let me learn New ways to do!! thats very intressting me to know a second or third way to do so!!

 

[pa.pn2]

The problem is, after a while we are forced to use the most recent version.
I guess the main Comdirect App also will get an update soon, which will occur in same problem like the photo tan app now..

 

[nixchecka]

Downloadlink PhotoTAN 8.9.0:

Portailpro Send

Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.

send.portailpro.net

sha256: 91fc677505cb1b8b82c91bc842e5627fc8600450f72022c297335f2f45a23e5d

 

[Asellus]

The problem is, after a while we are forced to use the most recent version.
I guess the main Comdirect App also will get an update soon, which will occur in same problem like the photo tan app now..

The comdirect app never was a problem. W/o the phototan app this is only a viewer.

But you are right, at a certain point in time they will force us tp upgrade. So it would be great to have a working solution.

Because the phototan app is not the only banking app I use I would want to avoid to switch to Magisk Delta and want to stay with Magisk.

 

[Asellus]

i am on magisk delta 25210 (system crdroid 8.14) and it works with the new phototan version 8.10.0.
this is a result of try and error, maybe this wont work for you guys but you can give it a try.

-first you need magisk delta 25210 (canary) and setup in a usual way
-enable "Enforce SuList" and add photontan app to deny list.
-restart phone
-check phototan app -> it still detects root
-disable "Enforce SuList" and add photontan app to MagiskHideList
-restart phone
-phototan app is working again

i also renamed the file under /system/addon.d/99-magisk.sh to something like 99-helloworld.sh

Because I did not succeed using Magisk and HidePropsConfig on my phone to play with, I gave Magisk Delta Canary (25210) a try on this phone. The only module I installed was Displax' safetynet fix mod 1.2.

To my understanding one need to put only a few apps on SuList, only those who shall be able to get root access. So putting the phototan app on the SuList is supposed to be wrong.

Do I tried this with three different apps. SdMaid asked for standard permissions if I have not put it on the SuList, but asked for root permissions on the SuList. The other two apps detect root only if the have been put on the SuList.
So the SuList seems to be the better choice, at least for me and for now.

At the end both configurations work, MagiskHide (phototan app on the list) and SuList (phototan app not on the list).

Also further banking apps start without complaining.

As I mentioned this phone is not my daily driver. Therefore I will not gain any experience with Magisk Delta.

 

[nik2011555]

I'm still on app version 8.6.0 but there must have been server side changes somewhere in the beginning of March when it stopped working with Shamiko, switching to Magisk Delta canary made it work again.

 

[masi79]

i am on magisk delta 25210 (system crdroid 8.14) and it works with the new phototan version 8.10.0.
this is a result of try and error, maybe this wont work for you guys but you can give it a try.

-first you need magisk delta 25210 (canary) and setup in a usual way
-enable "Enforce SuList" and add photontan app to deny list.
-restart phone
-check phototan app -> it still detects root
-disable "Enforce SuList" and add photontan app to MagiskHideList
-restart phone
-phototan app is working again

i also renamed the file under /system/addon.d/99-magisk.sh to something like 99-helloworld.sh

How did you rename the file under system as /system ist mounted as read only?

 

[System23]

How did you rename the file under system as /system ist mounted as read only?

open an Android Terminal
use

su
mount -o remount,rw /System

to make the System RW

 

[srothe]

I'm using Magisk 25200 with with Zygisk, Enforce DenyList and PhotoTAN App in DenyList.
Like everybody else I got an error msg since the last update.

My Workaround: Wrote a little frida script, which will deny access to "/proc/". That's all, app works again as expected

Spoiler: frida script

Java.perform(function() {
    var jFile = Java.use("java.io.File");
    var oFile = jFile.$init.overload("java.lang.String");
    oFile.implementation = function(a0) {
        if (a0.indexOf("proc/") >= 0) {
            console.log("fopen + LOL: " + a0);
            var ret = oFile.call(this, "/proc/lol");
        } else {
            console.log("fopen: " + a0);
            var ret = oFile.call(this, a0);
        }
        return ret;
    }
});

 

[AndDiSa]

@srothe Thank you very much that's a quite an important information

 

[diemadedrei]

I'm using Magisk 25200 with with Zygisk, Enforce DenyList and PhotoTAN App in DenyList.
Like everybody else I got an error msg since the last update.

My Workaround: Wrote a little frida script, which will deny access to "/proc/". That's all, app works again as expected

Spoiler: frida script

Java.perform(function() {
    var jFile = Java.use("java.io.File");
    var oFile = jFile.$init.overload("java.lang.String");
    oFile.implementation = function(a0) {
        if (a0.indexOf("proc/") >= 0) {
            console.log("fopen + LOL: " + a0);
            var ret = oFile.call(this, "/proc/lol");
        } else {
            console.log("fopen: " + a0);
            var ret = oFile.call(this, a0);
        }
        return ret;
    }
});

May I ask what to do with that script?

 

[srothe]

May I ask what to do with that script?

Frida is a dynamic instrumentation toolkit. So it can influence/modify the behavior of apps during runtime.

Main purpose is for debugging or sth like that. So you will have to start it each time you want to use it. It's not some kind of magisk module, which does some "magic" in the background.

Spoiler: My current workflow for Workaround:

1. Download frida-server and deploy it to your android device
   1. Source: https://github.com/frida/frida/releases: frida-server-16.0.11-android-arm64.xz
   2. Extract archive
   3. connect android device via usb with enabled adb
   4. start adb as root on PC: adb root
   5. Deploy frida-server from PC to device: adb push frida-server /data/
2. Install frida tools on PC
   1. I'm using linux, so: pip install frida-tools
3. Start frida-server on android device
   1. adb shell
   2. /data/frida-server -l 192.168.13.37 (replace with IP of your android device in same local network / WiFi)
4. Run app with script (lol.js) on PC
   1. frida -H 192.168.13.37 -f com.comdirect.phototan -l lol.js

So in the end my workaround is more like PoC, no persistent solution. Either you use it like that or someone is going to implement e.g. some magisk module. Maybe there are some other (easier) workarounds too, pls tell me

 

[schalli110]

@srothe , what files under /proc is the phototan app trying to access?
It's probably another way of detecting Magisk, and locking that down might be helpful not only for this app, but for hiding Magisk in general..

 

[AndDiSa]

@srothe if I remember correctly there is a Frida magisk module. I've never used it yet but would be an option to dig in deeper

 

[booyakax]

i know this is not the right place but did anyone manage to make the techniker krankenkasse app work? the old trick was to rename the 99-magisk.sh into something else, actually the same procedure for the photo tan app, but apparently this wont work anymore.

 

[r4p70r]

I'm using Magisk 25200 with with Zygisk, Enforce DenyList and PhotoTAN App in DenyList.
Like everybody else I got an error msg since the last update.

My Workaround: Wrote a little frida script, which will deny access to "/proc/". That's all, app works again as expected

Spoiler: frida script

Java.perform(function() {
    var jFile = Java.use("java.io.File");
    var oFile = jFile.$init.overload("java.lang.String");
    oFile.implementation = function(a0) {
        if (a0.indexOf("proc/") >= 0) {
            console.log("fopen + LOL: " + a0);
            var ret = oFile.call(this, "/proc/lol");
        } else {
            console.log("fopen: " + a0);
            var ret = oFile.call(this, a0);
        }
        return ret;
    }
});

Could this Magisk Module be used to do the same but on App launch und without frida?

GitHub - HuskyDG/zygisk_proc_monitor: A Magisk/Zygisk module allows user to run script whenever app process start

A Magisk/Zygisk module allows user to run script whenever app process start - GitHub - HuskyDG/zygisk_proc_monitor: A Magisk/Zygisk module allows user to run script whenever app process start

github.com

 

[diemadedrei]

I cant get it to work...does anyone have any new idea? Im on LOS 19 and tried Magisk Delta with universal safetynet fix and also the mod of displax to no avail. Also tried both hide list and SuList...