[How To] Bypass Lloyds and Santander Root Detection

Search This thread

jimger

Senior Member
Dec 13, 2012
154
10
Cambridge,UK
For some reason Halifax and Lloyds detect magisk manager even repackaged. Freezing it (or uninstalling it) fixes the problem.

Santander finds it no matter what I do (including island and work profile)
 
Last edited:

josehdx

Senior Member
Nov 27, 2016
55
5
For some reason Halifax and Lloyds detect magisk manager even repackaged. Freezing it (or uninstalling it) fixes the problem.

Santander finds it no matter what I do (including island and work profile)
Hey. I have lost all the sequence of this topic but i managed to find a way to have my app list hidden in order to avoid santander mexico app not to find my titanium app. There is an LSPosed module calle hide my app list (https://github.com/Dr-TSNG/Hide-My-Applist) and it does what it says. Take a look and let me know if you solve it
 
Last edited:

jimger

Senior Member
Dec 13, 2012
154
10
Cambridge,UK
Hey. I have lost all the sequence of this topic but i managed to find a way to have my app list hidden in order to avoid santander mexico app not to find my titanium app. There is an LSPosed module calle hide my app list (https://github.com/Dr-TSNG/Hide-My-Applist) and it does what it says. Take a look and let me know if you solve it
So far haven't. WIll spend sometime later. But I also installed it on island and still can detect titanium, swiftbackup etc. Not sure which checks santander is using

I have confirmed from non-rooted device, that it detects falsely as rooted when Magisk Manager or Edxposed Manager is installed.

Doesn't seem to care about: Titanium, SwiftBackup, Automate superuser permission, BetterBatteryStats
 
Last edited:

josehdx

Senior Member
Nov 27, 2016
55
5
So far haven't. WIll spend sometime later. But I also installed it on island and still can detect titanium, swiftbackup etc. Not sure which checks santander is using

I have confirmed from non-rooted device, that it detects falsely as rooted when Magisk Manager or Edxposed Manager is installed.

Doesn't seem to care about: Titanium, SwiftBackup, Automate superuser permission, BetterBatteryStats
That is why you can hide such "reading app list permission" with the module i am sharing here :)
 

jimger

Senior Member
Dec 13, 2012
154
10
Cambridge,UK
That is why you can hide such "reading app list permission" with the module i am sharing here :)
Yeah I get it. But needs exposed which causes a lot of other problems for me. I have installed lposed but has some kind of se policy error unfortunately. I am just trying to find out how to defeat Santander. Even when Uninstaller magisk manager and edexposed, still was identifying root from island. I am just trying to find out where is the problem...
 

tyler19820201

Senior Member
  • Jun 19, 2011
    306
    40
    London
    Yeah I get it. But needs exposed which causes a lot of other problems for me. I have installed lposed but has some kind of se policy error unfortunately. I am just trying to find out how to defeat Santander. Even when Uninstaller magisk manager and edexposed, still was identifying root from island. I am just trying to find out where is the problem...
    Santander works for me with latest canary + edxposed + xprivacylua. need to thick for santander in xprivacylua get applications only.
     
    • Like
    Reactions: flipside101

    jimger

    Senior Member
    Dec 13, 2012
    154
    10
    Cambridge,UK
    That is why you can hide such "reading app list permission" with the module i am sharing here :)
    For Santander doesn't work. For Lloyds and Halifax it does. Also when running the test for the module itself, it detects native Access, natives tat and nativeFstat. I don't know what those are. Is it normal?


    P. S. Also tried with xprivacyLua. Same thing :mad:
     
    Last edited:

    Top Liked Posts

    • There are no posts matching your filters.
    • 1
      So to help anyone, i have now got it working here is the info and what i'm running.

      Running:
      - Poco x3 pro on arrow os
      - magisk v23.0
      - santander app latest 4.16.0

      Things i have:
      - Magisk app hidden / renamed just to 'SettingsAppp'. Not that it matters.
      - Magisk Hide - ON for santander. (Make sure magisk hide is also on for the isolated process, simply tab on santander in magisk hide after installing the Riru module)
      - Riru / Riru core v 25.4.4
      - Riru - enchanced mode for magisk hide (I believe it's called riru-unshare).
      - Adaway with following sources/domains blocked.
      - Renamed MyTWRP folder to MyPRWT (not sure if this is needed but i read somewhere that santander checks files/folders for a folder named TWRP). FYI, TWRP still seems to happily backup to this folder.

      Code:
      # This hosts file contains exported entries from AdAway.
      127.0.0.1 cem.lloydsbank.co.uk
      127.0.0.1 mupdates.trusteer.com
      127.0.0.1 trusteer.com
      127.0.0.1 fins.trusteer.com
      127.0.0.1 dyknreymc91ut.cloudfront.net

      A few tips i have:

      If phone reboots give it 2-3 minutes to make sure magisk hide boots up and riru core etc before opening the santander app.

      Did have a little blip earlier where root got detected but a wipe of data and cache for santander, a reboot, a 2-3minute wait, then re-sign in and it seems to be all happy again. However it does seem to be stable between restarts as long as you don't click santander straight after launching.

      Also side note i'm not using fingerprint on the app, but i am using quick balance.
    • 22
      Hi All,

      I've seen mention of Santander but not of Lloyds bypassing the root detection. After much trial and error it's quite simple and my method will bypass both Santander and Lloyds. If bypassing Santander just do the same for the Santander app as ive said to do with Lloyds.

      <--Update 08/06/19-->

      Having flashed a new rom and following my steps again I received the detection message again but was resolved by using the Canary build of Magisk Manager.

      To get Magisk Manager Canary click the link below:

      https://github.com/topjohnwu/magisk_...pp-release.apk

      Once installed, open Magisk Manager and go to

      settings > Update Channel > Canary

      Go back to Magisk home screen and swipe down to check for updates, you'll receive an update for the canary build. Once you update follow the guides original steps below.

      <--End of update-->

      In Magisk Manager Settings:
      Enable Magisk Hide
      Enable Sytemless Host
      And if the option is available select "Hide Magisk"

      In Adaway:

      Download my exported blacklist from:

      https://drive.google.com/file/d/1xCBB4iVA65gJTTYqbhU1qTlghVYyAL1S/view?usp=drivesdk

      Then in adaway click the 3 dots in the top right to open the menu, select "Your Lists" then press the menu button again in the top right and press "Import all lists" and select the file you downloaded.

      With the urls added go back to the adaway main screen and press "Download Files and Apply ad blocking" and Reboot device. If "Download Files and Apply Ad Blocking" doesn't appear, click "check for updates" and then download them which will do the same thing.

      Once your phone has restarted install the Lloyds Banking app but don't open it. Go into Magisk Manager and select Magisk Hide from the menu and tick the Lloyds Banking app. Reboot phone and Lloyds should work perfectly!

      I managed to do this from researching other threads and adding my own bits in so credit due elsewhere as well, as usual you can follow this guide but do so at your own risk, i take no responsibility :D
      5
      I think we should start leaving bad reviews on the play store for apps that go to extreme lengths to detect root/custom recovery, especially in the case of apps that treat you like a criminal just for having a custom recovery, when you aren't even rooted.
      If an app still detects that you've been "jailbroken" (eugh) when you've tried everything possible to hide it, then whatever it's doing in your file system is extremely intrusive, and that's a good enough reason to try and knock a star off their review score if you ask me.
      Apologies if this is off topic, but it's really pissing me off that so many app developers treat people like criminals just for wanting to have full control of our own devices, or to get a bit more life out of phones that would otherwise succumb to planned obsolescence when the official firmware updates dry up. Screw these guys.
      4
      This app (Santander UK) is using Isolated Process and a scan of your installed apps to detect root.

      Just use latest Magisk Canary + Repack of Manager + Riru Core v. 23.9 + Unshare Module (to enable Magisk Hide for Isolated Process) and this app will work perfectly with root. I tested on my device. (Mi 9T Pro + MIUI 12.5 - A11)

      Riru Core v. 23.9 can be downloaded from Magisk Repo.

      Download Riru Unshare Module from the link below:


      Enable Magisk Hide for the app and its processes (uk.co.santander.santanderUK and uk.co.santander.santanderUK : oa.UB)

      If the app FC right after starting you need to search for a possible installed app triggering the detection or simple revoke the permission "Get info about installed apps" at app settings (this can differ from device to device)

      After every update of the app the Isolated Process name can be different so just re-add it to Magisk Hide again and everything should be fine.

      More info about the exploit (Isolated Process) used by a large numbers of banks to detect Magisk:

      3
      Storage Isolation (storage redirect) app from playstore also works for Santander (maybe others too?) without using island app.
      Trial version (redirect for up to 3 apps) in basic mode enabled for Santander app (plus magisk hide) worked for me.
      2
      Lloyds new host list

      I've managed to get the Lloyds app to work again. I've added a couple of hosts to be blocked on Adaway. I've also attached the full list, all you have to do is import in adaway (you might need to remove the .txt extension to import, dunno)

      # This hosts file contains exported entries from AdAway.
      127.0.0.1 cem.lloydsbank.co.uk
      127.0.0.1 mupdates.trusteer.com
      127.0.0.1 trusteer.com
      127.0.0.1 fins.trusteer.com
      127.0.0.1 dyknreymc91ut.cloudfront.net
      127.0.0.1 crashlytics.com
      127.0.0.1 dyknreymc91ut.cloudfront.net
      127.0.0.1 omtrdc.net
      127.0.0.1 sc.omtrdc.net