Using Software with V-key Components

Search This thread

Lu5ck

Senior Member
Dec 18, 2013
286
79
It's always been there, but still gets root detected
install shamiko yet?
Hide my applist is outdated I think


i think the latest is from magisk alpha telegram
 

Xanth0k1d

Member
Sep 25, 2019
43
12
Those guys at gov tech.
Well they can't fight open source and against our rights to own the phone we need and the risk we willingly took.
We will figure out a way. Anyways after I'm done with my 2 years of holiday I don't need SingPass that often anymore.
But we will figure out away.
 

Xanth0k1d

Member
Sep 25, 2019
43
12
Honestly just found out this whole thing is againt the user agreement, the 3.4d part and offences as such are liable of charge under Computer Misuse act. Thus I think it is not proper to go into this Magisk direction anymore.

Nevertheless, may be it is time to consider some alternatives: Virtualised sandboxes? if those are considered a device inside another device?

Or it might be a good time to design a device with super long battery life and serve the only purpose of bank/singpass apps.
 

thexile

Senior Member
Jan 9, 2012
157
111
For Singpass v14.1.0, disable provider o.getBundleArrayFromBundle and service o.getAndroidMinimumVersion is good enough to stop Singpass from detecting root. However, one will receive a pop-up error message "Sorry, something went wrong. Please try again" in the in-app browser (Singpass login website).

Updated: the error was due to my AdAway configuration.
 
Last edited:
  • Like
Reactions: Xanth0k1d

Xanth0k1d

Member
Sep 25, 2019
43
12
For Singpass v14.1.0, disable provider o.getBundleArrayFromBundle and service o.getAndroidMinimumVersion is good enough to stop Singpass from detecting root. However, one will receive a pop-up error message "Sorry, something went wrong. Please try again" in the in-app browser (Singpass login website).
Thanks for the info.
I will keep this thread open for theoretical discussions only.
 

Roidred

Senior Member
Sep 4, 2012
228
51
Anyone managed to bypass root detect from Singpass 14.0? Not working for me anymore (despite HMA and shamiko)
Yes working for me Singpass 14.1.0 Magisk 24.3 and Shamiko
Also disabled provider o.getBundleArrayFromBundle and service o.getAndroidMinimumVersio using App Manager. Phone is running A11 miui 13
 

Roidred

Senior Member
Sep 4, 2012
228
51
Thanks - tried that but there is no provider by that name, only a service. And disabling it causes Singpass to force stop
Provider is a separate tab. Check under that tab in App Manager. Hope other basic steps are also followed in magisk. Reboot device after disabling the service and provider.
 

Roidred

Senior Member
Sep 4, 2012
228
51
Yes I saw that. Unfortunately I still get force close on trying to open singpass
I did install another ROM for testing. I tried singpass and was able to get it working with Magisk 23.3 and shamiko 0.5. No need of App Manager. i do reboot every time when config change is made on magisk.

The other modules installed was universal safetynet 2.2.1 and magiskhide props config. i changed my device finger print to get device certified on google play. Should uncheck the enforce option in magisk.

Take a backup and try a clean install of ROM. Every ROM is different quite difficult to know what's happening in your case
 

thexile

Senior Member
Jan 9, 2012
157
111
Has anyone figured out how to bypass Citibank SG v15.1 app Magisk detection?

Appreicate if you can share your know-how.
 
Last edited:

thexile

Senior Member
Jan 9, 2012
157
111
For Singpass v14.1.1, look out for service o.getInstalledModules and provider o.ParcelableSnapshotMutableState.
 

dearestk

Member
Feb 27, 2012
23
2
For Singpass v14.1.0, disable provider o.getBundleArrayFromBundle and service o.getAndroidMinimumVersion is good enough to stop Singpass from detecting root. However, one will receive a pop-up error message "Sorry, something went wrong. Please try again" in the in-app browser (Singpass login website).

Updated: the error was due to my AdAway configuration.
Hi. I am also getting the "Please try again" error during the app registration process. Could you kindly elaborate on the AdAway configuration issue? Thanks!
 

thexile

Senior Member
Jan 9, 2012
157
111
Hi. I am also getting the "Please try again" error during the app registration process. Could you kindly elaborate on the AdAway configuration issue? Thanks!
Uncheck "Enable web server" under Preferences → Root based ad blocker. I think this is pixelserv which can block ads serve by HTTPS, however it will conflict with SSL certificates occasionally.
 
Last edited:
  • Like
Reactions: dearestk

dearestk

Member
Feb 27, 2012
23
2
Uncheck "Enable web server" under Preferences → Root based ad blocker. I think this is pixelserv which can block ads serve by HTTPS, however it will conflict with SSL certificates occasionally.
Thank you but no luck here. Even with AdAway uninstalled and phone rebooted, I am still getting the "Please try again (82-t991)” error during the last stage of the registration process. Is there any services or providers that I should disable for singpass 14.2.0?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    UPDATE!
    NO MORE COMPLICATED SCRIPTS, JUST USE MAGISK 24.1 WITH DENY LIST!
    1. Enable Zygisk, add the apps to the deny list
    2. Hide Magisk App
    3. Install SafetyNet Fix by kdrag0n (Might still need Magisk Hide Props if your device is a little older)
    Working on: Poco X3 Pro + Lineage 18.1 (Android 11)


    ^Use aurora store to get the older version of Singapass that's likely to work, I'm using build 100.

    V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
    Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.

    This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.

    This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.

    To make things work, the following things must be done:

    1. Make sure Magisk manager is hidden

    2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.

    3. Add the apps to Magisk Hide list.

    4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:

    pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
    pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
    pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
    pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService

    *Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled

    *Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows

    Credits:
    Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components

    Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)

    @Didgeridoohan for MagiskHide Props Config

    @vurtomatic for giving me the idea of creating a guide on this.
    3
    Can I have a step by step go to run this script? Newbie here. It will make Singpass run as per normal right? And by Package Manager, do I download it from F Droid?

    That will not for singpass, this is what I do to get it work
    1. Must pass basic safetynet, this will not teach you how
    2. In magisk, install Riru module
    3. In magisk, install LsPosed module
    4. Download Unshare - https://github.com/vvb2060/riru-unshare/releases
    5. In magisk, install Unshare
    6. Download Universal Safetynet Fix - https://github.com/kdrag0n/safetynet-fix/releases
      This basically make hardware-backed attestation CTS devices to use basic instead
    7. In magisk, install Unshare
    8. Install App Manager - https://f-droid.org/en/packages/io.github.muntashirakon.AppManager/
    9. Install XPrivacyLua - https://repo.xposed.info/module/eu.faircode.xlua
    10. Reboot
    11. In LsPosed, enable XprivacyLua and Singpass in that same list
    12. Reboot
    13. In magisk, enable "Magisk Hide" in settings
    14. In magisk, press "Shield", hide Singpass all options (dropdown)
    15. In magisk, "hide Magisk" in settings, choose some really unpredictable name
    16. In App Manager, look for Singpass, go to "Services", disable all "(Isolated)" services.
    17. In XPrivacyLua, look for Singpass, enable restrict on "Get Applications" and "Get Sensors"
    18. Reboot
    19. Try running it a few times to see if it go through, if doesn't work do the shelter method
      Personally, it run for me but ultimately fail when it try to register biometrics, no idea how to disable its access to biometrics.
    20. Install Shelter - https://play.google.com/store/apps/details?id=net.typeblog.shelter
    21. In shelter, under personal profile, clone "Singpass"
    22. In shelter, under work profile, make sure no rooted apps in there
    23. Reboot
    24. Run Singpass (Work Profile), it may fail sometimes, just keep retry until it runs undetected.
    25. (Bonus) Put chrome or whatever browser apps into shelter so singpass can use that browser app.
    App Manager and XPrivacyLua might be redundant but whatever, just do it anyway. Unshare and magiskhide alone seem to work for some people, personally doesn't work for me. Anyway, this is basically everything you could try.

    I am using Poco X3 Pro, lineage 18.1

    Edit:
    Magisk is entering a new era and with that improved hiding capability. Before the new stable magisk is released alongside with other more powerful modules, you can download the unofficial alpha build at https://t.me/magiskalpha then with combination of deny list and universal safetynet fix, you could run singpass without issue. I didn't try because I am using a number of other modules as well but other users did try and worked.
    2
    The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
    2
    That will not for singpass, this is what I do to get it work
    1. In magisk, install Riru module
    2. In magisk, install LsPosed module
    3. Download Unshare - https://github.com/vvb2060/riru-unshare/releases
    4. In magisk, install Unshare
    5. Install App Manager - https://f-droid.org/en/packages/io.github.muntashirakon.AppManager/
    6. Install XPrivacyLua - https://repo.xposed.info/module/eu.faircode.xlua
    7. Install Shelter - https://play.google.com/store/apps/details?id=net.typeblog.shelter
    8. Reboot
    9. In LsPosed, enable XprivacyLua and Singpass in that same list
    10. In magisk, enable "Magisk Hide" in settings
    11. In magisk, press "Shield", hide Singpass all options (dropdown)
    12. In magisk, "hide Magisk" in settings, choose some really unpredictable name
    13. In App Manager, look for Singpass, go to "Services", disable that one "(Isolated)" service.
    14. Reboot
    15. In shelter, under personal profile, clone "Singpass"
    16. In shelter, under work profile, make sure no rooted apps in there
    17. In XPrivacyLua, look for Singpass, enable restrict on "Get Applications"
    18. Reboot
    19. Run Singpass (Work Profile), it may fail sometimes, just keep retry until it runs undetected.
    App Manager and XPrivacyLua might be redundant but whatever, just do it anyway. Unshare is a must though, otherwise it won't work.
    Thanks for the tip! I tried riru+unshare, and I found that those two is enough to run Singpass without work profile (Shelter) or xprivacylua. I'm currently running it normally in normal user mode.
    2
    Hi guys, I'm back on xda.
    I'm on some 2 year long commitment which I guess most Singaporean males will know what I'm talking about...
    Basically some ****ty stuff happened and I was away for a while.

    From your discussion I think we just costed a company its contract with the Singapore gov :p
    I'm yet figuring out the stuff about Singpass, but my phone's recent update got me into trouble with some banking apps - OCBC and POSB.

    If one uses pm to disable all the vkey services, the apps will launch/crash, just disable vkey.android.vos.MgService alone will work.

    I'm attaching a newer version of the script, to be executed as root as usual (added some comments)
    Opening the script and reading the commends helped me with the K Plus app from Kasikorn Bank Thailand.
    I disabled all vkey services instead of just the mgservice of vkey, which made the app crash. With just the mgservice disabled it works.