Banking app (Starling) detecting Magisk
source link: https://forum.xda-developers.com/t/banking-app-starling-detecting-magisk.4576421/page-6#post-88579865
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Banking app (Starling) detecting Magisk
All you need to do is, instead of opening the Starling app as normal to log in, visit https://oauth.starlingbank.com instead. This will redirect you to the app, but critically it will (for some reason) bypass the saftey check it normally runs when the app starts.
It is worth noting that I have found that the safety check does eventually trigger post log in, (starting the 14 day countdown) even if I continue to open the app via this link, but it wasn't instantaneous so this might need some extra investigation about what triggers it.
Sadly I think posting this workaround here will mean that Starling patches it basically instantly, but I thought I'd share anyway.
Reactions: guru_fordy
Didn't work for me
Did you wipe app data first? I can send a video if it if you need help
Earlier on I tried Magisk official + HuskyDG MagiskHide. And that wasn't working for me either. But Magisk Delta + SuList does work for me. So yes, perhaps it is somewhat ROM dependant as to which, if any, solution works.
Edit: I tried again, completely uninstalled Magisk Delta, dirty flashed ROM, wiped cache, installed Magisk official, installed MagiskHide HuskyDG, added Starling to DenyList, rebooted and voilà!
This worked for me!
Does Magisk hide module without zygisk pass play integrity for Google pay?
Meaning @huskydg's solution?
It should be able to pass only if you have a non Zygisk method to pass PI deviceIntegrity...
For most Android 8+ release version devices you could use an older Riru-USNF to inject code in gms to register the fake keystore that causes exception and fallback to basic attestation on device + MHPC module to cause model, fingerprint, shipping level etc prop mismatches needed to bypass Google server end hardware-backed verdict enforcement for many keymaster 3 compliant devices for insurance... Nb. Despite allowing deviceIntegrity pass, this may well cause Starling Bank to fail as it can detect native bridge loaded Zygisk injection into zygote... It may well be be able to detect Riru (also NB loaded) injection/hooking too.
You may also need to manually add gms (Google Play Services) attestation/droidguard process com.google.android.gms.unstable + gms main process com.google.android.gms in hidelist... Traditional MagiskHide used to add these automatically but MagiskHide in Alpha doesn't... I don't know know about @huskydg's module.
A better solution would be to use a custom ROM with integrated 'SafetyNet' Fix (SNF) that passes PI deviceIntegrity without Magisk. Such ROM solutions do this natively and without detectable hooking/injection. Of course you need to hide root/magisk from gms, so again, you must ensure the gms processes above are in hidelist.
For pre-Android 8 release version (not hardware-keymaster 3 compliant) and modern devices with broken keymaster implementations, stock ROMs could be used with the gms processes simply added in hidelist if they aren't already to hide Magisk/root... I'm guessing the MagiskHide module would take care of the sensitive props that must have values altered to non-suspicious ones as original MagiskHide did, but I'm not sure it does. @huskydg also provides this mod:
https://github.com/Magisk-Modules-Alt-Repo/sensitive_props/releases
so that could be used if MagiskHide module doesn't duplicate this function...
Hope it helps! 
PW
Reactions: makeyourself
Meaning @huskydg's solution?
It should be able to pass only if you have a non Zygisk method to pass PI deviceIntegrity...
For most Android 8+ release version devices you could use an older Riru-USNF to inject code in gms to register the fake keystore that causes exception and fallback to basic attestation on device + MHPC module to cause model, fingerprint, shipping level etc prop mismatches needed to bypass Google server end hardware-backed verdict enforcement for many keymaster 3 compliant devices for insurance... Nb. Despite allowing deviceIntegrity pass, this may well cause Starling Bank to fail as it can detect native bridge loaded Zygisk injection into zygote... It may well be be able to detect Riru (also NB loaded) injection/hooking too.
You may also need to manually add gms (Google Play Services) attestation/droidguard process com.google.android.gms.unstable + gms main process com.google.android.gms in hidelist... Traditional MagiskHide used to add these automatically but MagiskHide in Alpha doesn't... I don't know know about @huskydg's module.
A better solution would be to use a custom ROM with integrated 'SafetyNet' Fix (SNF) that passes PI deviceIntegrity without Magisk. Such ROM solutions do this natively and without detectable hooking/injection. Of course you need to hide root/magisk from gms, so again, you must ensure the gms processes above are in hidelist.
For pre-Android 8 release version (not hardware-keymaster 3 compliant) and modern devices with broken keymaster implementations, stock ROMs could be used with the gms processes simply added in hidelist if they aren't already to hide Magisk/root... I'm guessing the MagiskHide module would take care of the sensitive props that must have values altered to non-suspicious ones as original MagiskHide did, but I'm not sure it does. @huskydg also provides this mod:
https://github.com/Magisk-Modules-Alt-Repo/sensitive_props/releases
so that could be used if MagiskHide module doesn't duplicate this function...
Hope it helps!
Okay.
As two people got starling working using husky dg Magisk hide then we just need Google play working.
Okay.
As two people got starling working using husky dg Magisk hide then we just need Google play working.
Google Pay I'm guessing...
So 'we' as in users of custom ROMs (like crDroid) that spoof?; Pretty easy.... Or as in users with device launched with Android 7 and earlier?; Again easy... Or as in modern devices with broken keymaster (like so many OnePlus models)?; Piece of cake!...
But as in users will hardware compliant devices launch w/ Android 8+ running stock OS or official LineageOS that don't spoof; bit of a challenge but with MagiskHide and sensitive prop solutions still quite doable. 
PW
Reactions: makeyourself
Google Pay I'm guessing...
So 'we' as in users of custom ROMs (like crDroid) that spoof?; Pretty easy.... Or as in users with device launched with Android 7 and earlier?; Again easy... Or as in modern devices with broken keymaster (like so many OnePlus models)?; Piece of cake!...
But as in users will hardware compliant devices launch w/ Android 8+ running stock OS or official LineageOS that don't spoof; bit of a challenge but with MagiskHide and sensitive prop solutions still quite doable.
Nope we as in people using Magisk Hide module on official Magisk.
I am on Pixel 7 Pro and stock ROM and use zygisk and UNSF and Google pay works.
Starling does not work so I wanted to know if I change to zygisk off and use magisk hide module to make Starling work would that break google play.
makeyourself
Senior Member
Am I correct in thinking that the server-side hardware attestation shows up as "CTS profile match" in e.g. YASNAC? And the client/device side attestation shows as "Basic integrity"? Either way, and regardless of system configuration, I always get "Evaluation type" reported as "BASIC" when I run the SN test. Yet for whatever reason I still need Zygisk and USNF to get SafetyNet to pass properly. This confuses me as if the evaluation type is "BASIC" without USNF, why do I need USNFFor most Android 8+ release version devices you could use an older Riru-USNF to inject code in gms to register the fake keystore that causes exception and fallback to basic attestation on device + MHPC module to cause model, fingerprint, shipping level etc prop mismatches needed to bypass Google server end hardware-backed verdict enforcement for many keymaster 3 compliant devices for insurance... Nb.
?A better solution would be to use a custom ROM with integrated 'SafetyNet' Fix (SNF) that passes PI deviceIntegrity without Magisk. Such ROM solutions do this natively and without detectable hooking/injection.
Yeah I noticed for instance that ProtonAOSP apparently has this type of implementation. Do you know how they manage to do it if they aren't using code injection methods? At the end of the day it's GMS that needs modifying to fix SafetyNet right? I know props also need tweaking, but that bit is relatively easy without code injection. So do these custom ROMs ship with a modded GMS or something? Am just wondering why this can't be achieved without such a custom ROM just by using root (no Zygisk)? Hope I'm making some sense lol.
I have found a pretty crazy way to bypass the initial starling safety check if you are currently logged out. This will allow you to log in even if your phone is deemed as unsecure and would normally trigger the Starling safety check - useful for those who want to keep zygisk enabled!
All you need to do is, instead of opening the Starling app as normal to log in, visit https://oauth.starlingbank.com instead. This will redirect you to the app, but critically it will (for some reason) bypass the saftey check it normally runs when the app starts.
It is worth noting that I have found that the safety check does eventually trigger post log in, (starting the 14 day countdown) even if I continue to open the app via this link, but it wasn't instantaneous so this might need some extra investigation about what triggers it.
Sadly I think posting this workaround here will mean that Starling patches it basically instantly, but I thought I'd share anyway.
This worked for me thanks! Everytime I start the app now it throws the same error page about being rooted, but then lets me fingerprint Auth and I'm in without anything further.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK