MAE / BIMB banking apps blocking access - MY
So one day, you can't access your MAE (Maybank) app, your BIMB (Bank Islam) app, or any of your bank apps really like CIMB or any other - on your perfectly-fine Android device.
And you noticed these error messages sometimes doesn't make sense, such as "OEM Unlocking is turned on" or "Your device is rooted" (but it could be, that it's not even rooted!).
Well first at foremost, this is all thanks to Google Play Integrity & your local bank(s) decision to bow down to these Big Tech policies without even questioning - whichever you want to blame. And you're not wrong, it's really not your device. Your device is perfectly fine! But I'm not going to deep dive into who's to blame here. The reason I'm writing this is to provide a way to fix these.
You may fall into one of these categories:
1. You bought your phone from outside of Malaysia, or the phone is not officially from your local country:
Therefore, it made sense that your device's bootloader is unlocked to get the local version of stock Android rom - otherwise lots of local apps wouldn't work.
2. You bought your phone second-hand without knowing the technical details:
Same reason as above - it's either the previous owner decided to unlock the bootloader OR it falls under the first category mentioned - the phone may have been bought outside of the country.
3. You are using a custom rom on a locally-bought Android device:
It doesn't matter what your custom Android rom is based on. As long as you have a custom rom running, that means your bootloader is unlocked. Otherwise, you won't be able to even use your phone. But I also have to stress that using a custom rom doesn't mean that your device is 'rooted'. There's no need for root at all to get a custom rom running, all it needs is an unlocked bootloader.
4. You actually rooted your phone, but your spoofing tricks doesn't work anymore:
Well, some people say this is like digging your own grave, but no matter - you can still make it work! I personally call it "control our own device" 😄
Ok so - did you fall into one of those categories? or maybe you're just not aware and had been using the phone for years now, and so it may have fallen into one of the first two categories above.
Now - if you fit into the third category, meaning that you have previously, intentionally, unlocked your bootloader to install a custom rom (nothing wrong with that!) - one option is to just to revert back to your local stock rom and re-lock the bootloader, and all these apps will work just fine. Just be aware that you're going to have to wipe the whole phone/device data. The good news? it'll feel like a brand new phone. The bad news? You have to setup everything again, from installing your apps to your customised preferences.
You can easily find the steps to do this on the internet - it usually involves downloading your phone/device stock rom and 'flashing' it over. Search for terms like "[your phone/device model] stock rom"
E.g. Samsung Galaxy S24 Stock ROM
But surely, there are reasons as to why you are using a custom rom in the first place, especially if it's done intentionally right? So if you want to keep using your current custom rom - continue reading below.
Otherwise, stop reading, don't waste your time here.
Ok so here is the real fix. You are going to have to root.
But wait, doesn't that defeat the whole purpose of these banking apps blocking access for rooted devices? Yes it does. These clowns don't even question their own app policies and how it works.
What if your phone/device is already rooted?
If your phone/device is already rooted, using Magisk or KernelSU, remove it completely, uninstall your current root setup. Magisk usually have a user-friendly way to do a 'complete root uninstallation' - open up the Magisk app and you should see the option somewhere.
We are going to root using an app/system called "APatch".
You can read APatch's documentation here if you want to:
https://apatch.dev/
This is how I'd personally describe APatch:
APatch is a hybrid of KernelSU & Magisk.
The root is implemented on a kernel-level, like Kernel SU, and unlike Magisk.
If you are familiar with Magisk though, APatch also supports Magisk modules!
Meanwhile, Magisk's root method is through the phone/device's RAM disk - which can be seen by these new sophisticated root checks implemented by these apps, well, they don't usually come up with it themselves - it's through Google. You can still get away with most apps if you're using Magisk - but for future-proof rooting, it's better to root at the kernel-level. If Google can't see it because it's rooted at a kernel-level (which is deeper), apps highly likely can't either.
As for KernelSU - it's perfectly fine in terms of the rooting method, because it also roots device at the kernel-level. But, it doesn't have the user-friendly options like Magisk does to handle the next set of layers (like tricking and spoofing).
And this is why APatch is the winner - a combination of kernel-level root (like KernelSU) & support for modules for tricking and spoofing at the user-level (like Magisk).
It is also worth-noting that currently, MAE & BIMB root checks are not sophisticated, not yet anyway. Meaning you can still get away by using Magisk and some of its modules. But really, you want to future-proof your root method.
Here's what you need..
On Your Phone/Device
1. Your 'boot.img' file, unpatched (I'll explain below as you may have to get them through a computer).
2. APatch (app)
3. PlayIntegrityFork (module)
4. ReZygisk (module)
5. Tricky Store (module)
6. Trick Addon (module)
7. Termux (app)
8. Make sure Developer Options is turned ON, USB Debugging is turned ON, ADB is turned ON - throughout this process!! Unless you're told otherwise.
On Your Computer
1. Your ROM files (we just need that 'boot.img' file to patch later, explained below).
2. ADB installed
3. Fastboot installed
Important: I'm not highlighting what ADB & Fastboot are - but you can very easily look it up on the internet, and install it - as the way it works depends on your computer's operating system.
E.g. If your computer is running Linux or MacOS - you can just install them using your package manager.
If your computer is on Windows, you're going have to find the setup files to install it.
Steps:
Your 'boot.img' file, unpatched:
If you are familiar with the rooting method using Magisk, then you might recall that you had to patch your 'boot.img' file, transfer it over to your computer, and then use fastboot to load up the patched-img file to your phone/device.
If you're quite old and used to root through custom recovery like TWRP or OrangeFox, please note that rooting through recovery just won't work properly anymore! Stop using that method!
So if you're not familiar with patching 'boot.img' file - well - the 'boot.img' file is actually included within your current rom that you are using - it's unpatched. You just have to get the file. I can't explain in any other way, as there are various roms out there, stock and custom, and I don't know what rom you are using.
For example, if you use a custom OneUI rom, or a custom HyperOS rom, or any AOSP-based rom, you'll need to download or have that big zip file of your rom again, the exact same version as you are currently using (which is usually about 4-7gb in terms of file size).
You have to extract that big zip file of your rom - and within the extracted folders/subfolders, find any file called 'boot.img' - There should only be one file named 'boot.img' in there, and I'm 100% sure it's in there, as otherwise the ROM wouldn't work. Find it!
Once you have that file - make a copy of it, save one your computer, and save another on your phone/device. Then - move on to the APatch section below.
APatch Installation & Root:
Now - download APatch from their Github page above (under releases section).
It's an APK file - and therefore you have to install it (allow Unknown Sources to install).
Open the APatch app on your phone, and you should see some warnings at the top to set a 'SuperKey', and a button that lets you patch your 'boot.img' file.
So - remember that 'boot.img' file that you have copied on your computer and on your phone? This is where we need to patch it. But first - you need to setup a Superkey.
The Superkey needs to be:
- a minimum of 8 characters (to be exact, it's 8-63 characters long).
- include number and letters but NO Special charaters!!
After you have set your Superkey, then proceed to patch your 'boot.img' file that's on your phone. You'll see the options there to press & select the file within your phone directory.
It would run a script to patch the file and when that finish, you can see some logs as to where it generate & save a new patched file - within your phone/device.
The filename would somewhat be in this format: "apatch_patched_xxxx_xxx.img"
Then, connect your phone to your computer via USB, and copy or transfer the patched file ("apatch_patched_xxxx_xxx.img") to your computer.
With the phone still connected via USB - Open up your Terminal app on your computer (or Command Prompt in Windows). It's best to make sure it opens within the directory of your patched file. Otherwise, you can use the "cd" command to change your terminal into the directory.
Within the Terminal/Command Prompt window, type in:adb devices
And hit Enter. If it works - you should see one device listed under the line with some random character. If it doesn't work - try using a different USB cable, check your Developer Option settings and make sure USB Debugging & ADB is turned on, then try again until it does work.
If it's working, type in:adb reboot bootloader
And hit Enter. This will then reboot your phone/device, and it will load up Fastboot mode.
You can actually see the phone's screen lighting up with the text 'Fastboot' when it loads up.
Then, let's verify if fastboot command on your computer works and it can see your device.
Type in the below:fastboot devices
And hit Enter. If it works - you should see one device listed under the line with some random character. If it doesn't work - try using a different USB cable, and run that command again until fastboot detect your device.
Then, type in the below:fastboot flash boot apatch_patched_xxxx_xxx.img
Then hit Enter.
Note: That "apatch_patched_xxxx_xxx.img" - change the filename or add the directory - to match your patched file name and directory on your computer.
It will now attempt to load the patched file.
Once that's done, type in:fastboot reboot
And hit Enter.
Your phone/device will now reboot and loads up your rom, like it normally does.
After your phone loads up, open up the APatch app again.
This time, you can see there's a sign/bar at the top to enter a SuperKey.
Tap that option.
Remember the SuperKey you have set earlier?
Enter that very same SuperKey you have set.
APatch will then verify to confirm if the SuperKey is correct and if it's working.
If it does work, APatch will state "Working".
If it doesn't work, APatch will ask for that same SuperKey again - and if you can't remember what you've set as your SuperKey, then you may have to re-patch your original 'boot.img' file again with a new SuperKey.
So now that's working, what's next? Give yourself a pat on the back, you have done well.
Your phone/device is now rooted at the kernel-level!
Note: You may see another warning that says "AndroidPatch" is not installed - if you do, tap on Install, wait 1 minute, then reboot the phone.
Now - unlike Magisk - APatch doesn't have a DenyList.
So how does it work? We move on to the next section and I'll explain there.
Testing APatch & Installing Modules
If you open up your APatch app again, you'll see a few navigations options/bar at the bottom.
The middle one would be the "SuperUser" option.
Again, APatch doesn't have a DenyList - so this section is NOT a DenyList.
What this section does is, it allows you to select specific apps to have root access.
So remember that you had to install Termux just now?
Find Termux within this SuperUser option and toggle it on.
You may want to toggle on for some of your other root apps as well, such as maybe "Root File Explorer" or "Material Files" to give these app root permissions (if you need to).
It will work instantly, without a restart.
If you want to verify it - easy - toggle it OFF for Termux.
Then open up Termux, type in the command 'su' (without quotes) and hit Enter.
You will likely see that Termux can't find the command, which means that's working, it doesn't have root access.
And when you toggle it back ON for Termux, open up Termux again, run that same 'su' command again and you will see that the command works - meaning Termux now have root access.
Now within the APatch app, there's also a navigation option for APModule, which stands for 'AndroidPatch Module'. This is where we install our modules, just like Magisk.
So download all those module files (listed above, these are zip files), and install them all.
To install a module: Within the APModule section, you should see an icon to install a module from a file - use this option - select your zip file of the the module and it'll install.
You DO NOT need to reboot after each installation.
So in this case, install all modoules, one by one: ReZygisk, PlayIntegrityFork (aka PIF), TrickyStore, TrickyStore addon.
And then you REBOOT your phone (crucial!). This is to ensure all the modules installed are running properly.
Next - you have to do these steps next in specific order:
1. "Clear Data" on these apps: Google Play Services; Google Play Store; Google Services Framework; your banking app (MAE or BIMB, or both); basically, any apps that you want to hide root & bootloader status from.
2. Open up APatch, go to APModule, find PIF (Play Integrity Fork) and hit the 'Action' button. It will then run a script. After the script is finished, DO NOT REBOOT your phone yet, go back.
3. Still within APatch -> APModule, find PIF, and hit 'Action' button.
After the script finish, DO NOT REBOOT your phone yet. go back.
4. Still within APatch->APModule, find Tricky Store and tap 'Open'.
Now make sure you do the below carefully in order:
With Tricky Store opened, you should see ALL apps installed on your phone, listed.
- Tap the three-dot menu at the top right.
- Tap Select All (you might not see Select All, it might be an icon that you have to press to select all).
- Tap the three-dot menu at the top right AGAIN
- Tap "Deselect Unncessary"
- Tap "Save" (it might be an icon), usually located at the bottom right.
- Tap the three-dot menu at the top right.
- Tap "Keybox"-> Tap "Valid"
- Tap the three-dot menu at the top right AGAIN
- Tap "Set Security Patch"
- Tap "Get Security Patch Date", wait for it to fetch info (only like 1-2 seconds)
- Tap "Save"
5. Open up your Termux app (provided that you have given it root access through the SuperUser option in APatch).
Within Termux window session, type in:
su
And hit Enter. That's to start a superuser (root) access in Termux.
Then type in:
cd /data/adb/modules/playintegrityfix
And hit Enter. That's to change the directory into that particular folder.
Then type in:
chmod +x ./autopif2.sh
And hit Enter. That's to give an 'execute permission' to the file called 'autopif2.sh' within the folder.
Then type in:
sh autopif2.sh --strong
And hit Enter. That's to run the script written on the file.
6. Now, finally, reboot your phone, again!
7. Check all your apps that were inaccessible previously due to bootloader/root status, and all those apps should now WORK!
If it doesn't, I'm pretty sure you may have missed some steps written here - but that's okay, read through everything here again, make sure you understand what we are doing first, and I'm sure it'll work.
Now you might wonder, where does ReZygisk, Tricky Store, Tricky Add on comes to all this and why do you need it installed? You might've done all this before in the past, using Magisk - so how does these modules actually work anyway?
Let me try my best to break it down:
ReZygisk module: It's a foundation that allows hiding apps to run. Without it installed, PlayIntegrityFork (PIF) and Tricky Store wouldn't be able to run.
Tricky Store: This is the hiding tool. 'The DenyList'. TrickyStore uses ReZygisk (or core Zygisk) to prevent apps listed (that target.txt file that generated) from being able to see the presence of root - it's another layer of hiding, on top of APatch's kernel-level root.
Tricky Addon: This is to make life easier when configuring Tricky Store. It automatically installs and manage the last known-good Keybox file (or Keystore) <– This is key to passing some integrity checks as well. While the spoofing part is done by PIF, this addon handles that info.
PlayIntegrityFork (PIF): This is the integrity spoofing tool. It makes Google thinks that your phone/device is unrooted or 'certified' device. Even if Google Play Store doesn't seem to think so.
APatch: Rooted at kernel-level, deep in the system where it's harder for Google to check. And this way, they can't pass this information to the apps. The tricking & spoofing are still done in the user-level space, but at the very least, we have control at the kernel-level.