This guide is for all Android devices to hide properly all root detections and successfully run banking apps as expected :)

HidingRoot.md

✨ Welcome to TheUnrealZaka's Guide for Hiding Root Detections!

Using KernelSU-Next + SuSFS

⚠️ Disclaimer: This guide is provided solely for educational purposes. The creator assumes no responsibility for any damage, data loss, or other adverse effects that may occur as a result of following these instructions. Proceed entirely at your own risk!

---

📖 Introduction

Many users who have rooted their devices finds issues where system or third-party applications detect the root status and refuse to operate. This guide outlines a procedure to hide root detection on the majority of Android devices, specifically the ones running Noble ROM for Samsung S9/S9+/N9. The approach detailed here leverages KernelSU-Next in conjunction with SuSFS.

---

🔰 Chapter 1: Pre-Setup

Before making any modifications, ensure that your device is in factory settings:

1. Offline Preparation:
   • Do not connect the device to the internet.
   • Avoid signing in with any accounts or inserting SIM cards during the initial setup.

2. System Cleanup:
   • Remove or rename any existing TWRP directories found in your internal storage.
   • This prevents conflicts with upcoming modifications.

---

🔧 Chapter 2: Prerequisites and Module Installation

2.1 Initial Requirements

Ensure your device meets the following prerequisites before proceeding:

1. ROM and Kernel Requirements:
   • The device should run a ROM that has been rooted using KernelSU-Next and supports SuSFS.
   • For Exynos9810 Users (e.g., Samsung Galaxy S9/S9+/N9):

   • Use the prebuilt kernel available at:
     Exynos Prebuilt Kernel
   • Flash this kernel via a recovery solution (TWRP is recommended) with SELinux in enforcing mode.

2. Installation of KernelSU-Next:
   • Install the latest KernelSU-Next APK from:
   KernelSU-Next APK

2.2 Advanced Mounting Options: Magic Mount vs. OverlayFS vs. Mountify

For advanced users, choosing the proper mounting method is critical. Different modules may behave uniquely depending on the mounting technique.

Magic Mount:
• Advantage: Mimics the OEM mount process using tmpfs & bind mounts, directly injecting binaries into PATH for seamless integration.
• Disadvantage: Increases the mount count significantly, which may be flagged by security tools (e.g., Zimperium). Its complex bind mappings can also reveal nonstandard configurations.

OverlayFS:
• Advantage: Offers a layered file system that applies non-permanent changes over the original system without altering it.
• Disadvantage: Some modules may misbehave due to how OverlayFS creates device nodes (visible in /proc/fs) and due to certain filesystem limitations (especially on F2FS/ext4).

Mountify:
• Blends benefits of both methods by globally mounting modules via OverlayFS while mimicking OEM behavior.
• Ideal for advanced users who need flexibility when modules fail under one mounting scheme.

🤔 Note: Neither method is flawless; select based on your modules’ compatibility and detection risk. For this guide, i'm going to use OverlayFS.

2.3 Installation of Additional Modules

With the selected mounting option verified, proceed with the installation of additional modules. Only choose one variant per module group.

• Mandatory module: SuSFS module by sidex15 & simonpunk (SuSFS Module)

• Module Group 1: Zygisk Core Module
  Options:
  • ZygiskNext by Dr-TSNG (Recommended)
  • NeoZygisk by JingMatrix
  • ReZygisk by PerformanC

• Module Group 2: Root Hiding Module
  Options:
  • Shamiko by LSPosed Developers (Recommended)
  • ZygiskAssistant by Snake-4 (Not Recommended)

• Module Group 3: LSPosed (Optional)
  Options:
  • LSPosed (NPM version)
  • LSPosed by JingMatrix
  • LSPosed Irena
  • LSPosed by qlenlen

• Module Group 4: Magisk-Based Modules

  After flashing KernelSU-related modules and rebooting, install the following Magisk modules (select only one option per subgroup):

  • PlayIntegrity Module:
    – PlayIntegrityFix by chiteroman
    – PlayIntegrityFix-Inject by chiteroman (Recommended)
    – PlayIntegrityFork (PIF-Fork) by osm0sis

  • TrickyStore Module:
    – TrickyStore by 5ec1cff
    – TrickyAddon by KOWX712

  • BetterKnownInstalled Module:
    – BetterKnownInstalled by PixelProps

Final Steps in Chapter 2

1. Reboot:
   • After installing all selected modules, perform a complete system reboot.

2. File Management with a Root-Enabled File Explorer:
   • Use an app such as MT Manager, MIXplorer, or Total Commander to transfer configuration files to these directories (remember to grant root access to the app to open the / directory):

• pif.json
  • Purpose: Passes both MEET_BASIC_INTEGRITY and MEET_DEVICE_INTEGRITY checks.
  • Location: /data/adb/modules/playintegrityfix
  • Action: Replace any existing file with the provided version.

• keybox.xml
  • Purpose: Assists in passing the MEET_STRONG_INTEGRITY check.
  • Location: /data/adb/trickystore
  • Action: Replace any existing file with the provided version.

The download of those files you can find it on Telegram: https://t.me/HidingRootDetections

---

🛠 Chapter 3: Final Adjustments

Before finalizing the setup, complete the following system file modification:

1. Spoofing Kernel version and fixing Abnormal Boot State:
   • Install Native Detector app and hold down on Abnormal Boot State to copy the value of your Boot hash.
   • Open the file /data/adb/VerifiedBootHash/VerifiedBootHash.txt and paste the value of the previously copied Boot hash.
   • Open KernelSU-Next and go to Modules > SuSFS > Open and spoof your kernel version to the version Native Detector reports you back, selecting Spoof on Boot and Execute on Post-FS-Data and then click on Make it SUS.

2. Editing the System Build Properties:
   • Open the file at /system/build.prop to locate the build display ID, which normally appears for Noble ROM users as:

   ro.build.display.id=UP1A.NOBLE_ROM_CALABRIA_III_S908BXXUBEXH7
   

   • Change it to:

   ro.build.display.id=UP1A.231005.007_S908BXXUBEXH7
   

   These changes are crucial for effectively masking the root status.

---

🚀 Chapter 4: Completing the Setup

After finalizing the modifications:

1. Final Reboot:
   • Reboot the device to apply all changes.

2. Post-Setup Procedure:
   • Once restarted, connect to the internet and complete additional setup steps (e.g., signing into Google and installing your preferred applications).

3. Additional Considerations:

   • For Samsung Devices:
     • Use Secure Folder to isolate root-related applications.
     • Remove KernelSU-Next from the primary profile (instead of using HMA/HMAL).

   • For Other Android Devices:
     • Consider employing a Work Profile to further isolate apps vulnerable to root detection better than HMA/HMAL.
     • Detailed instructions are available at:
     Android Work Profile Tutorial

4. Troubleshooting Root Detection Issues:
   • If any apps continue to detect root, use the TrickyStore addon to whitelist the affected applications via the module’s configuration tools.

---

🎉 Conclusion

By following these detailed steps—ranging from pre-setup procedures to final adjustments—you can effectively hide root detection with KernelSU-Next + SuSFS.

Always remember:
• Backup your device before proceeding.
• Proceed with caution and stay updated with any module changes or guide updates.

For any type of questions or problems, you can reach me on Telegram: @TheUnrealZaka or on Discord: @theunrealzaka.

Happy rooting (and hiding)! 🚀