LSPosed module to bypass iXGuard security checks in VPass (com.smbc_card.vpass) on rooted Android devices.
VPass refuses to run on rooted devices, killing itself via SIGTERM when it detects root, Xposed hooks, or USB debugging. This module neutralizes those checks without modifying the APK.
| Layer | Class | Target | Method |
|---|---|---|---|
| 1 | TamperActionHook |
TamperAction callbacks | Replace all 8 detection handler methods with no-ops |
| 2 | TamperFlagHook |
VpassApplication tamper flag | Intercept boolean getter, force field to false after onCreate |
| 3 | TerminationBlocker |
SIGTERM / exit self-kill | Native signal(SIGTERM, SIG_IGN) + Java Process.killProcess/System.exit/Runtime.exit hooks |
| 4 | IntegrityCheckHook |
Integrity verification (C0120) | No-op timing check kh.Я.⠉ via DEX enumeration |
| 5 | SplashNavigationHook |
SplashActivity.nextPage() |
Replace entirely — skip iXGuard integrity verification, call navigation method ξ(true) directly |
| 6 | UsbDebugHook |
USB debugging dialog | Suppress BaseActivity.҇(String) error dialog when USB debug message is detected |
- Android device with KernelSU / Magisk
- LSPosed (Zygisk variant)
- Nix (for build environment)
See docs/build.md.
- docs/analysis.md — Full reverse-engineering report of VPass's iXGuard protection
- docs/methodology.md — Step-by-step account of the analysis process
- VPass v5.11.0 (versionCode 5110013)
- Sony Xperia XQ-DE44, Android 15
- KernelSU Next + ZygiskSu + LSPosed
This project is for security research and educational purposes only. Use at your own risk.