Skip to main content

3 posts tagged with "magisk"

View All Tags
MissedRemote accessJailbreak / RootFake GPS app★ Pinned

XPoint / BetRivers PA: Tailscale macOS RDP (unattended), Magisk mock-flag suppression, and FaceTime handoff undetected

XpointRushStreet Interactive (BetRivers)
xpointbetrivers-pardptailscalemacos-screen-sharing

Source. June 23, 2026 weekly sync.
Ticket. CIV-88: BetRivers PA — advanced spoofing review.

What we tested

Advanced spoofing checks on BetRivers Pennsylvania (XPoint), building on the June 16 compliance analysis.

What happened

1. Tailscale + Mac RDP — undetected

Two Macs on the same Tailscale account. Mac1 (out of state) connects to Mac2 (in PA) using macOS built-in screen sharing via Finder. Mac2 user does not need to be present — the remote user gets full control.

2. Rooted Android + mocked location — undetected (retested on mobile network)

Same non-compliant result on mobile connection. Setup uses Magisk with a renamed manager to avoid detection, root partially hidden. Key nuance: the mock location app (FakeGPS) is technically visible to BetRivers, but a custom low-level module suppresses the mock-location flag before BetRivers can read it — which is why it gets through. A second rooted device lost its integrity status and needs troubleshooting.

3. FaceTime RDP — undetected after local auth

The in-state person must physically handle the phone to log in and enter the 2FA code. Once logged in, the remote user takes full control — requires brief cooperation from the in-state user at the start, but no presence after that.

Why it matters

All three vectors succeeded in a follow-up cycle. The Magisk module path defeats the SDK's mock-location signal at the OS layer — not merely by hiding the spoofing app. The Tailscale + macOS pattern delivers fully unattended desktop control, which is the highest-risk RDP class on Pennsylvania deployments this month.

Cross-reference

Xpoint profile → · June 23 weekly sync →

MissedRemote accessJailbreak / RootFake GPS appResigned / tampered app★ Pinned

XPoint / BetRivers PA: iOS RDP, Tailscale macOS RDP, and rooted Android mock location undetected; standard RDP + FLA blocked

XpointRushStreet Interactive (BetRivers)
xpointbetrivers-pardpfacetimeiphone-mirroring

Source. June 16, 2026 weekly sync.
Ticket. CIV-88: BetRivers PA — compliance analysis.

What we tested

A compliance analysis of BetRivers Pennsylvania (XPoint) covering native iOS remote-control methods, Tailscale + macOS native screen sharing, rooted Android with mock-location concealment, and a baseline suite of standard remote-access tools, IP-change detection, Android fake location apps (FLA), and a resigned iOS app.

What happened

VectorResultNotes
Native iOS RDP (FaceTime + iPhone Mirroring)✗ UndetectedRemote operator in an out-of-state location placed bets on the in-state Pennsylvania iOS device.
Tailscale + macOS native RDP✗ UndetectedMesh VPN tunneling combined with built-in macOS screen sharing was not flagged.
Rooted Android + concealed mock location✗ UndetectedRoot state and hidden mocked coordinates both went unnoticed; bets and gameplay succeeded from an exclusion state.
TeamViewer, AnyDesk, HopToDesk✓ BlockedStandard commercial remote-access utilities were identified and suppressed.
IP change detection✓ BlockedIP-based relocation checks fired as expected.
Android fake location apps (FLA)✓ BlockedGeolocation manipulation frameworks were detected before wagering.
Resigned iOS app✓ BlockedTampered iOS binary was rejected.

Why it matters

Three high-impact vectors — iOS screen sharing, Tailscale-based macOS RDP, and root-concealed mock location — all succeeded on the same operator while the "standard toolkit" checks passed. That pattern suggests detection tuned to known commercial RDP signatures and common FLA tools, but blind to native OS remote-control channels and Magisk-level telemetry suppression. The iOS and Tailscale gaps are especially material given prior undetected Tailscale findings on other XPoint deployments.

Cross-reference

Xpoint profile → · June 16 weekly sync →

IntelSocialJailbreak / Root★ Pinned

Reddit: two users publicly offer to spoof Bet365 XPoint Verify via Magisk

Xpointbet365
socialbet365xpointmagiskspoofing

Source. Reddit thread on Bet365 / XPoint from a Florida user. April 7 weekly research sync.

The signal. A Florida-based user publicly asked how to spoof Bet365 XPoint Verify. According to two other users in the thread, there are ways — and one user said "I can help you spoof it through Magisk."

Why this matters. This is a regulated-market vulnerability being openly shared between players. Magisk is a hidden-root tool for Android, the same class we've already shown XPoint fails to detect in internal testing. The community is one step ahead of the operator.

Action. Magisk + XPoint Verify bypass is now in the test queue (May 5 monthly brief: "Magisk bypass on Bet365 / XPoint" added to the 15-ticket queue).

Xpoint profile →