[WIP] A Riru module tries to enable Magisk hide for isolated processes.

Overview

Riru-IsolatedMagiskHider

Background

Many applications now detect Magisk for security, Magisk provided "Magisk Hide" to prevent detection, but isolated processes and app zygotes will be skipped. This module tries to enable the feature for these processes.

Requirement

Rooted Android 7.0+ devices with Magisk and Riru.

Build

Run gradle task :module:assembleMagiskRelease from Android Studio or command line, magisk module zip will be saved to module/build/outputs/magisk/.

Known Issues

  • Since Android 11, Google has removed /sbin and Magisk will use a random generated directory instead. Now this module hardcoded this path in code, so it may not work in Android 11.

Discussion

Credits

License

The project uses Magisk's source code, so its license follows Magisk's license.

Magisk, including all git submodules are free software:
you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
Issues
  • [Fixed] Chrome not working

    [Fixed] Chrome not working

    OS: Nougat Xposed: Rovo's 89

    Log:

    2021-03-06 00:14:39.002 9909-9909/? E/Zygote: Failed open(/system/framework/XposedBridge.jar, 0) : No such file or directory
    2021-03-06 00:14:39.045 9909-9909/? A/art: art/runtime/runtime.cc:404]   at com.android.internal.os.Zygote.nativeForkAndSpecialize [XposedOriginal](Native method)
    2021-03-06 00:14:39.045 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative!(Native method)
    2021-03-06 00:14:39.045 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
    2021-03-06 00:14:39.045 9909-9909/? A/art: art/runtime/runtime.cc:404]   at com.android.internal.os.Zygote.nativeForkAndSpecialize [XposedHooked](<Xposed>:-2)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at com.android.internal.os.Zygote.nativeForkAndSpecialize [XposedOriginal](Native method)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative!(Native method)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at com.android.internal.os.Zygote.nativeForkAndSpecialize [XposedHooked](<Xposed>:-2)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
    
    bug 
    opened by Stillhard 15
  • Momo shows

    Momo shows "environment is broken, service not responding"

    Hi bro i need a solution for this problem Momo shows "environment is broken, service not responding" Device : note 8 pro ( begonia ) - android 11 Miui china beta mod 21.11.10 Magisk : 24.1 stable Zygisk : yes Shamiko : flashed Everything is ok and i can't know the problem

    Screenshot_2022-02-21-03-35-59-783_io github vvb2060 mahoshojo

    not enough info spam 
    opened by maahmoudsamir 7
  • Hide

    Hide "Magisk su processes"

    Hiiii, Great app so far. The last thing It can't hide from "magisk detector" is "magisk su processes". Is there a way to hide it now?

    IMG_20210415_050140

    question not our issue 
    opened by Mark-Joy 6
  • Magisk24.1 MOMO 🤧

    Magisk24.1 MOMO 🤧

    I have issue in MOMO it shows checksum and boatloader unlocked while, zygisk is enable denylist is done, Shamiko installed yet facing this issue in magisk 24.1Screenshot_2022-02-23-16-50-13-216_io.github.vvb2060.mahoshojo.jpg

    not our issue 
    opened by aamirwaseem439 3
  • Documentation for Shamiko?

    Documentation for Shamiko?

    I have created config for it but it seems to not take any effect after reboot. Is there a documentation for Shamiko or it's pretty much same as Riru-MomoHider?

    question not our issue 
    opened by ghost 3
  • Init.rc test failed

    Init.rc test failed

    Hi, I'm running on a miatoll phone running arrowos (andorid 11) and magisk 23.0 + Riru 26.1.1.r500 + Momohider 0.0.7. I've created the empty files in /data/adb/modules/riru_momohider/config app_zygote_magic, initrc, isolated, magisk_tmp, setns if I run magiskdetector 2.3, su file, system file, selinux tests are passet, but the initrc is detected as modified by magisk.

    Do I miss something? or there is an issue? Hope someone could help me

    not our issue 
    opened by pippo73 3
  • [Fixed] Error in log can't unmount

    [Fixed] Error in log can't unmount

    2021-01-24 18:45:06.310 1349-2486/? D/AMS: isProcStartable in LRU io.github.vvb2060.magiskdetector return true
    2021-01-24 18:45:06.329 1349-2486/? I/ActivityManager: AMS: *** Start proc 4613:io.github.vvb2060.magiskdetector/u0i1 for service io.github.vvb2060.magiskdetector/.RemoteService
    2021-01-24 18:45:06.359 4613-4613/? I/IsolatedMagiskHider: Created isolated process 4613, starting magisk hide...
    2021-01-24 18:45:06.436 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/xbin)
    2021-01-24 18:45:06.486 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/usr/share/zoneinfo)
    2021-01-24 18:45:06.536 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/media/audio/ui)
    2021-01-24 18:45:06.577 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/lib64)
    2021-01-24 18:45:06.619 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/lib)
    2021-01-24 18:45:06.688 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/framework)
    2021-01-24 18:45:06.702 2392-2407/? D/GasService: FG app changed: from com.transsion.XOSLauncher to io.github.vvb2060.magiskdetector
    2021-01-24 18:45:06.727 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/etc/permissions)
    2021-01-24 18:45:06.767 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/bin)
    2021-01-24 18:45:06.807 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/sbin)
    2021-01-24 18:45:06.808 4613-4613/? E/IsolatedMagiskHider: hide_policy: can't unmount /system/etc/mkshrc: Permission denied
    2021-01-24 18:45:06.808 4613-4613/? I/IsolatedMagiskHider: Unmounted magisk file system.
    

    Is this a problem? @canyie

    bug 
    opened by Stillhard 3
  • next time, check your messages

    next time, check your messages

    instead of waiting 2 months and trolling me on telegram like a petualant child

    ive removed my mod from XDA, where i openly credited you for your original module and noted distinctly my additions to your script on that page, so that others could add it if they wanted, while i also attached a working module.

    that thread is one of the most active on XDA, and watched like a hawk for any post which dont make the grade or correctly credit people, and in 2 months no one saw an issue with my post.

    You decided to act like a child tonight on Telegram, so my post reflects that

    Enjoy whats now there explaining your poor behaviour:

    https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85187739

    Also as a reference see here in my own modules how i credit people, i did no different on that post AND i notified you, not my fault if you ignored it...

    https://github.com/stylemessiah/GPay-SQLite-Fix/blob/master/common/install.sh

    stupid spam 
    opened by stylemessiah 2
  • Need some guidance

    Need some guidance

    Firstly your module really highly appreciated. I have read troubleshoot and i know following detections are not related to this module

    SElinux rules are modified Partition mounted abnormally Art parameters are abnormal

    But as these problems are detected by momo can you please send me some relavent to stuff to study and fix these problems . Thankyou

    Device : Samsung A70 Rom : Offical Magisk version : 24.1 stable (zygisk enabled) Android version : 10 Modules : lsposed, shamiko, safetynet SElinux : enforce

    not our issue 
    opened by Abdullah3119 1
  • Crave TV issues

    Crave TV issues

    Crave TV can still detect root, and almost all setups I've tried also result in Momo showing "broken environment". I've tried variations of all following modules/toggles

    Riru-MomoHider (tried variations of all 4 settings) Riru-Unshare HideMyApplist (LSposed, with Magisk module) Magisk (newest pre-MagiskHide removal canary and latest canary with Zygisk) Universal SafetyNet Fix (UNSF) (2.2 and 2.1 accordingly for the proper Magisk version, also tried with this off on both Magisk versions however for 2.2 MagiskHide functionally is lost entirely without this module so even if that did work SafetyNet wouldn't pass which would defeat the purpose) Sui MagiskHide (as for UNSF even if disabling this could fix Momo I'd still fail SafetyNet without it so unless there's another fix for that won't be turning it off)

    I do not have any overlay modules installed to the best of my knowledge

    My main intention is to get Crave TV working however I'd also like to pass Momo, it has not for any config not stated "Device is rooted" when I try to watch a movie or TV show on it

    MagiskDetector passes all tests but init.rc at the moment (it fails that consistently, only passed it for 1 config that I can't reproduce. I'm fairly sure it was on latest Magisk)

    Device Info: OnePlus 7 Pro 12GB (GM1917) Latest Vendor crDroid 7.11 Official (Android 11)

    Please let me know if I've left anything out

    not our issue 
    opened by Nolij 1
  • Functions not working with Zygisk (Alpha Magisk)

    Functions not working with Zygisk (Alpha Magisk)

    Latest cb4361b7-alpha Magisk (which merges recent TJW commits) is all good for my RN8T with both Riru and Zygisk. But setns/isolated and app_zygote_magic Riru-MomoHider configurations are incompatible w/ Zygisk and cause instability / system crashes / loss of root.

    initrc-only configuration is stable / ok however.

    not our issue 
    opened by pndwal 1
Releases(0.0.8)
Owner
残页
残页
This is a experimental tool to hide process in FreeBSD

FreeBSD process hiding This is a experimental tool to hide process in FreeBSD. Requirements clang pkg install clang kernel modules git clone --depth=

Gabriel M. Dutra 4 Oct 18, 2021
A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.

WdToggle A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Creden

Outflank B.V. 196 Jul 18, 2022
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

FindObjects-BOF A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process

Outflank B.V. 241 Aug 2, 2022
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

hasherezade 1.4k Aug 8, 2022
Manage (Windows) processes from Garry's Mod.

gm_proc Manage (Windows) processes from Garry's Mod. Usage (success: bool, pid: number) Process.Start(path: string, parameters?: string, working_direc

Earu 4 Apr 20, 2022
A WIP decompilation of Dinosaur Planet for the Nintendo 64

Dinosaur Planet A WIP decompilation of Dinosaur Planet for the Nintendo 64 Note: To use this repository, you must already have a ROM for the game. OS:

null 128 Aug 10, 2022
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

Vulnerable Kext A WIP (work-in progress) "Vulnerable by Design" kext for iOS/macOS to play/learn with *OS kernel exploitation Usage Documentation can

Chaithu 218 Jul 16, 2022
Locate the current executable and the current module/library on the file system

Where Am I? A drop-in two files library to locate the current executable and the current module on the file system. Supported platforms: Windows Linux

Gregory Pakosz 366 Aug 7, 2022
Modify Android linker to provide loading module and hook function

fake-linker Chinese document click here Project description Modify Android linker to provide loading module and plt hook features.Please check the det

sanfengAndroid 194 Jul 19, 2022
Documenting the development of a simple first module.

Your First Module This guide will look at writing a complete module, with many common features in a reduced form. This includes the module initialisat

Open Multiplayer 16 Jun 3, 2021
Linux Kernel module-less implant (backdoor)

0 KOPYCAT - Linux Kernel module-less implant (backdoor) Usage $ make $ sudo insmod kopycat.ko insmod: ERROR: could not insert module kopycat.ko: Inapp

Ilya V. Matveychikov 47 Jul 20, 2022
An asynchronous directory file change watcher module for Windows, macOS and Linux wrapped for V

A V module for asynchronously watching for file changes in a directory. The module is essentially a wrapper for septag/dmon. It works for Windows, macOS and Linux.

null 16 Jul 29, 2022
Simple and lightweight pathname parser for C. This module helps to parse dirname, basename, filename and file extension .

Path Module For C File name and extension parsing functionality are removed because it's difficult to distinguish between a hidden dir (ex: .git) and

Prajwal Chapagain 3 Feb 25, 2022
zsh module for automatically compiling sourced files

Zinit Module Motivation The module is a binary Zsh module (think about zmodload Zsh command, it's that topic) which transparently and automatically co

zdharma-continuum 10 Jul 8, 2022
Python module to reduce a cmake file to an AST

CMake AST Status Travis CI (Ubuntu) AppVeyor (Windows) Coverage PyPI Licence cmake-ast has been tested against every single CMake module that ships wi

ポリ平方 POLYSQUARE 27 May 11, 2022
A Riru module tries to make Magisk more hidden.

Riru - MomoHider (aka IsolatedMagiskHider) Background Many applications now detect Magisk for security, Magisk provided "Magisk Hide" to hide the modi

残页 509 Aug 5, 2022
Inter-process communication library to enable allocation between processes/threads and send/receive of allocated regions between producers/consumer processes or threads using this ipc buffer.

This is a relatively simple IPC buffer that allows multiple processes and threads to share a dynamic heap allocator, designate "channels" between processes, and share that memory between producer/consumer pairs on those channels.

RaftLib 7 May 24, 2022
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

Stealthy Kernel-mode Injector Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation

Charlie Wolfe 87 Jul 22, 2022
A Nginx module which tries to implement proxy wasm ABI in Nginx.

Status This library is under construction. Description A Nginx module which tries to implement proxy wasm ABI in Nginx. Install dependencies Download

API7 77 Jul 23, 2022
一个magisk 的模块,简化版,依赖 riru,能够简单的hook,并且加载动态库,目前用来加载 frida 的gadget 库,从而使hook脱离命令行和server,并且能够在多进程中加载

1、说明 firda gadget 模式支持如下四种模式: Listen Connect Script ScriptDirectory 我没有全部测试,根据使用目的不同,我现在只需要最后一种,主要用于大规模手机部署hook功能,为了把 libgadget.so 注入到进程,所以选择了 magisk

Qiang 112 Aug 4, 2022
CMake module to enable code coverage easily and generate coverage reports with CMake targets.

CMake-codecov CMake module to enable code coverage easily and generate coverage reports with CMake targets. Include into your project To use Findcodec

HPC 77 Jul 3, 2022
Tundra is a code build system that tries to be accurate and fast for incremental builds

Tundra, a build system Tundra is a high-performance code build system designed to give the best possible incremental build times even for very large s

Andreas Fredriksson 372 Jul 17, 2022
A Header-Only Engine that tries to use SFML in a deeper level

⚙️ SFML-Low-Level-Engine ⚙️ A header-only library that tries to use SFML at a deeper level ?? Instalation Download the source code and put the GLD fol

!Gustavo! 4 Aug 27, 2021
This tries to be a minimal cmake example, that covers sources resources dependencies and packaging.

Minimal CMake Example This project tries to be a minimal cmake example. It covers sources, resources, dependencies and packaging. I created this proje

Arne Döring 154 Jul 24, 2022
Hide skip button in cutscenes in Max Payne 3

MaxPayne3.FusionFix This is a small project intended to add ability to hide button in Max Payne 3. Additionally, added an option to increase the size

Sergey P. 25 Jun 30, 2022
A program that allows you to hide certain windows when sharing your full screen

Invisiwind Invisiwind (short for Invisible Window) is an application that allows you to hide certain windows when sharing your full screen.

Joshua T. 59 Jul 16, 2022
Hide SMBIOS/disk/NIC serials from EFI bootkit

Rainbow Rainbow is a bootkit like HWID spoofer for Windows. It abuses several hooks in EFI runtime services and uses clever DKOM to hide hardware seri

Samuel Tulach 162 Aug 2, 2022
Inject dll to explorer.exe and hide file from process.

Hide-FS Inject dll to explorer.exe and hide file from process. Requierments: Microsoft Detours Library - https://github.com/microsoft/Detours Compile:

null 12 Jun 17, 2022
Linux rootkit used to hide a cryptominer process and CPU usage.

Linux rootkit used to hide a cryptominer process and CPU usage.

Alfon 38 Aug 7, 2022