[WIP] A Riru module tries to enable Magisk hide for isolated processes.

Overview

Riru-IsolatedMagiskHider

Background

Many applications now detect Magisk for security, Magisk provided "Magisk Hide" to prevent detection, but isolated processes and app zygotes will be skipped. This module tries to enable the feature for these processes.

Requirement

Rooted Android 7.0+ devices with Magisk and Riru.

Build

Run gradle task :module:assembleMagiskRelease from Android Studio or command line, magisk module zip will be saved to module/build/outputs/magisk/.

Known Issues

  • Since Android 11, Google has removed /sbin and Magisk will use a random generated directory instead. Now this module hardcoded this path in code, so it may not work in Android 11.

Discussion

Credits

License

The project uses Magisk's source code, so its license follows Magisk's license.

Magisk, including all git submodules are free software:
you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
Comments
  • [Fixed] Chrome not working

    [Fixed] Chrome not working

    OS: Nougat Xposed: Rovo's 89

    Log:

    2021-03-06 00:14:39.002 9909-9909/? E/Zygote: Failed open(/system/framework/XposedBridge.jar, 0) : No such file or directory
    2021-03-06 00:14:39.045 9909-9909/? A/art: art/runtime/runtime.cc:404]   at com.android.internal.os.Zygote.nativeForkAndSpecialize [XposedOriginal](Native method)
    2021-03-06 00:14:39.045 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative!(Native method)
    2021-03-06 00:14:39.045 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
    2021-03-06 00:14:39.045 9909-9909/? A/art: art/runtime/runtime.cc:404]   at com.android.internal.os.Zygote.nativeForkAndSpecialize [XposedHooked](<Xposed>:-2)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at com.android.internal.os.Zygote.nativeForkAndSpecialize [XposedOriginal](Native method)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative!(Native method)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at com.android.internal.os.Zygote.nativeForkAndSpecialize [XposedHooked](<Xposed>:-2)
    2021-03-06 00:14:39.046 9909-9909/? A/art: art/runtime/runtime.cc:404]   at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
    
    bug 
    opened by Stillhard 15
  • Momo shows

    Momo shows "environment is broken, service not responding"

    Hi bro i need a solution for this problem Momo shows "environment is broken, service not responding" Device : note 8 pro ( begonia ) - android 11 Miui china beta mod 21.11.10 Magisk : 24.1 stable Zygisk : yes Shamiko : flashed Everything is ok and i can't know the problem

    Screenshot_2022-02-21-03-35-59-783_io github vvb2060 mahoshojo

    not enough info spam 
    opened by maahmoudsamir 7
  • Hide

    Hide "Magisk su processes"

    Hiiii, Great app so far. The last thing It can't hide from "magisk detector" is "magisk su processes". Is there a way to hide it now?

    IMG_20210415_050140

    question not our issue 
    opened by Mark-Joy 6
  • [Only in Momo 4.4.1] Found Zygisk

    [Only in Momo 4.4.1] Found Zygisk

    Hi, I updated Momo to v4.4.1 and get the "Found Zygisk" warning, but it wasn't detected in previous versions. What has changed, and how to hide zygisk ? Thanks for your help Screenshot_20220824-150542_Momo

    not our issue 
    opened by j0110 3
  • Magisk24.1 MOMO 🤧

    Magisk24.1 MOMO 🤧

    I have issue in MOMO it shows checksum and boatloader unlocked while, zygisk is enable denylist is done, Shamiko installed yet facing this issue in magisk 24.1Screenshot_2022-02-23-16-50-13-216_io.github.vvb2060.mahoshojo.jpg

    not our issue 
    opened by aamirwaseem439 3
  • Documentation for Shamiko?

    Documentation for Shamiko?

    I have created config for it but it seems to not take any effect after reboot. Is there a documentation for Shamiko or it's pretty much same as Riru-MomoHider?

    question not our issue 
    opened by ghost 3
  • Init.rc test failed

    Init.rc test failed

    Hi, I'm running on a miatoll phone running arrowos (andorid 11) and magisk 23.0 + Riru 26.1.1.r500 + Momohider 0.0.7. I've created the empty files in /data/adb/modules/riru_momohider/config app_zygote_magic, initrc, isolated, magisk_tmp, setns if I run magiskdetector 2.3, su file, system file, selinux tests are passet, but the initrc is detected as modified by magisk.

    Do I miss something? or there is an issue? Hope someone could help me

    not our issue 
    opened by pippo73 3
  • [Fixed] Error in log can't unmount

    [Fixed] Error in log can't unmount

    2021-01-24 18:45:06.310 1349-2486/? D/AMS: isProcStartable in LRU io.github.vvb2060.magiskdetector return true
    2021-01-24 18:45:06.329 1349-2486/? I/ActivityManager: AMS: *** Start proc 4613:io.github.vvb2060.magiskdetector/u0i1 for service io.github.vvb2060.magiskdetector/.RemoteService
    2021-01-24 18:45:06.359 4613-4613/? I/IsolatedMagiskHider: Created isolated process 4613, starting magisk hide...
    2021-01-24 18:45:06.436 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/xbin)
    2021-01-24 18:45:06.486 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/usr/share/zoneinfo)
    2021-01-24 18:45:06.536 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/media/audio/ui)
    2021-01-24 18:45:06.577 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/lib64)
    2021-01-24 18:45:06.619 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/lib)
    2021-01-24 18:45:06.688 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/framework)
    2021-01-24 18:45:06.702 2392-2407/? D/GasService: FG app changed: from com.transsion.XOSLauncher to io.github.vvb2060.magiskdetector
    2021-01-24 18:45:06.727 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/etc/permissions)
    2021-01-24 18:45:06.767 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/system/bin)
    2021-01-24 18:45:06.807 4613-4613/? D/IsolatedMagiskHider: hide_policy: Unmounted (/sbin)
    2021-01-24 18:45:06.808 4613-4613/? E/IsolatedMagiskHider: hide_policy: can't unmount /system/etc/mkshrc: Permission denied
    2021-01-24 18:45:06.808 4613-4613/? I/IsolatedMagiskHider: Unmounted magisk file system.
    

    Is this a problem? @canyie

    bug 
    opened by Stillhard 3
  • next time, check your messages

    next time, check your messages

    instead of waiting 2 months and trolling me on telegram like a petualant child

    ive removed my mod from XDA, where i openly credited you for your original module and noted distinctly my additions to your script on that page, so that others could add it if they wanted, while i also attached a working module.

    that thread is one of the most active on XDA, and watched like a hawk for any post which dont make the grade or correctly credit people, and in 2 months no one saw an issue with my post.

    You decided to act like a child tonight on Telegram, so my post reflects that

    Enjoy whats now there explaining your poor behaviour:

    https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/post-85187739

    Also as a reference see here in my own modules how i credit people, i did no different on that post AND i notified you, not my fault if you ignored it...

    https://github.com/stylemessiah/GPay-SQLite-Fix/blob/master/common/install.sh

    stupid spam 
    opened by stylemessiah 2
  • Need some guidance

    Need some guidance

    Firstly your module really highly appreciated. I have read troubleshoot and i know following detections are not related to this module

    SElinux rules are modified Partition mounted abnormally Art parameters are abnormal

    But as these problems are detected by momo can you please send me some relavent to stuff to study and fix these problems . Thankyou

    Device : Samsung A70 Rom : Offical Magisk version : 24.1 stable (zygisk enabled) Android version : 10 Modules : lsposed, shamiko, safetynet SElinux : enforce

    not our issue 
    opened by Abdullah3119 1
  • Crave TV issues

    Crave TV issues

    Crave TV can still detect root, and almost all setups I've tried also result in Momo showing "broken environment". I've tried variations of all following modules/toggles

    Riru-MomoHider (tried variations of all 4 settings) Riru-Unshare HideMyApplist (LSposed, with Magisk module) Magisk (newest pre-MagiskHide removal canary and latest canary with Zygisk) Universal SafetyNet Fix (UNSF) (2.2 and 2.1 accordingly for the proper Magisk version, also tried with this off on both Magisk versions however for 2.2 MagiskHide functionally is lost entirely without this module so even if that did work SafetyNet wouldn't pass which would defeat the purpose) Sui MagiskHide (as for UNSF even if disabling this could fix Momo I'd still fail SafetyNet without it so unless there's another fix for that won't be turning it off)

    I do not have any overlay modules installed to the best of my knowledge

    My main intention is to get Crave TV working however I'd also like to pass Momo, it has not for any config not stated "Device is rooted" when I try to watch a movie or TV show on it

    MagiskDetector passes all tests but init.rc at the moment (it fails that consistently, only passed it for 1 config that I can't reproduce. I'm fairly sure it was on latest Magisk)

    Device Info: OnePlus 7 Pro 12GB (GM1917) Latest Vendor crDroid 7.11 Official (Android 11)

    Please let me know if I've left anything out

    not our issue 
    opened by Nolij 1
  • Bounty for maintain the opensource magisk hider

    Bounty for maintain the opensource magisk hider

    I really appreciated your effort in making the open source app fight against root detection. I highly dislike the behaviour of shamiko to make it not only closed source, but also no code audit at all. I saw you recently pushed some commits, so I guess you are still interested in this project. I offer a $100 bounty, for now, to keep this project updated. I believe there are more people demanding this and are willing to offer more. I will pay in one of the following methods if you can make this work for zygisk: Liberapay, Bountysource, XMR and USDT trc20. Thanks for your effort.

    opened by himekifee 3
Releases(0.0.8)
Owner
残页
残页
This is a experimental tool to hide process in FreeBSD

FreeBSD process hiding This is a experimental tool to hide process in FreeBSD. Requirements clang pkg install clang kernel modules git clone --depth=

Gabriel M. Dutra 4 Oct 18, 2021
A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.

WdToggle A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Creden

Outflank B.V. 205 Dec 3, 2022
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

FindObjects-BOF A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process

Outflank B.V. 247 Dec 28, 2022
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

hasherezade 1.5k Jan 4, 2023
Manage (Windows) processes from Garry's Mod.

gm_proc Manage (Windows) processes from Garry's Mod. Usage (success: bool, pid: number) Process.Start(path: string, parameters?: string, working_direc

Earu 4 Apr 20, 2022
A WIP decompilation of Dinosaur Planet for the Nintendo 64

Dinosaur Planet A WIP decompilation of Dinosaur Planet for the Nintendo 64 Note: To use this repository, you must already have a ROM for the game. OS:

null 133 Dec 30, 2022
A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

Vulnerable Kext A WIP (work-in progress) "Vulnerable by Design" kext for iOS/macOS to play/learn with *OS kernel exploitation Usage Documentation can

Chaithu 221 Dec 11, 2022
Locate the current executable and the current module/library on the file system

Where Am I? A drop-in two files library to locate the current executable and the current module on the file system. Supported platforms: Windows Linux

Gregory Pakosz 382 Dec 27, 2022
Modify Android linker to provide loading module and hook function

fake-linker Chinese document click here Project description Modify Android linker to provide loading module and plt hook features.Please check the det

sanfengAndroid 216 Jan 4, 2023
Documenting the development of a simple first module.

Your First Module This guide will look at writing a complete module, with many common features in a reduced form. This includes the module initialisat

Open Multiplayer 16 Jun 3, 2021
Linux Kernel module-less implant (backdoor)

0 KOPYCAT - Linux Kernel module-less implant (backdoor) Usage $ make $ sudo insmod kopycat.ko insmod: ERROR: could not insert module kopycat.ko: Inapp

Ilya V. Matveychikov 52 Dec 28, 2022
An asynchronous directory file change watcher module for Windows, macOS and Linux wrapped for V

A V module for asynchronously watching for file changes in a directory. The module is essentially a wrapper for septag/dmon. It works for Windows, macOS and Linux.

null 18 Dec 14, 2022
Simple and lightweight pathname parser for C. This module helps to parse dirname, basename, filename and file extension .

Path Module For C File name and extension parsing functionality are removed because it's difficult to distinguish between a hidden dir (ex: .git) and

Prajwal Chapagain 3 Feb 25, 2022
zsh module for automatically compiling sourced files

Zinit Module Motivation The module is a binary Zsh module (think about zmodload Zsh command, it's that topic) which transparently and automatically co

zdharma-continuum 13 Dec 25, 2022
Python module to reduce a cmake file to an AST

CMake AST Status Travis CI (Ubuntu) AppVeyor (Windows) Coverage PyPI Licence cmake-ast has been tested against every single CMake module that ships wi

ポリ平方 POLYSQUARE 29 Sep 14, 2022
A Riru module tries to make Magisk more hidden.

Riru - MomoHider (aka IsolatedMagiskHider) Background Many applications now detect Magisk for security, Magisk provided "Magisk Hide" to hide the modi

残页 560 Dec 27, 2022
Inter-process communication library to enable allocation between processes/threads and send/receive of allocated regions between producers/consumer processes or threads using this ipc buffer.

This is a relatively simple IPC buffer that allows multiple processes and threads to share a dynamic heap allocator, designate "channels" between processes, and share that memory between producer/consumer pairs on those channels.

RaftLib 8 Aug 20, 2022
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

Stealthy Kernel-mode Injector Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation

Charlie Wolfe 137 Jan 3, 2023
A Nginx module which tries to implement proxy wasm ABI in Nginx.

Status This library is under construction. Description A Nginx module which tries to implement proxy wasm ABI in Nginx. Install dependencies Download

API7 104 Dec 29, 2022
一个magisk 的模块,简化版,依赖 riru,能够简单的hook,并且加载动态库,目前用来加载 frida 的gadget 库,从而使hook脱离命令行和server,并且能够在多进程中加载

1、说明 firda gadget 模式支持如下四种模式: Listen Connect Script ScriptDirectory 我没有全部测试,根据使用目的不同,我现在只需要最后一种,主要用于大规模手机部署hook功能,为了把 libgadget.so 注入到进程,所以选择了 magisk

Qiang 135 Dec 6, 2022