Naomi Rennie-Waldock

Performance hit from this should be basically none. @pylerSM: Need to use the absolute path for it. I'm attempting to test it, but it causes root inspector to crash at...

@hahaopsmeow: We're not modifying the environment directly, we're telling Android to run the app in a wrapper. Which is documented in the debugging native code Android docs. @pylerSM: What Android...

I'll do some testing in the emulator when I've got time. Android is supposed to still allow it as it's needed for debugging memory leaks in native apps. If I...

For the emulator, I had to use this, otherwise I got the same error as my S5. /data/local/rootcloak-wrapper.sh (make sure to chmod 755): ``` #!/system/bin/sh export LD_PRELOAD=/data/local/librootcloak.so exec $* ```...

I tested a game to see how it detects xposed and got a lots of logged fopen calls, yes. Other functions that'd need to be wrapped are stat() as some...

Working for me in the emulator: ``` 130|root@generic_x86_64:/ # logcat -c; logcat | grep ROOTCLOAK 07-14 19:49:30.991 3350 3375 I ROOTCLOAK: path /system/xbin/su, mode r 07-14 19:49:31.005 3377 3377 I...

Here's my current source I'm testing: ``` #define _GNU_SOURCE // stat #include #include #include // fopen #include // readdir #include // Required by all #include #include #include FILE *fopen(const char...

Yeah, I think hooking getInstalledPackages() from java would be better than patching exec https://github.com/NHellFire/librootcloak there's the full source I'm working with.

Yeah, fstat isn't needed. File would first have to be opened by open/fopen (or similar).. and we're just patching them to return "does not exist".

Hmm, it worked fine for me. I'll do some testing, see if I can reproduce it On 25 Jul 2016 13:51, "pyler" [email protected] wrote: > temporary workaround is just comment...