I think they're just pushing more people to unlock the bootloader at this point, well i still don't understand why adding this to AOSP, it's not even an Android thing, should've been always in Google Play Protect or anything similar.
❤16😢4🤣3👍2🤔1
After 3 days of fighting, my PC stopped working, thanks to stupid Microsoft Windows, now I'm forced to stop maintaining all of my projects for a long time until i find a fix for that.
Not including a potential for full data erase, it sucked why didn't i think of using Linux instead.. (because when i bought the PC it was already set up ready with drivers installed duh..)
If you have any good ideas for cloning data from/to SSDs of windows, feel free to, because thankfully i don't have any DE enabled, so i can still see & manage or use my data in meanwhile..
Not including a potential for full data erase, it sucked why didn't i think of using Linux instead.. (because when i bought the PC it was already set up ready with drivers installed duh..)
If you have any good ideas for cloning data from/to SSDs of windows, feel free to, because thankfully i don't have any DE enabled, so i can still see & manage or use my data in meanwhile..
😢36💔5❤4😁2
NoHello KPM finally fixed delayed syscall detection for 4.18 <
after long fight ofc
after long fight ofc
🔥31👍8❤4👏3🤣3
Nohello-v1.0.0-13-6106b0a-release.kpm
146.4 KB
NoHello KPM 1.0.0 Official Release
- Major re-factors done, re-wrote base code for syscall attack fix.
- Re-wrote log messages, track NoHello with tag "[NoHello::", the next field is the func, and rest is the arguments or message from KPM.
- Supports more kernels (4.19/5.4)
- Supports more kernels (4.18 and below)
- Fixed bootloop introduced in some releases when embedding.
- Added another workaround to find original symbol for syscalls.
- Fixed an issue where unhooking compat syscalls didn't work.
- Added emoji state support for better visual debugging and error tracking.
- Fixed race condition issue while registering hooks.
mhmrdd | GitHub
- Major re-factors done, re-wrote base code for syscall attack fix.
- Re-wrote log messages, track NoHello with tag "[NoHello::", the next field is the func, and rest is the arguments or message from KPM.
- Supports more kernels (4.19/5.4)
- Supports more kernels (4.18 and below)
- Fixed bootloop introduced in some releases when embedding.
- Added another workaround to find original symbol for syscalls.
- Fixed an issue where unhooking compat syscalls didn't work.
- Added emoji state support for better visual debugging and error tracking.
- Fixed race condition issue while registering hooks.
SHA256: 4072617b516930bd4b0a42b65997e0527e98f9ab004654636ca091c12e18bfb3
mhmrdd | GitHub
1🔥45❤26👏3❤🔥2😐2💋1
4.18 and below still haven't implemented the unloading feature correctly, please wait for further updates..
1🔥24❤3
I don't think you reserve the right of using this name once it was already taken, advising the owner of this module to change it asap.
i don't understand how someone can take a publicly given idea into your name with no credit to original post and also taking a name that's already being used previously ?
And yet still TrickyDRM (the original developed module) was designed not for this only but for extra advanced futures to get keybox and crypto scheme management, etc...
i don't understand how someone can take a publicly given idea into your name with no credit to original post and also taking a name that's already being used previously ?
And yet still TrickyDRM (the original developed module) was designed not for this only but for extra advanced futures to get keybox and crypto scheme management, etc...
1🤯18❤6🤣4
NH KPM's next update might come with the capability to hide zygisk modules that stay after postAppSpecialize (like ZygiskBackdoor, Zygisk LSPosed, ...)
This comes only to ZygiskNext users, when the process passes context to untrusted_app where NH will use /data/adb/zygisksu/modules_info to automatically locate vma pages to free in order to avoid injection detection.
However this is not a definitive fix, the module must not intentionally reveal its existence, for example hooking func where the pointer goes to a looking-like deallocated memory, or when the address of the library is too predictable (to fix, mmap first argument needs to be randomized).
Another detection is when there are LDR/STR attempts to access specific memory addresses (page aligned).
so in the end if there's a library with --xp prots, it's extremely impossible to detect it.
pages for .rodata & .bss could be relocated as malloc pages, which cannot be traced from the original code allocator.
This comes only to ZygiskNext users, when the process passes context to untrusted_app where NH will use /data/adb/zygisksu/modules_info to automatically locate vma pages to free in order to avoid injection detection.
However this is not a definitive fix, the module must not intentionally reveal its existence, for example hooking func where the pointer goes to a looking-like deallocated memory, or when the address of the library is too predictable (to fix, mmap first argument needs to be randomized).
Another detection is when there are LDR/STR attempts to access specific memory addresses (page aligned).
so in the end if there's a library with --xp prots, it's extremely impossible to detect it.
pages for .rodata & .bss could be relocated as malloc pages, which cannot be traced from the original code allocator.
1🤔21🔥15❤10👍7💅4👎1
NH KPM slowly started binding some fn(s) from Cherish Peekaboo, it's expected to conflict in newer versions.
But in future, i expect to completely embed a working root hiding support in NH KPM.
But in future, i expect to completely embed a working root hiding support in NH KPM.
1❤50👍7🤮2
Cherish Peekaboo is not cross-kernel supported, after I've done some research, there are unsafe hook placed, where some kernel optimization will lead to branch to addr of hooks made, this causes Kernel Panic.
NH KPM, fixed this in production, so future versions of NH KPM will be far better than Cherish Peekaboo.
NH KPM, fixed this in production, so future versions of NH KPM will be far better than Cherish Peekaboo.
1🔥51👍17❤9🤣5🤮3👏2🥰1
major updates are coming, the README.md is soo long..
here's in summary what is being added in the next NH update phase:
- Ability to reverse instructions in arm64 (built-in embedded arm64 disassembler)
- Ability to track function argument struct pointers (UNSTABLE: managing the flow of funcs that are compiled in dif kernels with various flags is tough task, thus testings are involved...)
- Added more symbol resolutions & symbols for structs reversal.
- Preparation for hacking mappings (vma & mm_rb): initial tests conducted succeeded, advancing..
- Support ZN: now reads modules_info (need policy "allow kernel adb_data_file file *") & parses ino & dev & arch for map trace cleaning.
- New hook point: cap_task_fix_setuid (from Cherish Peekaboo, correct impl/ensures no panic due to bad func branch impl)
- more....
Just saying this is a lot already for an update, expect some devices to drop support, like v6.1+ kernels (later to add) and others whose arm64 tracker fails to find some data necessary for runtime.
here's in summary what is being added in the next NH update phase:
- Ability to reverse instructions in arm64 (built-in embedded arm64 disassembler)
- Ability to track function argument struct pointers (UNSTABLE: managing the flow of funcs that are compiled in dif kernels with various flags is tough task, thus testings are involved...)
- Added more symbol resolutions & symbols for structs reversal.
- Preparation for hacking mappings (vma & mm_rb): initial tests conducted succeeded, advancing..
- Support ZN: now reads modules_info (need policy "allow kernel adb_data_file file *") & parses ino & dev & arch for map trace cleaning.
- New hook point: cap_task_fix_setuid (from Cherish Peekaboo, correct impl/ensures no panic due to bad func branch impl)
- more....
Just saying this is a lot already for an update, expect some devices to drop support, like v6.1+ kernels (later to add) and others whose arm64 tracker fails to find some data necessary for runtime.
👍43❤14🔥8👎3👏2
mhmrdd
major updates are coming, the README.md is soo long.. here's in summary what is being added in the next NH update phase: - Ability to reverse instructions in arm64 (built-in embedded arm64 disassembler) - Ability to track function argument struct pointers…
The update has been rethought, therefore cancelling the way unmapping zygisk works, trying to follow more of an indirect way because the original plan had too many complex situations where it involved rewriting the kernel, which is why it got discontinued (although it had some progress, but yeah it got cancelled).
👍21😢7👎2🙏2❤1
Nohello-v1.8.1-46-3a25945-release.kpm
456.6 KB
NoHello KPM 1.8.1 Release
- Major upgrade to the code base adding custom disassembler, instrument emulator for arm64 instructions.
- Added CFG (Control Flow Graph), VT (vartracker), PF (path finding) basic plugin components for arm64 disasm.
- Added most capable register tracker (for structs) for maximum accuracy.
- Fixed an issue where it ran into infinite recursion in some situations.
- Improved analysis quality.
- Fixed potential memory leak in arm64_tracker system.
- Major refactor on arm64_tracker, switched from consuming to saving via binary tree.
- Added stack based store list for stack based tracing in arm64_tracker.
- Enhance capability to track rb_root/rb_node by container_of behaviour (not accurate if rb_node is placed as first member or when __randomize_layout).
- Updated disassembler framework for better accuracy.
- Added first attempt on discover task struct for sym 'get_task_mm'.
- Now parses most basic necessary structs for functionality.
- Now capable of attaching to processes memory and attach modifications to mappings.
- Fix an issue related to vm_area_struct offset finding for 5.10
- Fixed an issue regarding symbol resolution due to some llvm deambiguation.
> Run :
- Load the KPM, and upload logs.
If kernel panic, upload
Verified kernels:
✅ 5.15.149
❌ 6.1.0+
mhmrdd | GitHub
- Major upgrade to the code base adding custom disassembler, instrument emulator for arm64 instructions.
- Added CFG (Control Flow Graph), VT (vartracker), PF (path finding) basic plugin components for arm64 disasm.
- Added most capable register tracker (for structs) for maximum accuracy.
- Fixed an issue where it ran into infinite recursion in some situations.
- Improved analysis quality.
- Fixed potential memory leak in arm64_tracker system.
- Major refactor on arm64_tracker, switched from consuming to saving via binary tree.
- Added stack based store list for stack based tracing in arm64_tracker.
- Enhance capability to track rb_root/rb_node by container_of behaviour (not accurate if rb_node is placed as first member or when __randomize_layout).
- Updated disassembler framework for better accuracy.
- Added first attempt on discover task struct for sym 'get_task_mm'.
- Now parses most basic necessary structs for functionality.
- Now capable of attaching to processes memory and attach modifications to mappings.
- Fix an issue related to vm_area_struct offset finding for 5.10
- Fixed an issue regarding symbol resolution due to some llvm deambiguation.
> Run :
sudo su
dmesg -c > /sdcard/dmsg.log
- Load the KPM, and upload logs.
If kernel panic, upload
console-ramoops* from /sys/fs/pstoreVerified kernels:
✅ 5.15.149
❌ 6.1.0+
SHA256: 6327d12ca6100df40c34ebfaf81ef653ff8c971f7b81a7d9bece02f14ffb2939
mhmrdd | GitHub
❤30🔥5👎2🤔2🥰1
first try to load, if it works fine then embed, otherwise, if it doesn't work (device shutdown/freeze) upload /sys/fs/pstore/console-ramoops* (if not empty) or mention your kernel version and device model in the chat.
❤3
Nohello-v1.8.2-48-f824968-release.kpm
456.7 KB
NoHello KPM 1.8.2 Release
- Added safe case treatment to discovery.
- Enhanced verbosing to locate more issues faster & provide easier fixes.
> To upload logs:
- Load KPM, and immediately run the command:
and upload
If kernel panic, upload console-ramoops* from /sys/fs/pstore
mhmrdd | GitHub
- Added safe case treatment to discovery.
- Enhanced verbosing to locate more issues faster & provide easier fixes.
> To upload logs:
- Load KPM, and immediately run the command:
sudo su
dmesg -c > /sdcard/dmsg.log
and upload
dmsg.log file.If kernel panic, upload console-ramoops* from /sys/fs/pstore
SHA256: 706f361aa58767311d5e1eadd161767b9e05ebb33e0ee987cef65e2f32d0344039
mhmrdd | GitHub
❤59👍7👎3😁1
The latest TrickyStore update that has introduced
seems a nerf for cheaters or whatever other things people do.
persistent keys are stored & used to uniquely identify the users within the device, a fraudulent device will just mark the persistent key, and will be used to judge future actions made by the user in the victim app.
key.db
seems a nerf for cheaters or whatever other things people do.
persistent keys are stored & used to uniquely identify the users within the device, a fraudulent device will just mark the persistent key, and will be used to judge future actions made by the user in the victim app.
👍41❤7💯1
v1.8.2 of NoHello KPM was kinda unstable that time, apologies for the amount of bootloops that happened, therefore v1.8.2.9 does exist and it's close to being released, join the group and test the pinned version, so any issues will be fixed before the final release.
- - -
NoHello KPM v1.8.2 之前的表现不太稳定,对于造成的无限重启 (bootloops) 问题,深感抱歉。因此,v1.8.2.9 版本现已准备就绪,即将发布。请加入群组并测试置顶版本,以便我们在正式发布前修复所有问题。
- - -
NoHello KPM v1.8.2 之前的表现不太稳定,对于造成的无限重启 (bootloops) 问题,深感抱歉。因此,v1.8.2.9 版本现已准备就绪,即将发布。请加入群组并测试置顶版本,以便我们在正式发布前修复所有问题。
👍46❤8🤯2🔥1