diff --git a/post-fs-data.sh b/post-fs-data.sh index 70ee7a6..6591666 100755 --- a/post-fs-data.sh +++ b/post-fs-data.sh @@ -23,6 +23,7 @@ FACTORY_TEST_MODE=0 USB_DIAG_MODE=0 HIDDEN_MENUS=0 MODEM_LOG=0 +STEALTH_MODE=0 WIFI_MODE=managed # Kernel modules to load (space-separated) @@ -150,6 +151,41 @@ if [ "$DETECTED_SOC" = "tensor" ]; then fi fi +############################# +# Stealth mode +############################# + +if [ "$STEALTH_MODE" = "1" ]; then + # Use resetprop -n to set props without triggering property_service + # This makes changes invisible to apps querying via __system_property_find + for prop in ro.build.type ro.debuggable ro.secure ro.adb.secure \ + ro.factorytest persist.sys.factorytest; do + val=$(getprop "$prop" 2>/dev/null) + [ -n "$val" ] && resetprop -n "$prop" "$val" 2>/dev/null + done + + # SUSFS path hiding — hide module directory from filesystem enumeration + # Requires KernelSU-Next with SUSFS enabled + if command -v ksud >/dev/null 2>&1; then + # Hide our module directory + ksud susfs add_sus_path "$MODDIR" 2>/dev/null + # Hide config directory + ksud susfs add_sus_path "$CONFIG_DIR" 2>/dev/null + # Hide kernel module device nodes + ksud susfs add_sus_path /dev/rc_shannon 2>/dev/null + ksud susfs add_sus_path /dev/rc_diag 2>/dev/null + # Hide sysfs status + ksud susfs add_sus_path /sys/kernel/rc_wifi_mon 2>/dev/null + fi + + # Hide kernel modules from /proc/modules (SUSFS ksu_sus_kstat) + if [ -f /proc/susfs_sus_kstat ]; then + for mod in rc_wifi_mon rc_shannon_cmd rc_diag_bridge; do + echo "$mod" > /proc/susfs_sus_kstat 2>/dev/null + done + fi +fi + ############################# # Mount debugfs if needed ############################# diff --git a/system/bin/radiocontrol b/system/bin/radiocontrol index 7f29df1..c775261 100755 --- a/system/bin/radiocontrol +++ b/system/bin/radiocontrol @@ -173,6 +173,7 @@ get_current_config() { "usb_diag_mode": "${USB_DIAG_MODE:-0}", "hidden_menus": "${HIDDEN_MENUS:-0}", "modem_log": "${MODEM_LOG:-0}", + "stealth_mode": "${STEALTH_MODE:-0}", "wifi_mode": "${WIFI_MODE:-managed}", "load_modules": "${LOAD_MODULES:-}", "detected_soc": "$soc" @@ -252,7 +253,7 @@ update_config() { local key="$1" val="$2" case "$key" in - ENGINEERING_MODE|FACTORY_TEST_MODE|USB_DIAG_MODE|HIDDEN_MENUS|MODEM_LOG) + ENGINEERING_MODE|FACTORY_TEST_MODE|USB_DIAG_MODE|HIDDEN_MENUS|MODEM_LOG|STEALTH_MODE) case "$val" in 0|1) ;; *) echo '{"ok":false,"error":"invalid value"}'; return ;; esac ;; WIFI_MODE) case "$val" in managed|monitor|injection|mesh|ap) ;; *) echo '{"ok":false,"error":"invalid mode"}'; return ;; esac ;; diff --git a/webroot/index.html b/webroot/index.html index 967de60..8bc53e9 100644 --- a/webroot/index.html +++ b/webroot/index.html @@ -65,6 +65,13 @@ +
+
+
Stealth Mode
+
Hide prop changes from detection, SUSFS hide module files and .ko modules
+
+ +
diff --git a/webroot/js/app.js b/webroot/js/app.js index 73cb1a5..5783546 100644 --- a/webroot/js/app.js +++ b/webroot/js/app.js @@ -62,6 +62,7 @@ async function loadRadio() { setToggle('toggle-hidden', config.hidden_menus); setToggle('toggle-diag', config.usb_diag_mode); setToggle('toggle-modem', config.modem_log); + setToggle('toggle-stealth', config.stealth_mode); updateChips(); @@ -814,6 +815,7 @@ document.addEventListener('DOMContentLoaded', () => { document.getElementById('toggle-hidden')?.addEventListener('change', function() { handleToggle('HIDDEN_MENUS', this); }); document.getElementById('toggle-diag')?.addEventListener('change', function() { handleToggle('USB_DIAG_MODE', this); }); document.getElementById('toggle-modem')?.addEventListener('change', function() { handleToggle('MODEM_LOG', this); }); + document.getElementById('toggle-stealth')?.addEventListener('change', function() { handleToggle('STEALTH_MODE', this); }); // WiFi mode buttons document.querySelectorAll('.mode-btn').forEach(btn =>