Add boot timing and AVB/Play Integrity evasion
Boot timing system defers all modifications until after Play Integrity first attestation completes. Monitors DroidGuard (com.google.android.gms.unstable) CPU activity to detect attestation window. PI watcher daemon auto-hides mods during periodic re-checks — unmounts spoofs, removes non-stock props, ensures boot state reads green/locked/enforcing, then re-applies after check finishes. post-fs-data.sh cleaned to only set stock-safe props during early boot. KernelSU version props hidden. WebUI boot timing panel with hide/unhide controls.
This commit is contained in:
sssnake
31
service.sh
31
service.sh
@@ -39,6 +39,30 @@ GPU=$(getprop ro.hardware.egl)
|
||||
|
||||
mlog "Boot complete. Device=$DEVICE SoC=$SOC Platform=$PLATFORM API=$API GPU=$GPU"
|
||||
|
||||
# =================================================================
|
||||
# BOOT TIMING — Wait for Play Integrity before applying mods
|
||||
# =================================================================
|
||||
# If boot timing is enabled, we hand off to boot_timing.sh which:
|
||||
# 1. Spoofs boot props (green/locked/enforcing)
|
||||
# 2. Waits for first Play Integrity attestation to finish
|
||||
# 3. THEN applies all our modifications
|
||||
# 4. Starts a watcher that hides mods during future PI checks
|
||||
#
|
||||
# If disabled, mods apply immediately (faster but less stealthy)
|
||||
|
||||
BOOT_TIMING=$(cat "$CONFDIR/boot_timing" 2>/dev/null || echo "0")
|
||||
|
||||
if [ "$BOOT_TIMING" = "1" ]; then
|
||||
mlog "Boot timing enabled — deferring mods until after PI attestation"
|
||||
# Spoof boot props NOW (safe, just props)
|
||||
sh "$MODDIR/scripts/boot_timing.sh" run &
|
||||
TIMING_PID=$!
|
||||
echo "$TIMING_PID" > "$MODDIR/run/boot_timing.pid"
|
||||
mlog "Boot timing daemon started (PID $TIMING_PID)"
|
||||
# The rest of this script still runs to set up configs,
|
||||
# but the actual driver spoofs are deferred to boot_timing.sh
|
||||
fi
|
||||
|
||||
# ============================================================
|
||||
# GPU — PowerVR DXT-48-1536 (pvrsrvkm, native)
|
||||
# ============================================================
|
||||
@@ -334,11 +358,12 @@ esac
|
||||
|
||||
SPOOF_ENABLED=$(cat "$CONFDIR/spoof_enabled" 2>/dev/null || echo "0")
|
||||
|
||||
if [ "$SPOOF_ENABLED" = "1" ]; then
|
||||
# Wait for target processes to be running
|
||||
if [ "$SPOOF_ENABLED" = "1" ] && [ "$BOOT_TIMING" != "1" ]; then
|
||||
# Apply immediately if boot timing is NOT handling it
|
||||
# (boot_timing.sh applies spoofs after PI passes)
|
||||
sleep 5
|
||||
sh "$MODDIR/scripts/driver_spoof.sh" apply
|
||||
mlog "Driver spoofing applied"
|
||||
mlog "Driver spoofing applied (immediate mode)"
|
||||
fi
|
||||
|
||||
# ============================================================
|
||||
|
||||
Reference in New Issue
Block a user