Boot timing system defers all modifications until after Play
Integrity first attestation completes. Monitors DroidGuard
(com.google.android.gms.unstable) CPU activity to detect
attestation window. PI watcher daemon auto-hides mods during
periodic re-checks — unmounts spoofs, removes non-stock props,
ensures boot state reads green/locked/enforcing, then re-applies
after check finishes. post-fs-data.sh cleaned to only set
stock-safe props during early boot. KernelSU version props
hidden. WebUI boot timing panel with hide/unhide controls.
Driver spoof: mount namespace isolation keeps stock files visible
to verification (dm-verity, Play Integrity, hash checks) while
custom drivers load into target processes (surfaceflinger,
wpa_supplicant, bluetooth). SELinux context, timestamps, perms,
ownership all cloned from stock. Per-process or global modes.
Configurable driver map for GPU, WiFi firmware, BT firmware.
Stealth: process name masking (rtl_tcp->mediastream, etc),
non-stock prop removal, MAC randomization (WiFi+BT), USB device
permission tightening, log purging, logcat suppression.
Full mode combines all stealth features.
WebUI panels for both spoof and stealth control.
