v0.2.0: Deep forensic scanner, honeypots, duress system, anti-forensics hardening

New modules:
- Deep forensic scanner (MVT-style): background + on-demand full analysis
  SMS/call log/browser/dumpsys/battery/cert store/logcat/data usage
- Anti-forensics hardening: 15 measures (USB, ADB, logging, memory, TRIM)
- Duress/panic trigger: power button sequence, duress PIN, CLI panic
- SMS honeypot: fake GPS location spoofing on silent SMS detection
- App permissions honeypot: audit dangerous combos, revoke, sandbox,
  feed fake data to spyware apps
- IOC auto-updater: scheduled updates from backend or git sources (WIP)

Fixes:
- Removed SKIPUNZIP=1 (fixes module.prop OS error 2)
- Deferred FrostGuard baseline to first boot (no more install hang)
- Added volume key selection for FrostGuard and initial scan during install

customize.sh

@@ -3,7 +3,41 @@
 # KernelSU-Next Module Installation Script
 # (c) Setec Labs
 
-SKIPUNZIP=1
+# Let KernelSU/Magisk handle extraction (MODPATH is set by the framework)
+
+# ── Volume key selector ──
+# Reads volume key press: returns 0 for Vol+, 1 for Vol-
+# Timeout returns the default ($1: 0=yes, 1=no)
+keycheck() {
+    local default="${1:-0}"
+    local timeout="${2:-5}"
+    local start=$(date +%s)
+
+    # Find input devices for volume keys
+    local KEYCHECK=""
+    for d in /dev/input/event*; do
+        [ -e "$d" ] && KEYCHECK="$d"
+    done
+
+    while true; do
+        local now=$(date +%s)
+        local elapsed=$((now - start))
+        local remaining=$((timeout - elapsed))
+
+        if [ $remaining -le 0 ]; then
+            return $default
+        fi
+
+        # Try to read a key event with timeout
+        local key=$(timeout 1 getevent -lc 1 2>/dev/null | grep -oE 'KEY_VOLUME(UP|DOWN)' | head -1)
+
+        if [ "$key" = "KEY_VOLUMEUP" ]; then
+            return 0
+        elif [ "$key" = "KEY_VOLUMEDOWN" ]; then
+            return 1
+        fi
+    done
+}
 
 ui_print "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 ui_print "  Vigil — Anti-Surveillance Shield v0.1.0"
@@ -14,13 +48,10 @@ ui_print ""
 # Detect environment
 if [ "$KSU" = "true" ]; then
     ui_print "[*] KernelSU detected (version: $KSU_VER_CODE)"
-    MODPATH="/data/adb/modules/vigil"
 elif [ "$APATCH" = "true" ]; then
     ui_print "[*] APatch detected"
-    MODPATH="/data/adb/modules/vigil"
 else
     ui_print "[*] Magisk detected (version: $MAGISK_VER_CODE)"
-    MODPATH="/data/adb/modules/vigil"
 fi
 
 # Check Android version
@@ -35,14 +66,8 @@ ui_print "[*] Android API: $API"
 ARCH=$(getprop ro.product.cpu.abi)
 ui_print "[*] Architecture: $ARCH"
 
-# Extract module files
-ui_print "[*] Extracting module files..."
-mkdir -p "$MODPATH"
-unzip -o "$ZIPFILE" -d "$MODPATH" >&2
-
-# Set permissions
+# Set permissions on executables
 ui_print "[*] Setting permissions..."
-set_perm_recursive "$MODPATH" 0 0 0755 0644
 set_perm_recursive "$MODPATH/vigil/bin" 0 0 0755 0755
 set_perm_recursive "$MODPATH/vigil/lib" 0 0 0755 0755
 
@@ -64,9 +89,66 @@ fi
 ui_print "[*] Installing threat indicator database..."
 cp -r "$MODPATH/vigil/ioc/"* /data/adb/vigil/ 2>/dev/null
 
-# Generate initial file integrity baseline
-ui_print "[*] Generating file integrity baseline..."
-"$MODPATH/vigil/lib/integrity.sh" baseline 2>/dev/null
+# ── FrostGuard: File Integrity Selection ──
+ui_print ""
+ui_print "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+ui_print "  FrostGuard — File Integrity Monitor"
+ui_print "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+ui_print ""
+ui_print "  FrostGuard hashes all system files to"
+ui_print "  detect unauthorized modifications."
+ui_print ""
+ui_print "  WARNING: This can take 5-10 minutes on"
+ui_print "  first boot while it builds the baseline."
+ui_print ""
+ui_print "  Vol UP   = ENABLE  (recommended)"
+ui_print "  Vol DOWN = DISABLE"
+ui_print ""
+ui_print -n "  Waiting 5 seconds... "
+
+keycheck 0 5
+if [ $? -eq 0 ]; then
+    ui_print "ENABLED"
+    touch /data/adb/vigil/.needs_baseline
+    sed -i 's/^FROSTGUARD_ENABLED=.*/FROSTGUARD_ENABLED=1/' /data/adb/vigil/vigil.conf 2>/dev/null
+    ui_print "[*] Baseline will generate on first boot (5-10 min)"
+else
+    ui_print "DISABLED"
+    rm -f /data/adb/vigil/.needs_baseline
+    sed -i 's/^FROSTGUARD_ENABLED=.*/FROSTGUARD_ENABLED=0/' /data/adb/vigil/vigil.conf 2>/dev/null
+    ui_print "[*] FrostGuard disabled — enable later with vigil.conf"
+fi
+
+# ── Threat Scan Selection ──
+ui_print ""
+ui_print "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+ui_print "  Initial Threat Scan"
+ui_print "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+ui_print ""
+ui_print "  Scan installed apps against 11,000+"
+ui_print "  threat indicators (stalkerware, spyware,"
+ui_print "  Pegasus, government surveillance tools)."
+ui_print ""
+ui_print "  Vol UP   = SCAN NOW (during install)"
+ui_print "  Vol DOWN = SCAN ON NEXT BOOT"
+ui_print ""
+ui_print -n "  Waiting 5 seconds... "
+
+keycheck 1 5
+if [ $? -eq 0 ]; then
+    ui_print "SCANNING NOW"
+    ui_print ""
+    ui_print "[*] Running threat scan..."
+    # Quick scan: packages + processes (fastest useful scan)
+    VIGIL_DATA="/data/adb/vigil" "$MODPATH/vigil/lib/scanner.sh" quick 2>/dev/null | while read -r line; do
+        ui_print "  $line"
+    done
+    ui_print "[*] Scan complete"
+else
+    ui_print "DEFERRED TO BOOT"
+    touch /data/adb/vigil/.needs_scan
+    ui_print "[*] Scan will run automatically on next boot"
+fi
 
 ui_print ""
 ui_print "[✓] Vigil installed successfully."