sssnake/vigil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vigil/post-fs-data.sh
sssnake cf00838b6d Initial release: Vigil Anti-Surveillance Shield v0.1.0 
KernelSU-Next/Magisk/APatch module providing:
- Threat scanner with 11,000+ IOCs (stalkerware, Pegasus, government spyware)
- FrostGuard file integrity monitor (pseudo-locked-bootloader)
- Encryption key wiper / BFU mode transition
- Forensic Shield (anti-Cellebrite with 71 known binary hashes)
- Silent SMS detection (Type-0, Class-0, WAP Push)
- Network monitor with C2/tracker domain and IP blocking
- vigild daemon with periodic scanning and alert management
- Full CLI interface
2026-03-31 03:09:00 -07:00

46 lines
1.5 KiB
Bash
Executable File
Raw Permalink Blame History

#!/system/bin/sh
# Vigil — post-fs-data stage (runs before Zygote/apps)
# This is the earliest stage — used for file integrity checks and forensic shield
MODDIR="${0%/*}"
VIGIL_DATA="/data/adb/vigil"
VIGIL_LIB="$MODDIR/vigil/lib"
VIGIL_LOG="$VIGIL_DATA/vigil.log"
log_vigil() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [post-fs] $1" >> "$VIGIL_LOG"
}
log_vigil "Vigil post-fs-data stage starting"
# Load config
[ -f "$VIGIL_DATA/vigil.conf" ] && . "$VIGIL_DATA/vigil.conf"
# --- FILE INTEGRITY CHECK (FrostGuard) ---
# Check critical system files before anything else loads
if [ "${FROSTGUARD_ENABLED:-1}" = "1" ]; then
log_vigil "FrostGuard: Running early integrity check"
"$VIGIL_LIB/integrity.sh" verify-critical 2>/dev/null
INTEGRITY_RESULT=$?
if [ $INTEGRITY_RESULT -ne 0 ]; then
log_vigil "FrostGuard: INTEGRITY VIOLATION DETECTED (code: $INTEGRITY_RESULT)"
# Write alert for daemon to pick up
echo "integrity_violation:$(date +%s):post-fs-data" >> "$VIGIL_DATA/alerts/pending"
fi
fi
# --- FORENSIC SHIELD: Early USB monitoring ---
# Disable ADB if forensic shield is in lockdown mode
if [ -f "$VIGIL_DATA/.lockdown" ]; then
log_vigil "LOCKDOWN MODE: Disabling ADB and USB debugging"
settings put global adb_enabled 0 2>/dev/null
setprop persist.sys.usb.config "charging" 2>/dev/null
fi
# --- ANTI-FORENSIC: Disable safe boot if configured ---
if [ "${BLOCK_SAFE_MODE:-1}" = "1" ]; then
settings put global safe_boot_disallowed 1 2>/dev/null
fi
log_vigil "Vigil post-fs-data stage complete"
Reference in New Issue View Git Blame Copy Permalink