diff --git a/CHANGELOG.md b/CHANGELOG.md index d3fc886..7d716c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,14 +5,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [Unreleased] +## v0.6.2 ### Added -- Save button next to Share for full-system logcat recordings — writes the capture via the Storage Access Framework to a user-picked location (previously only Share was available, which didn't always persist the file when sharing to a file manager). +- Full system logcat recording on the Diagnostics screen — Start/Stop an unfiltered capture of all logcat buffers (main/system/crash/events/radio), then Save to a user-picked location via the Storage Access Framework or Share through the system sheet. Useful for submitting diagnostic logs straight from the app without running adb logcat by hand. ### Changed - Module zips and APK now include git provenance in the version string. Official release builds from a tag stay at the clean version (e.g. 0.6.2); intermediate builds from main or a feature branch show up as 0.6.2-5-gabc1234 (or -dirty) in the Magisk/KSU manager and Android Settings, so debug-log submissions identify the exact commit. +### Fixed +- Target apps (Ozon, Home Assistant, Megafon, Chrome, etc.) no longer hang on infinite load when vpnhide-zygisk is installed. Our recv/recvmsg hooks used to run the netlink-dump filter on every socket regardless of type — on TCP/UDP/Unix the first bytes are arbitrary user data (TLS ciphertext, HTTP body) and occasionally matched RTM_NEWLINK/RTM_NEWADDR by chance, causing the filter to mangle the buffer in-place and corrupt the TLS stream. Gated both hooks on AF_NETLINK so non-netlink traffic passes through untouched. +- Target apps no longer fail Java-level hooks on cold boot. service.sh in the kmod and zygisk modules used to resolve package names to UIDs as soon as pm list packages started responding — but PackageManager responds early with only the system-package snapshot, so user-installed targets (including the vpnhide app itself) got resolved to empty. /data/system/vpnhide_uids.txt was written with at most one UID, the LSPosed hook cached that empty set on its first writeToParcel call, and the Java-level filtering silently no-opped until the next lucky boot. Now service.sh waits until the vpnhide package itself is visible in pm list packages -U, so the full user-package index is ready before resolving. +- Ozon and other apps with root-detection scanning /proc/self/fd no longer hang when vpnhide-zygisk is installed. The module's zygote-side on_load was leaking the module-dir fd, which every forked app process inherited — root-tamper scans detected a descriptor pointing inside /data/adb/modules/ and refused to continue. The fd is now explicitly closed before any app fork. + ## v0.6.1 ### Added @@ -20,7 +25,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - Magisk versions before v28 failed to install vpnhide-ports and vpnhide-kmod with an unpack error — restored the META-INF/com/google/android/{update-binary,updater-script} entries the older managers expect. -- Ozon and other apps with root-detection scanning /proc/self/fd no longer hang when vpnhide-zygisk is installed. The module's zygote-side on_load was leaking the module-dir fd, which every forked app process inherited — root-tamper scans detected a descriptor pointing inside /data/adb/modules/ and refused to continue. The fd is now explicitly closed before any app fork. ## v0.6.0 diff --git a/VERSION b/VERSION index ee6cdce..b616048 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.6.1 +0.6.2 diff --git a/kmod/module/module.prop b/kmod/module/module.prop index 3496770..dd5ba9a 100644 --- a/kmod/module/module.prop +++ b/kmod/module/module.prop @@ -1,6 +1,6 @@ id=vpnhide_kmod name=VPN Hide (kernel) -version=v0.6.1 -versionCode=601 +version=v0.6.2 +versionCode=602 author=okhsunrog description=Hides VPN interfaces from selected apps at the kernel level via kretprobe. Invisible to anti-tamper SDKs. Manage targets via VPN Hide app. diff --git a/lsposed/app/build.gradle.kts b/lsposed/app/build.gradle.kts index 13394a5..02b4254 100644 --- a/lsposed/app/build.gradle.kts +++ b/lsposed/app/build.gradle.kts @@ -30,7 +30,7 @@ android { applicationId = "dev.okhsunrog.vpnhide" minSdk = 29 targetSdk = 35 - versionCode = 601 + versionCode = 602 versionName = buildVersion ndk { diff --git a/lsposed/app/src/main/assets/changelog.json b/lsposed/app/src/main/assets/changelog.json index 789da6f..ce3f38f 100644 --- a/lsposed/app/src/main/assets/changelog.json +++ b/lsposed/app/src/main/assets/changelog.json @@ -1,27 +1,48 @@ { "unreleased": { - "sections": [ - { - "type": "added", - "items": [ - { - "en": "Save button next to Share for full-system logcat recordings — writes the capture via the Storage Access Framework to a user-picked location (previously only Share was available, which didn't always persist the file when sharing to a file manager).", - "ru": "Кнопка «Сохранить» рядом с «Поделиться» для записи полного системного logcat — сохраняет файл через Storage Access Framework в выбранное место (раньше была только «Поделиться», и через диалог «Сохранить в файлы» файл не всегда сохранялся)." - } - ] - }, - { - "type": "changed", - "items": [ - { - "en": "Module zips and APK now include git provenance in the version string. Official release builds from a tag stay at the clean version (e.g. 0.6.2); intermediate builds from main or a feature branch show up as 0.6.2-5-gabc1234 (or -dirty) in the Magisk/KSU manager and Android Settings, so debug-log submissions identify the exact commit.", - "ru": "Zip-модули и APK теперь включают git-провенанс в строку версии. Официальные релизные сборки с тега остаются с чистой версией (например, 0.6.2); промежуточные сборки с main или feature-ветки отображаются как 0.6.2-5-gabc1234 (или -dirty) в Magisk/KSU-менеджере и настройках Android — по логам сразу видно, какой именно коммит у пользователя." - } - ] - } - ] + "sections": [] }, "history": [ + { + "version": "0.6.2", + "sections": [ + { + "type": "added", + "items": [ + { + "en": "Full system logcat recording on the Diagnostics screen — Start/Stop an unfiltered capture of all logcat buffers (main/system/crash/events/radio), then Save to a user-picked location via the Storage Access Framework or Share through the system sheet. Useful for submitting diagnostic logs straight from the app without running adb logcat by hand.", + "ru": "Запись полного системного logcat на экране диагностики — Start/Stop для нефильтрованной записи всех буферов logcat (main/system/crash/events/radio), затем Save в выбранное место через Storage Access Framework или Share через системный диалог. Позволяет отправлять диагностические логи прямо из приложения, без ручного запуска adb logcat." + } + ] + }, + { + "type": "changed", + "items": [ + { + "en": "Module zips and APK now include git provenance in the version string. Official release builds from a tag stay at the clean version (e.g. 0.6.2); intermediate builds from main or a feature branch show up as 0.6.2-5-gabc1234 (or -dirty) in the Magisk/KSU manager and Android Settings, so debug-log submissions identify the exact commit.", + "ru": "Zip-модули и APK теперь включают git-провенанс в строку версии. Официальные релизные сборки с тега остаются с чистой версией (например, 0.6.2); промежуточные сборки с main или feature-ветки отображаются как 0.6.2-5-gabc1234 (или -dirty) в Magisk/KSU-менеджере и настройках Android — по логам сразу видно, какой именно коммит у пользователя." + } + ] + }, + { + "type": "fixed", + "items": [ + { + "en": "Target apps (Ozon, Home Assistant, Megafon, Chrome, etc.) no longer hang on infinite load when vpnhide-zygisk is installed. Our recv/recvmsg hooks used to run the netlink-dump filter on every socket regardless of type — on TCP/UDP/Unix the first bytes are arbitrary user data (TLS ciphertext, HTTP body) and occasionally matched RTM_NEWLINK/RTM_NEWADDR by chance, causing the filter to mangle the buffer in-place and corrupt the TLS stream. Gated both hooks on AF_NETLINK so non-netlink traffic passes through untouched.", + "ru": "Целевые приложения (Ozon, Home Assistant, Мегафон, Chrome и т. д.) больше не зависают на бесконечной загрузке при установленном vpnhide-zygisk. Хуки recv/recvmsg запускали netlink-фильтр на каждом сокете независимо от типа — на TCP/UDP/Unix первые байты это произвольные данные (TLS-шифротекст, HTTP-тело), и иногда случайно совпадали с RTM_NEWLINK/RTM_NEWADDR, после чего фильтр портил буфер in-place и ломал TLS-поток. Обе хуки теперь работают только на AF_NETLINK-сокетах, не-netlink трафик проходит без изменений." + }, + { + "en": "Target apps no longer fail Java-level hooks on cold boot. service.sh in the kmod and zygisk modules used to resolve package names to UIDs as soon as pm list packages started responding — but PackageManager responds early with only the system-package snapshot, so user-installed targets (including the vpnhide app itself) got resolved to empty. /data/system/vpnhide_uids.txt was written with at most one UID, the LSPosed hook cached that empty set on its first writeToParcel call, and the Java-level filtering silently no-opped until the next lucky boot. Now service.sh waits until the vpnhide package itself is visible in pm list packages -U, so the full user-package index is ready before resolving.", + "ru": "Целевые приложения больше не проваливают Java-хуки после холодной загрузки. service.sh в модулях kmod и zygisk резолвил имена пакетов в UID как только pm list packages начинал отвечать — но PackageManager отвечает сначала только списком системных пакетов, поэтому user-пакеты (включая сам vpnhide) резолвились в пустоту. /data/system/vpnhide_uids.txt писался с максимум одним UID, LSPosed-хук кэшировал этот пустой набор при первом вызове writeToParcel, и Java-фильтрация тихо не работала до следующей удачной загрузки. Теперь service.sh ждёт, пока сам пакет vpnhide не появится в pm list packages -U — значит полный индекс user-пакетов готов до резолва." + }, + { + "en": "Ozon and other apps with root-detection scanning /proc/self/fd no longer hang when vpnhide-zygisk is installed. The module's zygote-side on_load was leaking the module-dir fd, which every forked app process inherited — root-tamper scans detected a descriptor pointing inside /data/adb/modules/ and refused to continue. The fd is now explicitly closed before any app fork.", + "ru": "Ozon и другие приложения, сканирующие /proc/self/fd на признаки root, больше не зависают при установленном vpnhide-zygisk. Модуль утекал fd на /data/adb/modules/ в зиготу, и каждое форкнутое приложение наследовало его — антирут-проверки детектили descriptor внутри /data/adb/ и отказывались запускаться. Теперь fd явно закрывается до первого форка." + } + ] + } + ] + }, { "version": "0.6.1", "sections": [ @@ -31,10 +52,6 @@ { "en": "Magisk versions before v28 failed to install vpnhide-ports and vpnhide-kmod with an unpack error — restored the META-INF/com/google/android/{update-binary,updater-script} entries the older managers expect.", "ru": "Magisk до v28 не мог установить vpnhide-ports и vpnhide-kmod из-за ошибки распаковки — вернул файлы META-INF/com/google/android/{update-binary,updater-script}, которые требуются старыми менеджерами." - }, - { - "en": "Ozon and other apps with root-detection scanning /proc/self/fd no longer hang when vpnhide-zygisk is installed. The module's zygote-side on_load was leaking the module-dir fd, which every forked app process inherited — root-tamper scans detected a descriptor pointing inside /data/adb/modules/ and refused to continue. The fd is now explicitly closed before any app fork.", - "ru": "Ozon и другие приложения, сканирующие /proc/self/fd на признаки root, больше не зависают при установленном vpnhide-zygisk. Модуль утекал fd на /data/adb/modules/ в зиготу, и каждое форкнутое приложение наследовало его — антирут-проверки детектили descriptor внутри /data/adb/ и отказывались запускаться. Теперь fd явно закрывается до первого форка." } ] }, diff --git a/lsposed/native/Cargo.toml b/lsposed/native/Cargo.toml index b118ea7..2d22758 100644 --- a/lsposed/native/Cargo.toml +++ b/lsposed/native/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "vpnhide_checks" -version = "0.6.1" +version = "0.6.2" edition = "2024" rust-version = "1.85" license = "MIT" diff --git a/portshide/module/module.prop b/portshide/module/module.prop index af4d3e3..e52c069 100644 --- a/portshide/module/module.prop +++ b/portshide/module/module.prop @@ -1,6 +1,6 @@ id=vpnhide_ports name=VPN Hide (Ports) -version=v0.6.1 -versionCode=601 +version=v0.6.2 +versionCode=602 author=okhsunrog description=Blocks selected apps from reaching localhost ports — hides locally-bound VPN/proxy from probe attempts via netfilter. Manage observers via VPN Hide app. diff --git a/update-json/changelog.md b/update-json/changelog.md index 2f7ff8a..f1b8248 100644 --- a/update-json/changelog.md +++ b/update-json/changelog.md @@ -1,3 +1,16 @@ +## v0.6.2 + +### Added +- Full system logcat recording on the Diagnostics screen — Start/Stop an unfiltered capture of all logcat buffers (main/system/crash/events/radio), then Save to a user-picked location via the Storage Access Framework or Share through the system sheet. Useful for submitting diagnostic logs straight from the app without running adb logcat by hand. + +### Changed +- Module zips and APK now include git provenance in the version string. Official release builds from a tag stay at the clean version (e.g. 0.6.2); intermediate builds from main or a feature branch show up as 0.6.2-5-gabc1234 (or -dirty) in the Magisk/KSU manager and Android Settings, so debug-log submissions identify the exact commit. + +### Fixed +- Target apps (Ozon, Home Assistant, Megafon, Chrome, etc.) no longer hang on infinite load when vpnhide-zygisk is installed. Our recv/recvmsg hooks used to run the netlink-dump filter on every socket regardless of type — on TCP/UDP/Unix the first bytes are arbitrary user data (TLS ciphertext, HTTP body) and occasionally matched RTM_NEWLINK/RTM_NEWADDR by chance, causing the filter to mangle the buffer in-place and corrupt the TLS stream. Gated both hooks on AF_NETLINK so non-netlink traffic passes through untouched. +- Target apps no longer fail Java-level hooks on cold boot. service.sh in the kmod and zygisk modules used to resolve package names to UIDs as soon as pm list packages started responding — but PackageManager responds early with only the system-package snapshot, so user-installed targets (including the vpnhide app itself) got resolved to empty. /data/system/vpnhide_uids.txt was written with at most one UID, the LSPosed hook cached that empty set on its first writeToParcel call, and the Java-level filtering silently no-opped until the next lucky boot. Now service.sh waits until the vpnhide package itself is visible in pm list packages -U, so the full user-package index is ready before resolving. +- Ozon and other apps with root-detection scanning /proc/self/fd no longer hang when vpnhide-zygisk is installed. The module's zygote-side on_load was leaking the module-dir fd, which every forked app process inherited — root-tamper scans detected a descriptor pointing inside /data/adb/modules/ and refused to continue. The fd is now explicitly closed before any app fork. + ## v0.6.1 ### Added @@ -5,7 +18,6 @@ ### Fixed - Magisk versions before v28 failed to install vpnhide-ports and vpnhide-kmod with an unpack error — restored the META-INF/com/google/android/{update-binary,updater-script} entries the older managers expect. -- Ozon and other apps with root-detection scanning /proc/self/fd no longer hang when vpnhide-zygisk is installed. The module's zygote-side on_load was leaking the module-dir fd, which every forked app process inherited — root-tamper scans detected a descriptor pointing inside /data/adb/modules/ and refused to continue. The fd is now explicitly closed before any app fork. ## v0.6.0 @@ -37,10 +49,3 @@ - Fixed zygisk first-launch race: dashboard no longer shows false "inactive" status - Added recv hook in zygisk for netlink filtering on Android 10 - Fixed hardcoded v0.1.0 in module installer messages - -## v0.5.1 - -### Fixed -- Fixed false "LSPosed/Vector not installed" warning when LSPosed uses non-standard module path (e.g. zygisk_lsposed) -- Fixed false LSPosed config warnings when hooks are already active at runtime -- "No target apps configured" now checks all modules, not just LSPosed diff --git a/zygisk/Cargo.lock b/zygisk/Cargo.lock index 345dee4..ff009d7 100644 --- a/zygisk/Cargo.lock +++ b/zygisk/Cargo.lock @@ -241,7 +241,7 @@ checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" [[package]] name = "vpnhide_zygisk" -version = "0.6.1" +version = "0.6.2" dependencies = [ "android_logger", "cmake", diff --git a/zygisk/Cargo.toml b/zygisk/Cargo.toml index 82a7e09..8d047ca 100644 --- a/zygisk/Cargo.toml +++ b/zygisk/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "vpnhide_zygisk" -version = "0.6.1" +version = "0.6.2" edition = "2024" rust-version = "1.85" license = "MIT" diff --git a/zygisk/module/module.prop b/zygisk/module/module.prop index 2be885b..cc10ace 100644 --- a/zygisk/module/module.prop +++ b/zygisk/module/module.prop @@ -1,6 +1,6 @@ id=vpnhide_zygisk name=VPN Hide (Zygisk native) -version=v0.6.1 -versionCode=601 +version=v0.6.2 +versionCode=602 author=okhsunrog description=Hides active VPN interfaces from selected apps by inline-hooking libc ioctl via shadowhook. Covers the native detection path (Flutter, JNI, raw C/C++) that Java-level LSPosed modules can't reach. Manage targets via VPN Hide app.