- Detect LSPosed in all known module paths (zygisk_vector, zygisk_lsposed, lsposed)
- Skip LSPosed config warnings when hooks are already active at runtime
- Check all modules for empty targets, not just LSPosed
- Bump version to v0.5.1
Only get_module_dir() and set_option(DlCloseModuleLibrary) are used,
both available since v2. This fixes module loading on Magisk v27 which
does not support API v5.
Dashboard as new landing screen with module status cards (kmod, zygisk,
LSPosed), aggregated protection checks (native + Java API), and issue
alerts. Uses sealed types for type-safe state modeling (invalid states
are unrepresentable).
Three separate target lists: kmod, zygisk, and lsposed each have
independent targets.txt. Users can configure per-app which layers
protect it (L/K/Z chips in app picker). Service.sh scripts decoupled —
each resolves only its own component, with migration from unified lists.
HookEntry writes /data/system/vpnhide_hook_active with version and
boot_id so the app can detect if LSPosed hooks are active this boot.
VPN Hide app auto-adds itself to all target lists for self-diagnostics.
If just added, shows "restart needed" instead of stale check results.
App hides itself from the app picker and target counts.
Diagnostics tab no longer runs checks without VPN — shows banner only.
Removed "Run All" button (results are cached per process lifetime).
Splash screen follows system dark/light theme via Material3 DayNight.
The VPN Hide app is now the sole UI for target management. WebUI was
KernelSU-Next-only and redundant since the app works on both KSU and
Magisk. Remove webroot/, action.sh, and all references across docs,
install scripts, module descriptions, and code comments.
- lsposed: filter VPN routes from LinkProperties.mRoutes before
serialization (save-mutate-restore pattern). Previously only
mIfaceName was cleared but routes with VPN interface names leaked.
- kmod: remove SIOCGIFFLAGS/SIOCGIFNAME whitelist from dev_ioctl_ret.
Now all dev_ioctl commands return ENODEV for VPN interfaces, covering
SIOCGIFMTU (MTU fingerprinting), SIOCGIFINDEX, SIOCGIFHWADDR, etc.
- zygisk: replace per-command ioctl checks with a SIOCGIF* range check
(0x8910-0x8930). Same coverage as kmod — any ioctl with a VPN
interface name in ifr_name returns ENODEV.
toString() on NetworkCapabilities is already covered: we mutate the
underlying fields before writeToParcel, so the deserialized object
on the client produces a clean toString() output.
- Fix test assertions to match Option return type of read_u32_ne/read_u16_ne
- Cast c_char slices to u8 via from_raw_parts instead of pointer coercion,
fixing host-target compilation where c_char is i8
- Run rustfmt on all changed files
- WebUI: validate package names against [a-zA-Z0-9_.\-]+ before
interpolating into shell commands (both kmod and zygisk copies)
- zygisk hooks.rs: use RTM_NEWLINK/RTM_NEWADDR from filter.rs instead
of magic constants 16/20
- zygisk lib.rs: read /proc/self/maps via raw libc::open in
scrub_shadowhook_maps to bypass our own hooked_openat
- kmod: add comment explaining why seq->buf access without seq->lock
is safe in fib_route_ret (seq_read holds the mutex around ->show())
- kmod: add comment clarifying MODULE_LICENSE("GPL") vs MIT SPDX
kmod:
- Add explicit rcu_read_lock() around ifa->idev->dev->name dereferences
in inet6_fill_entry, inet_fill_entry, and rtnl_fill_entry
- Remove racy READ_ONCE fast-path in is_target_uid; uncontended spin_lock
is ~5ns on ARMv8 and the optimization had incorrect TOCTOU semantics
- Fix dev_ifconf_ret: return immediately on copy_from_user/copy_to_user
failure instead of breaking the loop and writing back a wrong ifc_len
- Fail module load if zero kretprobes register; warn on partial registration
lsposed:
- Fix isSystemServer check-then-set race: use AtomicBoolean.compareAndSet
to prevent duplicate hook installation from concurrent handleLoadPackage
- Fix NC hook partial state corruption: save all values before mutating,
restore on exception, only set ThreadLocals after all mutations succeed
- Fix NI/LP hooks: replace param.result=null (which skips writeToParcel
and corrupts the Parcel stream) with save-mutate-restore pattern
- Synchronize loadTargetUids() with double-checked locking; always cache
result (even empty) to avoid file I/O on every Binder call
- Fix suExec: drain stderr on background thread, destroy process in finally
zygisk:
- Use std::sync::Once for shadowhook initialization instead of AtomicBool
- Handle write() return value on memfd: loop on short writes, return error
- Make netlink parsers (read_u32_ne/read_u16_ne) return Option instead of
panicking on out-of-bounds access
Single VERSION file in repo root as the source of truth. The script
update-version.sh propagates it to all 5 locations: kmod module.prop,
zygisk module.prop, zygisk Cargo.toml, lsposed build.gradle.kts,
test-app build.gradle.kts. versionCode = major*10000 + minor*100 + patch.
The lsposed APK now includes a Compose target picker UI that works
with both kmod and zygisk on any root solution. Update all READMEs
to recommend the app over WebUI (which is KernelSU-only).
The shell variable $UIDS accumulated UIDs with literal \n (two chars)
instead of actual newlines. printf "$UIDS" wrote garbage to
/proc/vpnhide_targets and vpnhide_uids.txt. The empty-targets case
used bare > redirect which never triggers the proc write handler.
Fix: accumulate UIDs with real newlines (like service.sh does), use
echo "$UIDS" for output, and echo (writes \n) for the empty case so
the kmod write handler fires and clears the UID list.
Affects: APK target picker, kmod WebUI, zygisk WebUI.
- /proc/vpnhide_targets: change from 0644 to 0600 (root only).
Apps could read the UID list and discover which apps are targeted.
- Remove /data/local/tmp/vpnhide_targets.txt copies from service.sh
and WebUI (no longer needed after get_module_dir() fix).
On Magisk, SELinux blocks all /data/adb/ access from forked processes.
Zygisk's get_module_dir() returns an fd opened with root privileges —
use openat() on it to read targets.txt regardless of SELinux context.
Removes /data/local/tmp workaround.
On Magisk, SELinux blocks zygote from reading /data/adb/vpnhide_zygisk/
(Permission denied). Fall back to /data/adb/modules/vpnhide_zygisk/targets.txt
which zygote can read on both Magisk and KernelSU.
- service.sh copies targets.txt to module dir on boot
- WebUI copies on save
- Rust code tries persistent path first, falls back to module dir
Add service.sh to zygisk module that resolves package names → UIDs
and writes /data/system/vpnhide_uids.txt on boot — same contract as
kmod's service.sh. This enables the lsposed system_server hooks to
work with zygisk (previously they only worked with kmod).
Also update the zygisk WebUI to resolve and write UIDs on save,
so changes apply immediately without reboot.
Root README is now the single source for shared content (verified
against, split tunneling, threat model, component overview). Sub-READMEs
focus on component-specific technical details and link back to root.
- Remove ~700 lines of duplicated content across sub-READMEs
- Update all cross-references to use monorepo relative paths
- Add test-app to components table
- Update zygisk README: mark openat/recvmsg/SIOCGIFCONF as implemented
- Fix stale links to archived repos
- Remove specific commercial app/bank names from all READMEs, comments,
and log messages to avoid legal issues. Open-source detection tools
(RKNHardering, YourVPNDead) are kept with links.
- Rewrite test-app in Jetpack Compose with Material3 dynamic colors,
edge-to-edge, system dark/light theme support.
- Make test UI more verbose with detailed result cards.
- Add full logcat output for all checks (tag: VPNHideTest) for
automated testing by AI agents.
- Fix 16KB page alignment for Android 15+.
Unified repository for the complete Android VPN-hiding stack:
- zygisk/ — Rust Zygisk module (inline libc hooks via shadowhook)
- lsposed/ — Kotlin LSPosed module (Java API + system_server hooks)
- kmod/ — C kernel module (kretprobe hooks, invisible to anti-tamper)
CI workflows use path filters to build only the changed component.
