v16 by 𝗠𝗘𝗢𝗪𝗻𝗮 💅

[RE-UPLOADED] FIXED UNEXPECTED CRASH ON MAGISK ALPHA

changelog-

• Fixed unexpected delay in action button(script) expectation.

• Now default target packages will be updated based on TEE status too, instead of forcing leaf certificate hack mode for devices with non broken TEE

• Disable intro in WebUI by default & added option to re-enable it in WebUI menu.

• Improved Keybox updater.

• Optimised installation script.

• Added more configuration flags

• Fixed Lsposed logs spoofing failure

• Replaced simple "echo" outputs with structured logging mechanism for better traceability.

• Added a consistent logging format including timestamp for each log entry to improve readability and debugging.

• Implemented log file capturing using "tee -a" to ensure both console visibility and file persistence of logs.

• Ensured that all network retry attempts are logged with clear retry counters for transparency.

• Improved reliability of network connectivity checks by introducing a maximum retry limit with controlled loop execution.

• Enhanced error handling by introducing explicit exit codes upon failure conditions for better integration with other scripts.

• Suppressed unnecessary command outputs to keep logs clean and focused only on meaningful information.

• Introduced graceful exit after maximum retry attempts to avoid indefinite loops in case of no internet connectivity.

• Standardized indentation, spacing, and code structure for improved readability and maintainability.

• Consolidated redundant command sequences to simplify the flow and reduce script overhead.

• Improved user feedback by ensuring retry attempts and failure messages are displayed consistently.

• Added robust handling of slow or unstable network scenarios to minimize false negatives.

• Ensured compatibility with BusyBox environment by using portable shell syntax.

• Improved overall script maintainability by reducing noise and making error handling self-explanatory.

• Strengthened integration readiness by introducing reliable log capturing that can be parsed or shared easily.

• Ensured that no sensitive data or unnecessary verbose output is written into the log files.

• Refined exit behavior to prevent accidental continuation of dependent operations in case of failure.

• Improved script resilience under low-resource or high-latency conditions.

• General code cleanup to maintain long-term stability.

• Custom fonts will be added in next update (got no time to find fonts).

• Logs will be zipped automatically, if you face any issue, just send me the log zip file

SHA256: 11e8360bbcc7745276c734c7d4fb86c6dc5be42922a570dbdbd7c79bee0806e3

Module Features
Pre-Requirements
Preview
Support

let's revive some outdated modules.

changelog-

• Replaced Key Checker with Flag Checker
• Merged WebUI scripts & Action script in one script
• Redesigned WebUI with card based UI
• Improved live terminal logging
• Whitelisted Pixel Launcher components
• Fixed WebUI compatibility with MMRL
• Dropped meow helper activity dependency for popups

expect a new update in few minutes

v3 by 𝗠𝗘𝗢𝗪𝗻𝗮 💅

A little context about this module for new subscribers in this channel:

i collected more than 70 apps from different aosp roms (vanilla & gapps builds). they keep running in background but the strange part is freezing/disabling them doesn’t affect stability or user experience. the number keeps growing with every android update. and no, it’s not just google apps. even pure vanilla without gapps has a lot of crap. the main goal of this module is to freeze these apps to extend battery life & improve performance.

SHA256: 67c5d364882bd3489249d833e2e5e67ca00418350e4d94ddd0eb3940b30cb2e5

changelog

I Need to Talk About Something Serious (Magisk & KSU Vulnerability)

I’m creating a temporary discussion group linked to this channel and would really appreciate your suggestions.

Please keep the group respectful and focused. Each member can post only one message every 1 hours, so think carefully before you send it (you can always edit your message later).

I’ve never reported a sensitive vulnerability before, and honestly, I’m not sure how to do it right. That’s why I need your help and advice

Let’s keep the group free from drama and behave like adults. Thanks for understanding!

I Need to Talk About Something Serious (KernelSU-Magisk Vulnerability)

A few months ago, I found a serious vulnerability in Magisk & KSU (and their forks). This flaw gives full root access to an attacker, meaning they can control your device completely, inject malicious code, install trackers, or even brick it permanently. Basically, anything which is possible with root access, And it’s very easy to exploit.

What makes it worse is that this exploit can work like either rat poison or sweet poison it can either harm your device instantly, or it could be damaging it silently right now without your knowledge. I don’t want to give too many hints, but honestly, this is more dangerous than any exploit I’ve seen so far.

At the time, I didn’t report it because it’s shockingly easy to exploit, and I was honestly scared that if the wrong person saw it before it got fixed, it could cause serious damage to a lot of people. I’ve tried different ways to block or patch it on my end, and while I did find a workaround, but it's just a temporary band-aid, not a solution.

I’m genuinely worried about this. I don’t want to be the reason something bad happens, but I also don’t want to stay silent if the damage is still possible

Now I’m stuck and really need your advice:

Should I report this vulnerability now?
Or should I wait knowing someone else might already be exploiting it and risk a mass attack on rooted devices? Or should I raise awareness about how it works and how people can protect themselves from becoming victims

Please share your thoughts. Your suggestions will help me decide the best way forward.

Also, please don’t DM me asking what the vulnerability is😬 If I felt it was safe to share, I would’ve already. Thanks for understanding.

~ Regards @MeowDump

Import this file in HMAL / HMA

last updated on 01 January 2026

v17.1 by 𝗠𝗘𝗢𝗪𝗻𝗮 💅

changelog-

Changelog v17.1

• Fixed “operation not permitted” error during installation.
• Removed self-destruct mode.
• Fixed Hide PIF Detection button not working.
• Cleaned up unnecessary code.
• Changed module ID.
• Fixed module description not updating for Magisk users.
• Fixed action summary result bug.
• Improved PIF fork spoofing script
• Removed anti-tampering detection, (It’s not stable yet and needs a lot more testing and fine-tuning. I don’t have enough time to keep it in right now. Maybe in the future when I get the chance, it will come back in a better form)

Changelog v17

• Updated Keybox
• Cleaned debug fingerprint by default
• Introduced Anti Tampering Protection
• Introduced Self Destruct mode
• Added SHA512+SHA256+MD5 hash with salt verification on install
• Fixed banned kernel false positive indicator
• Create NoLineageProp flag in /data/adb/Box•Brain to clean LineageOS props
• Added verification summary on install
• Added spoofVendingSdk support for PifFork spoofing [WEBUI]
• Fixed delay handler for KSU [ACTION]
• Fixed TS patch button not working [WEBUI]
• Dropped target.txt auto update on boot 
• Dropped modal auto close switch [WEBUI]
• Introduced hide/unhide extra features button in WebUI 
• Fixed target & keybox backup restore bug on uninstall
• Updated supporter list [WEBUI]
• Description will now refresh on boot instead of action

SHA256: 036bd5a6fbeed246a174a23362b53c6906dbca0aa07c43aad8fecbc0321998aa

Module Features
Pre-Requirements
Preview
Support

v18 by 𝗠𝗘𝗢𝗪𝗻𝗮 💅

changelog-

• Added WebUI support for spoofing PifFork’s advanced settings
• Introduced SELinux spoofer (create /data/adb/Box-Brain/selinux to force spoofing to enforcing)
• Fixed Hide Pif detection button not working
• Updated WebUI shortcut icon
• Updated WebUI-X configuration file with latest changes
• Dropped legacy PifFork spoof shell script (now handled by WebUI)
• Fixed WebUI resizing issue when enabling hidden features
• Added cleanup routine to wipe leftover files on uninstallation
• Forced ksu-webui as the default WebUI engine
• Improved installation and upgrade logic for cleaner dirty flashes
• Optimized script execution speed and reduced unnecessary overhead
• Enhanced error handling and fail-safe mechanisms
• Added japanese translation, thanks @ot_inc
• Improved compatibility with recent Magisk and KernelSU builds
• Refined logging output for easier debugging
• Polished UI animations and theme handling
• Minor code cleanup and refactoring for long-term maintainability

SHA256: 21abc45401234fb9e3cda2a0b1cdf2bb21ab52021319f9e52364435e2afed248

Module Features
Pre-Requirements
Support