let's revive some outdated modules.

changelog-

• Replaced Key Checker with Flag Checker
• Merged WebUI scripts & Action script in one script
• Redesigned WebUI with card based UI
• Improved live terminal logging
• Whitelisted Pixel Launcher components
• Fixed WebUI compatibility with MMRL
• Dropped meow helper activity dependency for popups

expect a new update in few minutes

v3 by 𝗠𝗘𝗢𝗪𝗻𝗮 💅

A little context about this module for new subscribers in this channel:

i collected more than 70 apps from different aosp roms (vanilla & gapps builds). they keep running in background but the strange part is freezing/disabling them doesn’t affect stability or user experience. the number keeps growing with every android update. and no, it’s not just google apps. even pure vanilla without gapps has a lot of crap. the main goal of this module is to freeze these apps to extend battery life & improve performance.

SHA256: 67c5d364882bd3489249d833e2e5e67ca00418350e4d94ddd0eb3940b30cb2e5

changelog

I Need to Talk About Something Serious (Magisk & KSU Vulnerability)

I’m creating a temporary discussion group linked to this channel and would really appreciate your suggestions.

Please keep the group respectful and focused. Each member can post only one message every 1 hours, so think carefully before you send it (you can always edit your message later).

I’ve never reported a sensitive vulnerability before, and honestly, I’m not sure how to do it right. That’s why I need your help and advice

Let’s keep the group free from drama and behave like adults. Thanks for understanding!

I Need to Talk About Something Serious (KernelSU-Magisk Vulnerability)

A few months ago, I found a serious vulnerability in Magisk & KSU (and their forks). This flaw gives full root access to an attacker, meaning they can control your device completely, inject malicious code, install trackers, or even brick it permanently. Basically, anything which is possible with root access, And it’s very easy to exploit.

What makes it worse is that this exploit can work like either rat poison or sweet poison it can either harm your device instantly, or it could be damaging it silently right now without your knowledge. I don’t want to give too many hints, but honestly, this is more dangerous than any exploit I’ve seen so far.

At the time, I didn’t report it because it’s shockingly easy to exploit, and I was honestly scared that if the wrong person saw it before it got fixed, it could cause serious damage to a lot of people. I’ve tried different ways to block or patch it on my end, and while I did find a workaround, but it's just a temporary band-aid, not a solution.

I’m genuinely worried about this. I don’t want to be the reason something bad happens, but I also don’t want to stay silent if the damage is still possible

Now I’m stuck and really need your advice:

Should I report this vulnerability now?
Or should I wait knowing someone else might already be exploiting it and risk a mass attack on rooted devices? Or should I raise awareness about how it works and how people can protect themselves from becoming victims

Please share your thoughts. Your suggestions will help me decide the best way forward.

Also, please don’t DM me asking what the vulnerability is😬 If I felt it was safe to share, I would’ve already. Thanks for understanding.

~ Regards @MeowDump

Import this file in HMAL / HMA

last updated on 01 January 2026

v17.1 by 𝗠𝗘𝗢𝗪𝗻𝗮 💅

changelog-

Changelog v17.1

• Fixed “operation not permitted” error during installation.
• Removed self-destruct mode.
• Fixed Hide PIF Detection button not working.
• Cleaned up unnecessary code.
• Changed module ID.
• Fixed module description not updating for Magisk users.
• Fixed action summary result bug.
• Improved PIF fork spoofing script
• Removed anti-tampering detection, (It’s not stable yet and needs a lot more testing and fine-tuning. I don’t have enough time to keep it in right now. Maybe in the future when I get the chance, it will come back in a better form)

Changelog v17

• Updated Keybox
• Cleaned debug fingerprint by default
• Introduced Anti Tampering Protection
• Introduced Self Destruct mode
• Added SHA512+SHA256+MD5 hash with salt verification on install
• Fixed banned kernel false positive indicator
• Create NoLineageProp flag in /data/adb/Box•Brain to clean LineageOS props
• Added verification summary on install
• Added spoofVendingSdk support for PifFork spoofing [WEBUI]
• Fixed delay handler for KSU [ACTION]
• Fixed TS patch button not working [WEBUI]
• Dropped target.txt auto update on boot 
• Dropped modal auto close switch [WEBUI]
• Introduced hide/unhide extra features button in WebUI 
• Fixed target & keybox backup restore bug on uninstall
• Updated supporter list [WEBUI]
• Description will now refresh on boot instead of action

SHA256: 036bd5a6fbeed246a174a23362b53c6906dbca0aa07c43aad8fecbc0321998aa

Module Features
Pre-Requirements
Preview
Support

v18 by 𝗠𝗘𝗢𝗪𝗻𝗮 💅

changelog-

• Added WebUI support for spoofing PifFork’s advanced settings
• Introduced SELinux spoofer (create /data/adb/Box-Brain/selinux to force spoofing to enforcing)
• Fixed Hide Pif detection button not working
• Updated WebUI shortcut icon
• Updated WebUI-X configuration file with latest changes
• Dropped legacy PifFork spoof shell script (now handled by WebUI)
• Fixed WebUI resizing issue when enabling hidden features
• Added cleanup routine to wipe leftover files on uninstallation
• Forced ksu-webui as the default WebUI engine
• Improved installation and upgrade logic for cleaner dirty flashes
• Optimized script execution speed and reduced unnecessary overhead
• Enhanced error handling and fail-safe mechanisms
• Added japanese translation, thanks @ot_inc
• Improved compatibility with recent Magisk and KernelSU builds
• Refined logging output for easier debugging
• Polished UI animations and theme handling
• Minor code cleanup and refactoring for long-term maintainability

SHA256: 21abc45401234fb9e3cda2a0b1cdf2bb21ab52021319f9e52364435e2afed248

Module Features
Pre-Requirements
Support