A new autistic module came here!
If you like this kind of post don't forget to share it ๐
So what does this module do?
Offering STRONK ๐ข๐ข๐ข Play Integrity by replacing your tricky store ๐๐ฆ with it's encrypted ๐๐ฆ that kanged from somewhere and packed with some junks from junkyard ๐๐๐
This module is so autistic that it features:
- An encrypted aes-256-cbc ๐๐ฆ
- Included with FULL TERMUX ROOTFS just for openssl and other utilities, don't ask me why it weighs 80 TONS ๐คช
- and ofc Rick roll on the fake ๐๐ฆ.xml ๐
If you like this kind of post don't forget to share it ๐
๐คฎ24๐ฉ5โค1
Reverse Engineer of Magisk Module "PHEONIX PRO GAMING"
The module was leaked by someone that just bought this module, he came to my pm and asked me to RE this module to see what's going inside the module.
This shit easily became the most scummy module I ever came across, and the fact this module is literally selling for $50 makes it more ridiculous. I feel bad for the ones that bought this thing.
The module was leaked by someone that just bought this module, he came to my pm and asked me to RE this module to see what's going inside the module.
๐คฎ4
My first thing that comes to my mind is how ridiculous the price was for a literal gayming module that is probably worth half of your phone you probably used to read this, and how even gayming lunatics/idiots can buy this thing?
I meant 50 dollars for a gayming module? There are a lot of free alternatives out there that probably perform better than this shit such as Encore Tweaks.
I'm curious about how good this module is since it was $50, I go ahead and look into the module.
I meant 50 dollars for a gayming module? There are a lot of free alternatives out there that probably perform better than this shit such as Encore Tweaks.
I'm curious about how good this module is since it was $50, I go ahead and look into the module.
๐คฃ3
First this I see is the service script, and immediately I spot some missing variables here, $config and $MODPATH. Although $MODPATH is declared automatically by Magisk/KSU/AP when module installation, this is not the case with the late_start service script.
The shebang is also wrong as you can see it's
The service script itself only does setprop spectrum props. Just looking into the service script we know the script kiddie that creates this bs doesn't know shit and only cares about money.
The shebang is also wrong as you can see it's
system/sh instead of /system/bin/sh.The service script itself only does setprop spectrum props. Just looking into the service script we know the script kiddie that creates this bs doesn't know shit and only cares about money.
๐คฃ2
The next is the "phx" folder, inside it it contains an executable called phx and when I run the file command to see what format it is, I'm shocked.
HOW THIS IDIOT THOUGHT THAT EXECUTABLES FOR LINUX CAN WORK ON ANDROID?
It is based on the Linux kernel but other than that it's very different from Linux distros such as Ubuntu. Android uses musl libc while Linux distros uses GNU libc, both are not compatible with each other and hence this shit won't be able to run in Android.
This means, this fancy $50 module is just a placebo and scam. This also confirms my suspicion that this module has never been tested before it's actually bought and used by the user.
HOW THIS IDIOT THOUGHT THAT EXECUTABLES FOR LINUX CAN WORK ON ANDROID?
Wait doesn't Android is based on Linux?
It is based on the Linux kernel but other than that it's very different from Linux distros such as Ubuntu. Android uses musl libc while Linux distros uses GNU libc, both are not compatible with each other and hence this shit won't be able to run in Android.
This means, this fancy $50 module is just a placebo and scam. This also confirms my suspicion that this module has never been tested before it's actually bought and used by the user.
๐ฅ3๐คฃ1
The executable itself is not a compiled language that you may expect such as C or C++, but rather it was a shell script obfuscated with SHC (Shell Script Compiler). Let's assume the idiot that sells this shit obfuscates this script and just uses regular Linux GCC ARM64 to compile it.
It's easily detectable since SHC has unique strings on its executables.
SHC itself can be easily deobfuscated using tools like Unshell, but since this shit was made for Linux, I have to create a Linux chroot container on my phone just to deobfuscate this script.
Even though I know this shit will not work at all, I decided to deobfuscate the script anyway. I'm curious, what is this thing doing under the hood.
It's easily detectable since SHC has unique strings on its executables.
E: neither argv[0] nor $_ works.
SHC itself can be easily deobfuscated using tools like Unshell, but since this shit was made for Linux, I have to create a Linux chroot container on my phone just to deobfuscate this script.
Even though I know this shit will not work at all, I decided to deobfuscate the script anyway. I'm curious, what is this thing doing under the hood.
โค2
phx
36.7 KB
This is the deobfuscated version of the phx script, the serial number is removed for the user's privacy and safety.
Some take on this script:
- Copy paste everywhere
- Hardcoded values everywhere
- No shfmt, horrible indentation
- Use a 16 year old governor named "interactivex"
Some take on this script:
- Copy paste everywhere
- Hardcoded values everywhere
- No shfmt, horrible indentation
- Use a 16 year old governor named "interactivex"
๐ฉ3๐ฅ2๐2
Autistic module just got an update ๐
The JavaScript for KSU exec is questionable at best like how TF useragent contains MMRL's package name?????
Not only this "compatibility" check was not required (MMRL have the same API as KSU) it's blatantly wrong and AI generated code at best ๐ฅ๐๏ธ๐ฎ
So takes from this update:
- No more downloading ๐๐ฆ from the cloud and instead ship it directly on the zip as "bin.so" (I still wondering why she have to encode this if it will decoded in tricky store dir anyway?)
- Massive debloat of Termux ROOTFS from 80 TONS to 5 TONS ๐ โ
- Additional untested vibe coded WebUI ๐ญ๐คฎ๐คฎ
The JavaScript for KSU exec is questionable at best like how TF useragent contains MMRL's package name?????
Not only this "compatibility" check was not required (MMRL have the same API as KSU) it's blatantly wrong and AI generated code at best ๐ฅ๐๏ธ๐ฎ
๐ฑ14โค1๐1
Yang namanya putraxitersz mana yah ๐๐๐
Module kamu cantik betul pgn ku cipok ๐๐๐
Module kamu cantik betul pgn ku cipok ๐๐๐
๐ฅฐ4๐ฑ2๐1๐ฉ1
Oh yes I forgot to say something, since this new channel was created over the old one that was already killed by telegram, I won't share any files here which telegram may find violating its TOS.
All posts here are just screenshot of proof of gimmicks and some yapping, if you want to get the file, we will provide it in the group or other links later.
EDIT: https://t.me/+72Luw2utc3U2MjFl
All posts here are just screenshot of proof of gimmicks and some yapping, if you want to get the file, we will provide it in the group or other links later.
EDIT: https://t.me/+72Luw2utc3U2MjFl
Telegram
Modul๐
พ๏ธs Underground Files
Cloud for deobfuscated modules/scripts
๐ฅ5๐3๐คฎ1๐ฉ1
*Harga jasa sesuai situasi & kondisi
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฉ22๐คฎ7โค2๐2
Modul๐
พ๏ธs #AntiRetardModules
logd is killed by Meow-Autistic module, a new root detection point. Nice
Heya! A PoC detection for Meowna module is ready, will publish it very soon ๐
๐
๐
๐7๐คฎ2๐ฉ2๐ฅ1
Introducing The Meowna Detector!
A prove-of-concept of fatal blunder on the Integrity Box module by Meownaโa root-hiding module that spectacularly backfires by killing
Integrity Box promises Strong Play Integrity ๐ข๐ข๐ข and root hiding, while in the reality this module isn't more than vibe coded project with one massive blunder which is killing logd.
There's no reason whatsoever to include a kill logger into a root hiding module or any modules since this was futile meant it will cause root detection. The irony was this module was supposed to hide root but actually opened a new root detection itself.
If you have installed any module by Meowna remove it immediately since it was useless. Everything that the module does is configurate things that you can do yourself.
BOYCOTT MEOWNA TOGETHER WITH IT'S MODULES!
๐ https://github.com/Rem01Gaming/meowna_detector
A prove-of-concept of fatal blunder on the Integrity Box module by Meownaโa root-hiding module that spectacularly backfires by killing
logd (Androidโs logger daemon).Integrity Box promises Strong Play Integrity ๐ข๐ข๐ข and root hiding, while in the reality this module isn't more than vibe coded project with one massive blunder which is killing logd.
There's no reason whatsoever to include a kill logger into a root hiding module or any modules since this was futile meant it will cause root detection. The irony was this module was supposed to hide root but actually opened a new root detection itself.
If you have installed any module by Meowna remove it immediately since it was useless. Everything that the module does is configurate things that you can do yourself.
BOYCOTT MEOWNA TOGETHER WITH IT'S MODULES!
Please open Telegram to view this post
VIEW IN TELEGRAM
๐26๐คฎ11๐5๐ฅฐ2
Forwarded from ๐ ๐๐ข๐ช๐ป๐ฎ ๐
Bro wants attention maybe for some subscribers for his dead project & channel
๐คฃ45๐ฏ2๐1๐ฅฐ1
๐ ๐๐ข๐ช ๐๐จ๐ ๐ฃ
By the way, this "logd" is needed to avoid lsposed logs detection, (that's why you encounter bootloop when you enable watchlog in lsposed settings)
Huh? My lsposed fine without killing logd ๐ฆ
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅฐ13โค2