Reverse Engineer of Magisk Module "PHEONIX PRO GAMING"

This shit easily became the most scummy module I ever came across, and the fact this module is literally selling for $50 makes it more ridiculous. I feel bad for the ones that bought this thing.

The module was leaked by someone that just bought this module, he came to my pm and asked me to RE this module to see what's going inside the module.

My first thing that comes to my mind is how ridiculous the price was for a literal gayming module that is probably worth half of your phone you probably used to read this, and how even gayming lunatics/idiots can buy this thing?

I meant 50 dollars for a gayming module? There are a lot of free alternatives out there that probably perform better than this shit such as Encore Tweaks.

I'm curious about how good this module is since it was $50, I go ahead and look into the module.

First this I see is the service script, and immediately I spot some missing variables here, $config and $MODPATH. Although $MODPATH is declared automatically by Magisk/KSU/AP when module installation, this is not the case with the late_start service script.

The shebang is also wrong as you can see it's system/sh instead of /system/bin/sh.

The service script itself only does setprop spectrum props. Just looking into the service script we know the script kiddie that creates this bs doesn't know shit and only cares about money.

The next is the "phx" folder, inside it it contains an executable called phx and when I run the file command to see what format it is, I'm shocked.

HOW THIS IDIOT THOUGHT THAT EXECUTABLES FOR LINUX CAN WORK ON ANDROID?

Wait doesn't Android is based on Linux?

It is based on the Linux kernel but other than that it's very different from Linux distros such as Ubuntu. Android uses musl libc while Linux distros uses GNU libc, both are not compatible with each other and hence this shit won't be able to run in Android.

This means, this fancy $50 module is just a placebo and scam. This also confirms my suspicion that this module has never been tested before it's actually bought and used by the user.

The executable itself is not a compiled language that you may expect such as C or C++, but rather it was a shell script obfuscated with SHC (Shell Script Compiler). Let's assume the idiot that sells this shit obfuscates this script and just uses regular Linux GCC ARM64 to compile it.

It's easily detectable since SHC has unique strings on its executables.

E: neither argv[0] nor $_ works.

SHC itself can be easily deobfuscated using tools like Unshell, but since this shit was made for Linux, I have to create a Linux chroot container on my phone just to deobfuscate this script.

Even though I know this shit will not work at all, I decided to deobfuscate the script anyway. I'm curious, what is this thing doing under the hood.

This is the deobfuscated version of the phx script, the serial number is removed for the user's privacy and safety.

Some take on this script:
- Copy paste everywhere
- Hardcoded values everywhere
- No shfmt, horrible indentation
- Use a 16 year old governor named "interactivex"

You may be wondering why shamiko stuck in whitelist mode?

It's because you're installed that Meow-Autistic module

logd is killed by Meow-Autistic module, a new root detection point.

Nice

Oh yes I forgot to say something, since this new channel was created over the old one that was already killed by telegram, I won't share any files here which telegram may find violating its TOS.

All posts here are just screenshot of proof of gimmicks and some yapping, if you want to get the file, we will provide it in the group or other links later.

EDIT: https://t.me/+72Luw2utc3U2MjFl

Heya! A PoC detection for Meowna module is ready, will publish it very soon 👅👅👅

Bro wants attention maybe for some subscribers for his dead project & channel

I don't understand, why you would close a detection with another detection loophole?