[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81695":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":8,"htmlUrl":8,"language":9,"languages":8,"totalLinesOfCode":8,"stars":10,"forks":11,"watchers":12,"openIssues":13,"contributorsCount":13,"subscribersCount":13,"size":13,"stars1d":14,"stars7d":14,"stars30d":14,"stars90d":13,"forks30d":13,"starsTrendScore":15,"compositeScore":16,"rankGlobal":8,"rankLanguage":8,"license":8,"archived":17,"fork":17,"defaultBranch":18,"hasWiki":17,"hasPages":17,"topics":19,"createdAt":8,"pushedAt":8,"updatedAt":20,"readmeContent":21,"aiSummary":22,"trendingCount":13,"starSnapshotCount":13,"syncStatus":23,"lastSyncTime":24,"discoverSource":25},81695,"CheckAppDevice","cornerDevice\u002FCheckAppDevice","cornerDevice",null,"Java",22,16,21,0,1,3,3.69,false,"main",[],"2026-06-12 02:04:18","# DeviceVeil\n\nDeviceVeil is an Android 10-15 Xposed\u002FLSPosed module for device fingerprint protection. Its package name is `com.deviceveil.guard`, and its Xposed entry point is `com.deviceveil.guard.HookInit`. The module enables configurable Java-layer and native-layer hooks inside selected target app processes to observe, normalize, or spoof common device identifiers, system environment values, file\u002Fcommand probes, anti-debugging signals, and anti-Xposed checks.\n\nThis repository is a generic module. It does not include hard-coded business targets, app-specific APIs, signing algorithms, or remote RPC logic. Target apps, process rules, and hook modules are configured from the DeviceVeil UI.\n\n## Features\n\n- Target selection: choose installed apps from the UI or add package names manually.\n- Process rules: supports `*`, `:remote`, `!:push`, full process names, and wildcard patterns.\n- Per-module switches: every hook capability can be enabled or disabled independently.\n- Stable mode: enables the recommended module set and keeps noisy monitors, native hooks, and debug bridges disabled by default.\n- Per-target profile: generates and reuses `fake_device_info.json` in each target app data directory.\n- Java hooks: Android framework APIs, system settings, package manager, telephony, WiFi, battery, audio, WebView, Canvas, accounts, clipboard, location, VPN\u002Fproxy, sensors, and related surfaces.\n- Native hooks: `libcorner_monit.so` with Dobby hooks for libc, files\u002Fproc, system properties, DRM, network interfaces, `ptrace`, `ioctl`, and related low-level entry points.\n- Monitoring events: optional reporting for device API reads, file checks, command execution, and system property access.\n- Redacted logs: sensitive values are masked by default, with a UI switch for full-value diagnostics.\n- Anti-detection handling: filters common Root, Magisk, Xposed\u002FLSPosed, debugger, proxy\u002FVPN, sensitive path, and sensitive package traces.\n\n## Default Behavior\n\nOn first launch, the UI writes `module_config.xml` and applies the stable preset. The default enabled modules are:\n\n- Boot time spoofing\n- System \u002F WiFi \u002F battery information\n- Device identifier protection\n- Advertising IDs, GAID \u002F OAID\n- AppSet \u002F Firebase \u002F FCM\n- Package list protection\n- Third-party SDK persistent IDs\n- Additional system API protection\n- System property protection\n\nModules such as WebView, Canvas, clipboard, accounts, location, VPN, behavior fingerprinting, Xposed trace hiding, native hooks, Binder monitoring, integrity monitoring, command\u002Ffile monitoring, and the Sekiro debug bridge are disabled by default. Enable them only as needed and validate stability per target app.\n\n## Usage\n\n1. Build and install the APK.\n2. Enable DeviceVeil in LSPosed and include the apps you want to protect in the LSPosed scope.\n3. Open DeviceVeil.\n4. In the target section, select installed apps or manually enter package names.\n5. Adjust process rules and hook module switches as needed.\n6. Tap save.\n7. Force stop and reopen the target app so its process reloads the configuration.\n\nWhen target packages are configured in the UI, hooks run only for processes that match `target_packages` and pass `process_rules`. The module package itself is always skipped.\n\nIf the target list is empty, the current implementation can still trust the LSPosed scope as a fallback when LSPosed injects the module into a third-party app. To avoid accidental hooks, always configure explicit targets in the DeviceVeil UI.\n\n## UI\n\n- Target scope: global enable switch, target app list, and process rules.\n- Runtime self-check: global state, target packages, process rules, stable mode, config path, readability, enabled module count, and native hook status.\n- Installed apps: search by app label or package name, then add or remove targets.\n- Hook coverage: stable mode, sensitive logging, and all hook module switches.\n- Apply stable preset: restores the default recommended module set.\n- Disable all hooks: disables every hook module and clears the stable mode flag.\n\nSaved changes do not affect already-running target processes. Force stop the target app and launch it again.\n\n## Process Rules\n\nProcess rules are stored in `process_rules`. Multiple rules can be separated by spaces, newlines, commas, or tabs.\n\n| Rule | Meaning |\n| --- | --- |\n| `*` | Allow all processes of the target app |\n| `:remote` | Match `target.package:remote` or any process ending in `:remote` |\n| `com.example.app` | Match the exact package\u002Fmain process name |\n| `com.example.app:*` | Match process names using a wildcard pattern |\n| `!:push` | Exclude the `:push` subprocess |\n\nRules starting with `!` are exclusions and take precedence. If there are no include rules, any process not excluded is allowed.\n\n## Hook Modules\n\n### Recommended Protection\n\n- `BootTimeFakeHook`: handles `SystemClock`, `\u002Fproc\u002Fuptime`, `\u002Fproc\u002Fstat`, `boot_id`, and related boot-time signals.\n- `SystemInfoFakeHook`: handles WiFi, scan results, battery, system settings, audio, network state, timezone, and locale.\n- `FakeDeviceModule`: handles Android ID, restricted telephony IDs, Build serial, WiFi\u002FNetworkInterface MAC, DRM ID, install\u002Fupdate time, and external storage state.\n- `AdIdFakeHook`: handles Google Advertising ID, MSA OAID, and Huawei\u002FXiaomi\u002FOPPO\u002FVIVO vendor OAID SDKs.\n- `AppSetIdFakeHook`: handles App Set ID, Firebase Installation ID, FCM token, and selected `SubscriptionManager` APIs.\n- `PackageManagerHook`: filters sensitive packages and handles package lists, package info, install source, install\u002Fupdate time, and reflective access.\n- `PersistentIdFakeHook`: handles common SDK IDs stored in SharedPreferences, Firebase, AppsFlyer, Leanplum, Crashlytics\u002FFCM, and similar identifiers.\n- `MissingInfoHook`: covers additional APIs such as StorageManager, UserManager, Display, Biometric, PackageInstaller, environment variables, Settings, input method, wallpaper, camera, and codecs.\n- `SystemPropertiesFakeHook`: handles sensitive values exposed through `android.os.SystemProperties.get()`.\n\n### Advanced Protection\n\n- `WebViewFakeHook`: handles WebSettings and WebView User-Agent related signals.\n- `CanvasFakeHook`: injects light noise into Bitmap\u002FCanvas reads.\n- `ClipboardFakeHook`: restricts clipboard reads.\n- `BootloaderFakeHook`: handles bootloader, verified boot, security patch, device policy, and keyguard state fields.\n- `AccountFakeHook`: hides or fakes AccountManager and Google account data.\n- `UsageStatsFakeHook`: handles UsageStatsManager and NetworkStatsManager.\n- `FontListFakeHook`: filters font lists and font file probes.\n- `LocationFakeHook`: handles LocationManager, Location, FusedLocationProvider, and Geocoder.\n- `VpnDetectionBypassHook`: filters VPN\u002Fproxy signals from NetworkInterface, NetworkCapabilities, and ConnectivityManager.\n- `BehaviorFingerprintHook`: handles sensors, touch coordinates, input timing, and selected WebView behavior fingerprints.\n- `XposedTraceBypassHook`: hides Xposed traces in Method, Field, ClassLoader, and Thread strings.\n- `FlutterRnHook`: handles common Flutter and React Native device-info plugins.\n- `NativeHooks`: loads `libcorner_monit.so` and syncs Java-generated fake config into native code.\n\n### Monitoring And Debugging\n\n- `DeviceLogger`: logs access to Android ID, telephony, WiFi, Bluetooth, sensors, display, advertising ID, and other device APIs.\n- `CmdAndFileLogger`: logs and handles `Runtime.exec()`, `ProcessBuilder.start()`, `File.exists()`, `File.listFiles()`, system properties, and Play Integrity related calls.\n- `BinderHook`: monitors selected Binder transactions.\n- `IntegrityCheckHook`: monitors Zip, CRC32, and MessageDigest integrity-check entry points. CRC\u002Fdigest rewriting is disabled in the current code.\n- `Sekiro`: optional debug bridge using `sekiro_config.json` in the target data directory.\n\nMonitoring modules can be noisy and may affect performance. Use them temporarily when tracing call paths.\n\n## Native Layer\n\nThe native library is `libcorner_monit.so`, loaded by `NativeHooks.init()` inside the target process. It is built with CMake, Dobby static libraries, and the Android NDK.\n\nMain native coverage includes:\n\n- Files and paths: `open`, `open64`, `openat`, `__openat`, `access`, `faccessat`, `readlink`, `readlinkat`.\n- File reads: `read`, `pread`, `pread64`, used for filtering `\u002Fproc\u002Fself\u002Fmaps`, `\u002Fproc\u002F*\u002Fstatus`, and related content.\n- File metadata: `stat`, `lstat`, `fstat`, `newfstatat`, `statfs`, `mmap`, `mmap64`, `process_vm_readv`.\n- Command execution: `execve`, `system`, `popen`.\n- Anti-debugging: `ptrace(PTRACE_TRACEME)` and `TracerPid` normalization.\n- Environment and properties: `getenv`, `__system_property_get`, `uname`.\n- Network interfaces: `getifaddrs`, `ioctl(SIOCGIFHWADDR)`.\n- DRM: `AMediaDrm_getPropertyByteArray`.\n- Module enumeration: `dl_iterate_phdr`.\n- Selected syscall stubs: supplemental hooks for direct syscall paths.\n\nThe current Gradle\u002FNDK configuration packages only `arm64-v8a` and `armeabi-v7a`. The repository contains x86\u002Fx86_64 Dobby libraries, but `app\u002Fbuild.gradle` does not enable x86 ABI filters.\n\n## Configuration And Data Files\n\nModule configuration:\n\n```text\n\u002Fdata\u002Fdata\u002Fcom.deviceveil.guard\u002Fshared_prefs\u002Fmodule_config.xml\n```\n\nTarget runtime files:\n\n```text\n\u002Fdata\u002Fdata\u002F\u003Ctarget_package>\u002Ffake_device_info.json\n\u002Fdata\u002Fdata\u002F\u003Ctarget_package>\u002Fsekiro_config.json\n```\n\n`fake_device_info.json` stores the per-target device profile. It includes Android ID, boot_id, Bluetooth MAC, install\u002Fupdate times, DRM ID, restricted WiFi MAC, GAID, OAID, App Set ID, Firebase ID, FCM token, WiFi, battery, audio, timezone, and locale fields. Delete this file or increase `profile_reset_token` in the config to regenerate the profile on the next target launch.\n\n`sekiro_config.json` is used only when the Sekiro module is enabled. Defaults from `ConfigManager` are group `deviceguard`, client id `950`, and endpoint `192.168.31.58:5612`.\n\n## Android 15 Privacy Strategy\n\nThe project enables `FakeData.ANDROID15_NON_ROOT_PRIVACY_MODE` by default. The goal is to mimic what a normal app can see under the modern Android permission model instead of inventing full hardware identifiers that ordinary apps should not receive.\n\n- IMEI, MEID, IMSI, and ICCID default to `null` or restricted system semantics.\n- `Build.getSerial()` and serial-related properties default to `unknown`.\n- WiFi MAC and native network-interface MAC default to `02:00:00:00:00:00` or restricted values.\n- SSID, BSSID, and network ID prefer system-restricted shapes.\n- Sensitive `\u002Fsys`, `\u002Fproc`, boot, and verified-boot paths are hidden or normalized.\n\nThis reduces contradictions where a normal app appears to obtain hardware identifiers it should not be able to access.\n\n## Project Layout\n\n```text\napp\u002Fsrc\u002Fmain\u002F\n├── AndroidManifest.xml                 # Xposed metadata, launcher Activity, broadcast receiver\n├── assets\u002Fxposed_init                  # LSPosed entry class\n├── java\u002Fcom\u002Fdeviceveil\u002Fguard\u002F\n│   ├── MainActivity.java               # Configuration UI\n│   ├── HookInit.java                   # IXposedHookLoadPackage entry point\n│   ├── ModuleConfig.java               # Config reading, caching, process rules, defaults\n│   ├── ModuleRuntime.java              # Runtime config cache in target processes\n│   ├── Constants.java                  # Package names, paths, hidden lists, log limits\n│   ├── FakeData.java                   # Default fake values and Android 15 privacy policy\n│   ├── RandomIdGenerator.java          # Stable profile field generation\n│   ├── NativeHooks.java                # JNI bridge and native config sync\n│   ├── MonitorReporter.java            # Sends monitor events from target process\n│   ├── MonitorEventReceiver.java       # Receives monitor events in module process\n│   ├── MonitorEventStore.java          # Stores monitor counts and recent events\n│   └── *Hook.java                      # Hook modules\n└── cpp\u002F\n    ├── CMakeLists.txt                  # Native build config\n    ├── corner_monit.cpp                # JNI exports, native hook init, config sync\n    ├── Foundation\u002FIOReplace.cpp        # libc\u002Fproc\u002Fpath\u002Fcommand\u002Fproperty hooks\n    ├── Foundation\u002FSandboxFs.cpp        # Path sandbox helpers\n    ├── Foundation\u002FSensorHook.cpp       # Native sensor handling\n    ├── Foundation\u002FHookFunction.cpp     # Dobby hook wrapper\n    ├── Foundation\u002FSymbol.cpp           # Symbol lookup\n    └── jniLibs\u002F                        # Dobby static libraries\n```\n\n## Build\n\nRequirements:\n\n- Android Studio \u002F Gradle Wrapper\n- JDK 17\n- Android Gradle Plugin 8.3.0\n- Gradle 8.7\n- compileSdk 34, targetSdk 34, minSdk 29\n- NDK `25.0.8775105`\n- CMake `3.22.1`\n\nCommands:\n\n```bash\n.\u002Fgradlew :app:assembleDebug\n.\u002Fgradlew :app:assembleRelease\n.\u002Fgradlew :app:lintDebug\n```\n\nDebug APK:\n\n```text\napp\u002Fbuild\u002Foutputs\u002Fapk\u002Fdebug\u002Fapp-debug.apk\n```\n\nRelease builds currently do not enable minification:\n\n```gradle\nminifyEnabled false\n```\n\n## Troubleshooting\n\n- In the UI, the config path should be `\u002Fdata\u002Fdata\u002Fcom.deviceveil.guard\u002Fshared_prefs\u002Fmodule_config.xml`.\n- The config readability check should be positive. If it is not, save the config again.\n- Force stop the target app after every config change.\n- Make sure both LSPosed scope and DeviceVeil's target list include the target app.\n- If the target app uses multiple processes, verify that `process_rules` covers the subprocesses.\n- Start with the stable preset, then enable advanced and monitoring modules one by one.\n- If native hooks cause instability, disable the Native Hook module first.\n- Search logs for `DeviceVeil` or `[设备信息记录]`.\n\n## Known Limits\n\n- No hardware-backed remote attestation closure is provided. Android Keystore, TEE\u002FStrongBox, Play Integrity, SafetyNet, certificate extensions, and attestation challenges may still expose real security state or inconsistent fields.\n- Binder coverage is not a full structural rewrite. The project includes Binder monitoring, but many system-service values are primarily covered through Java wrapper hooks.\n- Native hooks cannot guarantee coverage for every direct syscall, inline assembly path, statically linked library, self-checking routine, or anti-hook framework.\n- WebView, Canvas, GPU, fonts, resolution, system version, and drivers have cross-field consistency requirements. Over-spoofing individual fields can create new fingerprints.\n- Monitoring, Binder, integrity, and native modules may add performance overhead or compatibility risk.\n- Config reading depends on the target process being able to access the module config XML. Some ROMs, SELinux policies, or multi-user environments may need additional handling.\n- Target app private data paths, APK paths, `Android\u002Fdata\u002F\u003Cpackage>`, and `Android\u002Fobb\u002F\u003Cpackage>` are excluded by path rules, but complex storage redirection may require more rules.\n\n## Roadmap Ideas\n\n- Move certificate, integrity, and remote-attestation handling into a separate advanced module disabled by default.\n- Add a UI button for device-profile reset by updating `profile_reset_token`.\n- Display `MonitorEventStore` recent events and per-target counters in the UI.\n- Split Native Hook into smaller per-capability switches.\n- Add tests for multi-user paths, Work Profile, and storage redirection.\n- Build consistency test samples for WebView, Canvas, GPU, and fonts.\n\n## Scope\n\nDeviceVeil is useful for generic Android device fingerprint protection, hook coverage validation, anti-detection signal observation, and local privacy-field normalization. It should not be treated as a complete risk-control bypass framework and does not promise to bypass any specific app, business API, or hardware attestation chain.\n","DeviceVeil 是一个针对 Android 10-15 系统的 Xposed\u002FLSPosed 模块，用于保护设备指纹信息。其核心功能包括通过 Java 层和原生层的可配置钩子来观察、规范化或伪造常见的设备标识符、系统环境值、文件\u002F命令探测、反调试信号及反 Xposed 检测。用户可以通过 DeviceVeil 的图形界面选择目标应用、设置进程规则，并独立启用或禁用每个钩子能力。此外，它还提供了稳定模式，默认情况下仅启用推荐模块集，同时屏蔽噪音监控器、原生钩子和调试桥接。此项目适用于需要增强移动应用安全性和隐私保护的场景，如防止设备指纹泄露给第三方服务提供商。",2,"2026-06-11 04:06:01","CREATED_QUERY"]