GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → RikkaApps → Riru

RikkaApps / Riru

Inject into zygote process

Programming Languages

C++
36643 projects - #6 most used programming language
java
68154 projects - #9 most used programming language
shell
77523 projects
c
50402 projects - #5 most used programming language
CMake
9771 projects

Labels

androidriru

Projects that are alternatives of or similar to Riru

Edxposed
Elder driver Xposed Framework.
Stars: ✭ 4,458 (+25.08%)
Mutual labels:  riru
Fingerprint-pay-magisk-taobao
淘宝指纹支付 (Fingerprint pay for Taobao)
Stars: ✭ 67 (-98.12%)
Mutual labels:  riru
riru MPH
Hook android system prop function to add properties
Stars: ✭ 23 (-99.35%)
Mutual labels:  riru
Fingerprint-pay-magisk-qq
QQ指纹支付 (Fingerprint pay for QQ)
Stars: ✭ 58 (-98.37%)
Mutual labels:  riru

Riru

Riru only does one thing, inject into zygote in order to allow modules to run their codes in apps or the system server.

The name, Riru, comes from a character. (https://www.pixiv.net/member_illust.php?mode=medium&illust_id=74128856)

Requirements

Android 6.0+ devices rooted with Magisk

Guide

Install

  • From Magisk Manager

    1. Search "Riru" in Magisk Manager
    2. Install the module named "Riru"

    The Magisk version requirement is enforced by Magisk Manager. You can check Magisk's module installer script.

  • Manually

    1. Download the zip from the GitHub release
    2. Install in Magisk Manager (Modules - Install from storage - Select downloaded zip)

Common problems

How Riru works?

  • How to inject into the zygote process?

    Before v22.0, we use the method of replacing a system library (libmemtrack) that will be loaded by zygote. However, it seems to cause some weird problems. Maybe because libmemtrack is used by something else.

    Then we found a super easy way, the "native bridge" (ro.dalvik.vm.native.bridge). The specific "so" file will be automatically "dlopen-ed" and "dlclose-ed" by the system. This way is from here.

  • How to know if we are in an app process or a system server process?

    Some JNI functions (com.android.internal.os.Zygote#nativeForkAndSpecialize & com.android.internal.os.Zygote#nativeForkSystemServer) is to fork the app process or the system server process. So we need to replace these functions with ours. This part is simple, hook jniRegisterNativeMethods since all Java native methods in libandroid_runtime.so is registered through this function. Then we can call the original jniRegisterNativeMethods again to replace them.

How does Hide works?

From v22.0, Riru provides a hidden mechanism (idea from Haruue Icymoon), make the memory of Riru and module to anonymous memory to hide from "/proc/maps string scanning".

Build

Gradle tasks:

  • :riru:assembleDebug/Release

    Generate Magisk module zip to out.

  • :riru:pushDebug/Release

    Push the zip with adb to /data/local/tmp.

  • :riru:flashDebug/Release

    Flash the zip with adb shell su -c magisk --install-module.

  • :riru:flashAndRebootDebug/Release

    Flash the zip and reboot the device.

Module template

https://github.com/RikkaApps/Riru-ModuleTemplate

Module API changes

https://github.com/RikkaApps/Riru-ModuleTemplate/blob/master/README.md#api-changes

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].