Skip to content

feat(root): add /proc/mounts Magisk signature and zygote context detection#6

Open
ZnDong wants to merge 1 commit into1193776794:mainfrom
ZnDong:add-new-root-detection
Open

feat(root): add /proc/mounts Magisk signature and zygote context detection#6
ZnDong wants to merge 1 commit into1193776794:mainfrom
ZnDong:add-new-root-detection

Conversation

@ZnDong
Copy link

@ZnDong ZnDong commented Feb 19, 2026

Detection method derived from a real-world Chinese banking app, which kills the process immediately upon detection.

  • Add legacy Magisk paths (/sbin/.magisk/mirror, /sbin/.magisk/block, /sbin/.core/*) to getMagiskPaths()
  • Add /sbin/.magisk/ and /sbin/.core/ to suspicious mount patterns
  • Add checkMountsForMagisk{Native,Syscall} for /proc/self/mounts scanning
  • Add checkZygoteContext{Native,Syscall} for /proc/self/attr/prev verification
  • Register both new detection items in RootDetector.getAllDetections()

@ZnDong
feat(root): add /proc/mounts Magisk signature and zygote context dete…
5ce8049 
…ction

- Add legacy Magisk paths (/sbin/.magisk/mirror, /sbin/.magisk/block, /sbin/.core/*) to getMagiskPaths()

- Add /sbin/.magisk/ and /sbin/.core/ to suspicious mount patterns

- Add checkMountsForMagisk{Native,Syscall} for /proc/self/mounts scanning

- Add checkZygoteContext{Native,Syscall} for /proc/self/attr/prev verification

- Register both new detection items in RootDetector.getAllDetections()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ZnDong