SUSFS Custom Settings

SUSFS Custom Settings

Custom Rom Hide settings

• Hide Custom ROM Paths

  • This feature scans all the custom ROM-related files and directories such as 'lineage' and 'crdroid', then executes sus_path in those directories. Since it hides all custom ROM-related files, this feature may lead to instability of the system and could cause apps to crash. Use this feature at your own risk.

• Hide Vendor SEPolicy

  • It hides the 'lineage' related strings on vendor_sepolicy.cil by removing 'lineage' in /vendor/etc/selinux/vendor_sepolicy.cil. After that, it gets mounted and hides it by using sus_mount, then uses sus kstat to spoof the file properties of the file to its original.

• Hide Compat Matrix

  • This is also the same as the Hide Vendor SEPolicy, but it hides the 'lineage' related strings on /system/etc/vintf/compatibility_matrix.device.xml

• Spoof Service List

  • This one spoofs the 'lineage' related strings on /system/bin/service. This one is a workaround method for hiding it on Native Detector by Reveny, but they have another way to detect it on the latest update. So this feature is ancient.

Hide GAPPS

This is the same as the Hide Custom ROM Paths, but this feature scans the gapps-related paths and executes the sus_path

Emulate Vold App Data Isolation (v1.5.8+)

• This feature emulates the hiding of vold app data (persist.sys.vold_app_data_isolation_enabled) by using sus_path on /sdcard/Android/data app directories for third-party applications.

Hide Revanced (YT/YTM)

This feature scans the Revanced module mount on /proc/self/mounts and then uses sus_mount and try_umount to hide those paths. Currently, the only apps that hide it are com.google.android.youtube and com.google.android.apps.youtube.music

Spoof CMDLine

Spoof CMDLine changes the CMDLine props on /proc/cmdline. Since that path is read-only, this feature copies a cmdline file first, then changes the props, then, after that, executes the set_cmdline_or_bootconfig or set_proc_cmdline for spoofing, depending on what SUSFS is installed on the kernel. Currently, the only props that are spoofed are androidboot.verifiedbootstate=green, androidboot.hwname, and androidboot.product.hardware.sku

Hide KSU Loops

This feature finds the KernelSU loops on /proc/fs/jbd2/ and then uses sus_path on KernelSU loops on /proc/fs/jbd2/ and /proc/fs/ext4/. This feature is mainly used on KernelSU, which uses OverlayFS instead of the newer Magic Mount on some KernelSU Forks. This is due to the KernelSU Sparse image file modules.img, and then it gets leaked on /proc/fs/jbd2/ and /proc/fs/ext4/. If you're using a Magic Mount or KernelSU Next, it's best to disable this feature. Some ROMs still detect this one, so the best advice is to use a magic mount KernelSU Fork or KernelSU Next.

Avc Log Spoofing (v1.5.9+)

• This feature will spoof the 'su' tcontext shown in avc log in kernel.
• 'su' AVC Log Leak is a new detection point, so this feature may come in handy soon.

Force Hide dex2oat Mounts (Formerly as Force Hide LSPosed Mounts)

This is an old feature to hide dex2oat mounts on the older LSPosed module. If you're using a newer one like Jing Matrix and LSPosed Internal Version, it's best not to use this feature.

Manual Custom SUSFS Settings

This section is for power users only and knows what they're doing, and this may cause a bootloop or soft brick of your device if you add paths recklessly, so DO IT AT YOUR OWN RISK

• Custom sus_path

  • This section is where you want to add your paths that will execute the add_sus_path on boot

• Custom sus_path_loop

  • This section is where you want to add your paths that will execute the add_sus_path_loop on boot
  • The difference with sus_path and sus_path_loop is that on sus_path_loop, the added sus_path will be flagged as sus_path again per each zygote spawned non-rooted process (This could be used when the file path is changing or updated)
  • Paths that involve /sdcard or /sdcard/Android/Data would not be supported

• Custom sus_map (Late v1.5.12+)

  • This section is where you want to add your mount paths that will execute the add_sus_map on boot
  • Allow hiding mmapped real file from /proc/<pid>/[maps|smaps|smaps_rollup|map_files|mem|pagemap]
  • It does NOT support hiding for anon memory.
  • It does NOT hide any inline hooks or plt hooks caused by the injected library itself.
  • It may not be able to evade detections by apps that implement good injection detection.
  • Effective only on zygote spawned umounted user app process.

• Custom sus_mount

  • This section is where you want to add your mount paths that will execute the add_sus_mount on boot

• Custom try_umount

  • This section is where you want to add your mount paths that will execute the add_try_umount on boot