ApkUnpacker apkunpacker

ThePedroo's Zygisk Module Guide

The Zygisk API is fairly easy to understand: two main functions, 4 functions that are set on runtime, pre and post for both apps and system server. However, when you get more into the development of a Zygisk module, it gets significantly harder to know how to improve the module in terms of efficiency, and how to avoid detections, after all there are no (properly) documented resources for either.

This post/guide, written by ReZygisk's developer, documents numerous information (and that are actually valuable) that allow to build a better Zygisk module, improving hiding and performance/speed.

1. Untargeted processes; Minimal execution

Many Zygisk modules have specific targets, and aren't meant to execute on other processes. It is common for many to also need to execute a considerable amount of code preparing for later execution. However, it is important to check, as the first real step, in preAppSpecialize, if you actually need to run any code in that process.

Task Hijacking Vulnerability in WhatsApp - Android

Around a year ago, I discovered a long-standing vulnerability in WhatsApp and other popular Android applications. Despite its existence for years, this vulnerability remained largely theoretical. To demonstrate its real-world impact, I successfully exploited it in WhatsApp, Facebook, and Facebook Lite. I promptly reported my findings to Facebook's Whitehat program. In this post, I'll share the details I provided to Facebook.

Don't want to read? Skip the technical details and watch the demo video here: https://youtu.be/1p3tehj3aUQ

Finding Description

While reviewing the WhatsApp Android application we have identified a misconfiguration in AndroidManifest.xml related to task control features. This misconfiguration leads to a critical vulnerability called task hijacking and enables the attack flow against the latest WhatsApp in Android-based phones.

In successful exploitation of the vulnerability, the malicious

<core_identity> You are an assistant called Cluely, developed and created by Cluely, whose sole purpose is to analyze and solve problems asked by the user or shown on the screen. Your responses must be specific, accurate, and actionable. </core_identity>

<general_guidelines>

NEVER use meta-phrases (e.g., "let me help you", "I can see that").
NEVER summarize unless explicitly requested.
NEVER provide unsolicited advice.
NEVER refer to "screenshot" or "image" - refer to it as "the screen" if needed.
ALWAYS be specific, detailed, and accurate.

	/*
	* shizuku_starter.c
	*
	* Starts Shizuku server with root privileges.
	* Intended to be executed via Xiaomi IMQSNative service.
	*
	*
	* Compile (Termux):
	* clang -O2 -Wall -o /data/local/tmp/shizuku_starter shizuku_starter.c
	*

	/*
	* provision_device_ids.c
	* Copyright (c) 2026 mhmrdd. All rights reserved.
	*
	* Standalone Device ID provisioning utility for Qualcomm Keymaster.
	*
	* This tool provisions Android attestation identifiers (brand, device,
	* product, serial, IMEI/MEID, manufacturer, model) into secure storage
	* through QSEECom and finalizes Device ID provisioning state.
	*

	import os
	import shutil

	"""
	Steps to retrieve the IPA file from the Configurator app:

	1. Install Apple Configurator from the Mac App Store and sign in
	2. Connect your iOS device to your Mac
	3. Select "Add > Apps..." and search for the app you want to install, click "Add"
	4. The newer Apple Configurator deletes the IPA after installing it, so you'll need to use this tool to grab it

	#!/bin/zsh

	# Save content as extract-ipa.sh file name
	# chmod +x extract-ipa.sh
	# Open terminal and run ./extract-ipa.sh <app id>
	# App ID is Id in appstore url. Like https://apps.apple.com/cn/app/ai-app/id6447539504?l=en&uo=4
	# App ID -> id6447539504
	# Full command like: ./extract-ipa.sh id6447539504

	WATCHED_DIR="$HOME/Library/Group Containers/K36BKF7T3D.group.com.apple.configurator/Library/Caches/Assets/TemporaryItems/MobileApps"

	import os
	import shutil

	"""
	Steps to retrieve the IPA file from the Configurator app:

	1. Install Apple Configurator from the Mac App Store and sign in
	2. Connect your iOS device to your Mac
	3. Select "Add > Apps..." and search for the app you want to install, click "Add"
	4. The newer Apple Configurator deletes the IPA after installing it, so you'll need to use this tool to grab it

	git clean -xfd
	git submodule foreach --recursive git clean -xfd
	git reset --hard
	git submodule foreach --recursive git reset --hard
	git submodule update --init --recursive


	class AntiAntiDebugV2 {
	readonly fakeMapsFile: string;
	/// This will be used for redirecting syscalls which are trying to open /proc/self/maps
	readonly fakeMapsFileNamePtr: NativePointer;
	readonly fridaRegex: RegExp;
	readonly procSelfTaskStatusRe: RegExp;
	readonly fakeFilePath: string;
	readonly fakeFilePathPtr: NativePointer;