RootShield : The Ultimate Shield for Rooted Android Devices - Protect your rooted Android device from unauthorized file operations and process executions! ๐ก๏ธ RootShield is a powerful kernel module that ensures your device remains secure by monitoring and preventing risky activities. Built to safeguard your most critical files and processes, RootShield is your deviceโs ultimate defense mechanism. ๐ ๏ธ๐ฅ
- Modular Architecture: Completely redesigned with a modular structure for better maintainability and extensibility.
- Memory Protection: New memory monitoring to detect and prevent buffer overflows and code injection attacks.
- Kernel Module Protection: Added protection against loading of suspicious or malicious kernel modules.
- Runtime Configuration: Dynamic configuration options that can be set when loading the module without recompilation.
- Security Statistics: Comprehensive tracking and reporting of security events and blocked threats.
- Configurable Security Policies: New configuration options to customize security responses and monitoring scope.
- Performance Improvements: Optimized monitoring with conditional compilation for minimal performance impact.
- ๐ก๏ธ Execution Protection: Monitors and blocks execution of sensitive binaries like
suon rooted devices. - ๐ File System Protection: Prevents unauthorized writes and access to critical system paths.
- ๐๏ธ Process Protection: Safeguards against suspicious process creation and manipulation.
- ๐ Network Monitoring: Detects and blocks connections to suspicious ports commonly used for backdoors.
- ๐ System Call Protection: Monitors sensitive system calls that could be used for privilege escalation.
- ๐พ Memory Protection: Prevents memory-based attacks like buffer overflows and code injection.
- ๐ฆ Module Loading Protection: Blocks loading of suspicious kernel modules that might contain malware.
- โ๏ธ Configurable Security Policies: Customize security responses based on your needs.
- ๐ Comprehensive Logging: Detailed security alerts with process information for better threat analysis.
- ๐ ๏ธ Easy to Integrate: Simple integration as a kernel module with a straightforward setup process.
- ๐ Dynamic Module Loading/Unloading: Easily load and unload the RootShield module as needed.
- Linux Kernel (with Kprobes support)
- Rooted Android Device
- GNU Make for compiling the module
- Kernel Headers installed for your Android device
To secure your Android device with RootShield, follow these steps:
-
Clone the repository and navigate to the project directory:
git clone https://github.com/ImKKingshuk/RootShield.git cd RootShield -
Build the kernel module:
make
-
Load the RootShield module into your kernel with default settings:
sudo insmod rootshield.ko
Or customize the security settings at load time:
sudo insmod rootshield.ko exec_monitor_enabled=1 file_monitor_enabled=1 notify_only=1
-
Build and run the notification client (optional):
cd client make sudo ./rootshield_client -
To unload the module:
sudo rmmod rootshield
-
Monitor the system logs to see RootShield in action:
dmesg | grep RootShield
RootShield supports the following configuration options that can be set when loading the module:
| Option | Type | Default | Description |
|---|---|---|---|
| exec_monitor_enabled | bool | 1 | Enable/disable execution monitoring |
| file_monitor_enabled | bool | 1 | Enable/disable file system monitoring |
| process_monitor_enabled | bool | 1 | Enable/disable process monitoring |
| network_monitor_enabled | bool | 1 | Enable/disable network monitoring |
| syscall_monitor_enabled | bool | 1 | Enable/disable syscall monitoring |
| memory_monitor_enabled | bool | 1 | Enable/disable memory monitoring |
| module_monitor_enabled | bool | 1 | Enable/disable kernel module monitoring |
| kill_violating_process | bool | 1 | Kill processes that violate security policies |
| notify_only | bool | 0 | Only log violations without taking action |
| block_only | bool | 0 | Block operations without killing the process |
| verbose_logging | bool | 0 | Enable verbose logging for debugging |
Here are some common issues and their solutions:
-
Error: "Module not found"
- Ensure you're in the correct directory
- Verify the module was built successfully
- Check kernel version compatibility
-
Error: "Required key not available"
- Your kernel may require signed modules
- Check your device's secure boot settings
-
High CPU Usage
- Disable verbose logging
- Adjust monitoring scope in configuration
- Update to the latest version
-
System Slowdown
- Reduce the number of enabled monitors
- Set
block_only=1instead of killing processes - Consider using
notify_only=1for testing
src/
โโโ core/ # Core functionality
โโโ include/ # Header files
โโโ monitors/ # Individual monitoring modules
โโโ utils/ # Utility functions
- Create a new monitor in
src/monitors/ - Define the monitor's interface in
include/ - Register the monitor in
src/core/main.c - Add configuration options in
include/config.h
- Follow the Linux kernel coding style
- Add comprehensive comments and documentation
- Include unit tests for new features
- Maintain backward compatibility
- Start with
notify_only=1to understand impact - Enable all monitoring features in production
- Use
verbose_logging=1only for debugging - Regularly update RootShield to latest version
- Monitor system logs regularly
- Set up automated alerts for violations
- Maintain backups before major changes
- Test thoroughly in staging environment
Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request.
GNU General Public License v3.0