First this I see is the service noscript, and immediately I spot some missing variables here, $config and $MODPATH. Although $MODPATH is declared automatically by Magisk/KSU/AP when module installation, this is not the case with the late_start service noscript.

The shebang is also wrong as you can see it's system/sh instead of /system/bin/sh.

The service noscript itself only does setprop spectrum props. Just looking into the service noscript we know the noscript kiddie that creates this bs doesn't know shit and only cares about money.

The next is the "phx" folder, inside it it contains an executable called phx and when I run the file command to see what format it is, I'm shocked.

HOW THIS IDIOT THOUGHT THAT EXECUTABLES FOR LINUX CAN WORK ON ANDROID?

Wait doesn't Android is based on Linux?

It is based on the Linux kernel but other than that it's very different from Linux distros such as Ubuntu. Android uses musl libc while Linux distros uses GNU libc, both are not compatible with each other and hence this shit won't be able to run in Android.

This means, this fancy $50 module is just a placebo and scam. This also confirms my suspicion that this module has never been tested before it's actually bought and used by the user.

The executable itself is not a compiled language that you may expect such as C or C++, but rather it was a shell noscript obfuscated with SHC (Shell Script Compiler). Let's assume the idiot that sells this shit obfuscates this noscript and just uses regular Linux GCC ARM64 to compile it.

It's easily detectable since SHC has unique strings on its executables.

E: neither argv[0] nor $_ works.

SHC itself can be easily deobfuscated using tools like Unshell, but since this shit was made for Linux, I have to create a Linux chroot container on my phone just to deobfuscate this noscript.

Even though I know this shit will not work at all, I decided to deobfuscate the noscript anyway. I'm curious, what is this thing doing under the hood.

This is the deobfuscated version of the phx noscript, the serial number is removed for the user's privacy and safety.

Some take on this noscript:
- Copy paste everywhere
- Hardcoded values everywhere
- No shfmt, horrible indentation
- Use a 16 year old governor named "interactivex"

You may be wondering why shamiko stuck in whitelist mode?

It's because you're installed that Meow-Autistic module

logd is killed by Meow-Autistic module, a new root detection point.

Nice

Oh yes I forgot to say something, since this new channel was created over the old one that was already killed by telegram, I won't share any files here which telegram may find violating its TOS.

All posts here are just screenshot of proof of gimmicks and some yapping, if you want to get the file, we will provide it in the group or other links later.

EDIT: https://news.1rj.ru/str/+72Luw2utc3U2MjFl

Heya! A PoC detection for Meowna module is ready, will publish it very soon 👅👅👅

Bro wants attention maybe for some subscribers for his dead project & channel

I don't understand, why you would close a detection with another detection loophole?

Also, even if Meowna adds a toggle to on/off the kill logger feature it will still detected since "logd socket" detection is not the only detection on this Meowna Detector.

Meowna also added a "helper app" to make toast notification (I know where she/he kanged that) which package name is meow.helper, another detection loophole of this module.

This app is also installed in such a way that you have to manually remove it via adb/shell, removing the module won't remove the app which is massive security red flag.

It just matters of time that detectors and banking apps start to flag this app as malicious.

If you need to remove it, run this command as root or adb:

pm uninstall meow.helper