Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 533 Commits
.github		.github
gradle/wrapper		gradle/wrapper
riru		riru
rirud		rirud
stub		stub
template		template
.gitattributes		.gitattributes
.gitignore		.gitignore
README.md		README.md
build.gradle		build.gradle
gradle.properties		gradle.properties
gradlew		gradlew
gradlew.bat		gradlew.bat
settings.gradle		settings.gradle

Repository files navigation

Deprecated

All Riru users and Riru modules should migrate to Zygisk.

Riru

Riru only does one thing, inject into zygote in order to allow modules to run their codes in apps or the system server.

The name, Riru, comes from a character. (https://www.pixiv.net/member_illust.php?mode=medium&illust_id=74128856)

Requirements

Android 6.0+ devices rooted withMagisk

Guide

Install

From Magisk Manager
1. Search "Riru" in Magisk Manager
2. Install the module named "Riru"
The Magisk version requirement is enforced by Magisk Manager. You can checkMagisk's module installer script.
Manually
1. Download the zip from theGitHub release
2. Install in Magisk Manager (Modules - Install from storage - Select downloaded zip)

Common problems

Third-party ROMs have incorrect SELinux rule
https://github.com/RikkaApps/Riru/wiki/Explanation-about-incorrect-SELinux-rules-from-third-party-ROMs-cause-Riru-not-working
Have low quality module that changesro.dalvik.vm.native.bridge installed
If you are using other modules that changero.dalvik.vm.native.bridge, Riru will not work. (Riru will automatically set it back)
A typical example is, some "optimize" modules change this property. Since changing this property is meaningless for "optimization", their quality is very questionable. In fact, changing properties for optimization is a joke.

How Riru works?

How to inject into the zygote process?
Before v22.0, we use the method of replacing a system library (libmemtrack) that will be loaded by zygote. However, it seems to cause some weird problems. Maybe because libmemtrack is used by something else.
Then we found a super easy way, the "native bridge" (ro.dalvik.vm.native.bridge). The specific "so" file will be automatically "dlopen-ed" and "dlclose-ed" by the system. This way is fromhere.
How to know if we are in an app process or a system server process?
Some JNI functions (com.android.internal.os.Zygote#nativeForkAndSpecialize &com.android.internal.os.Zygote#nativeForkSystemServer) is to fork the app process or the system server process.So we need to replace these functions with ours. This part is simple, hookjniRegisterNativeMethods since all Java native methods inlibandroid_runtime.so is registered through this function.Then we can call the originaljniRegisterNativeMethods again to replace them.

How does Hide works?

From v22.0, Riru provides a hidden mechanism (idea fromHaruue Icymoon), make the memory of Riru and module to anonymous memory to hide from "/proc/maps string scanning".

Build

Gradle tasks:

:riru:assembleDebug/Release
Generate Magisk module zip toout.
:riru:pushDebug/Release
Push the zip with adb to/data/local/tmp.
:riru:flashDebug/Release
Flash the zip withadb shell su -c magisk --install-module.
:riru:flashAndRebootDebug/Release
Flash the zip and reboot the device.