Riru only does one thing, inject into zygote in order to allow modules to run their codes in apps or the system server.
The name, Riru, comes from a character. (https://www.pixiv.net/member_illust.php?mode=medium&illust_id=74128856)
Android 6.0+ devices rooted with Magisk
From Magisk Manager
- Search "Riru" in Magisk Manager
- Install the module named "Riru"
The Magisk version requirement is enforced by Magisk Manager. At the time of the release of Magisk v21.1, the requirement is v20.4.
- Download the zip from the GitHub release
- Install in Magisk Manager (Modules - Install from storage - Select downloaded zip)
"Riru" app (show Riru status)
If you are using other modules that change ro.dalvik.vm.native.bridge
, Riru will not work. (Riru will automatically set it back)
A typical example is, some "optimize" modules change this property. Since changing this property is meaningless for "optimization", their quality is very questionable. In fact, changing properties for optimization is a joke.
How to inject into the zygote process?
Before v22.0, we use the method of replacing a system library (libmemtrack) that will be loaded by zygote. However, it seems to cause some weird problems. Maybe because libmemtrack is used by something else.
Then we found a super easy way, the "native bridge" (
). The specific "so" file will be automatically "dlopen-ed" and "dlclose-ed" by the system. This way is from here. -
How to know if we are in an app process or a system server process?
Some JNI functions (
) is to fork the app process or the system server process. So we need to replace these functions with ours. This part is simple, hookjniRegisterNativeMethods
since all Java native methods inlibandroid_runtime.so
is registered through this function. Then we can call the originaljniRegisterNativeMethods
again to replace them.
From v22.0, Riru provides a hidden mechanism (idea from Haruue Icymoon), make the memory of Riru and module to anonymous memory to hide from "/proc/maps
string scanning".
Run gradle task :riru:assembleRelease
task from Android Studio or the terminal, zip will be saved to out