feat(props): stealth writes, nuke operations, and smart enforcement

Enginex0 · Enginex0 · commit 50817f16f694 · 2026-03-26T14:26:17.000+01:00
Upgrade resetprop-rs from v0.2.0 to v0.4.0 (local path dep) to gain
set_stealth (no serial bump/futex wake), nuke (count-preserving delete
with arena compaction), and nuke_persist (on-disk protobuf cleanup).

Spoof table now skips props that don't exist on the device to avoid
creating phantom fingerprinting surface. Nuke tables added for PIF
and custom ROM props that leak module/ROM identity. Persist-prefixed
props route through nuke_persist so they don't survive reboot.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -16,7 +16,7 @@ thiserror = "= 2.0.18"
 libc = "= 0.2.180"
 rand = "= 0.8.5"
 zip = { version = "= 8.1.0", default-features = false, features = ["deflate"] }
-resetprop = { git = "https://github.com/Enginex0/resetprop-rs" }
+resetprop = { path = "external/resetprop-rs/crates/resetprop" }
 
 [dev-dependencies]
 tempfile = "3"
diff --git a/external/resetprop-rs b/external/resetprop-rs
@@ -1 +1 @@
-Subproject commit 3e49fb708d5b7a00c2ecfb183ee58a85a63c5e75
+Subproject commit 1f88c1a09b1e1673e12a60fe4e85ed96a416727d
diff --git a/src/prop/enforcer.rs b/src/prop/enforcer.rs
@@ -1,12 +1,46 @@
 use resetprop::PropSystem;
-use tracing::trace;
+use tracing::{debug, trace, warn};
 
-pub(super) fn enforce_once(sys: &PropSystem, props: &[(&str, &str)]) {
+pub(super) fn enforce_stealth(sys: &PropSystem, props: &[(&str, &str)]) {
+    let (mut spoofed, mut skipped) = (0u32, 0u32);
     for &(name, value) in props {
-        let current = sys.get(name);
-        if current.as_deref() != Some(value) {
-            trace!(prop = name, from = ?current, to = value, "enforce");
-            let _ = sys.set(name, value);
+        match sys.get(name) {
+            Some(current) if current != value => {
+                trace!(prop = name, from = current, to = value, "stealth");
+                let _ = sys.set_stealth(name, value);
+                spoofed += 1;
+            }
+            Some(_) => skipped += 1,
+            None => skipped += 1,
         }
     }
+    debug!(spoofed, skipped, "enforce_stealth");
+}
+
+pub(super) fn nuke_props(sys: &PropSystem, names: &[&str]) {
+    let (mut nuked, mut absent) = (0u32, 0u32);
+    for &name in names {
+        if sys.get(name).is_none() {
+            absent += 1;
+            continue;
+        }
+        trace!(prop = name, "nuke");
+        let result = if name.starts_with("persist.") {
+            sys.nuke_persist(name)
+        } else {
+            sys.nuke(name)
+        };
+        match result {
+            Ok(true) => nuked += 1,
+            Ok(false) => absent += 1,
+            Err(e) => {
+                warn!(prop = name, err = %e, "nuke failed, falling back to hexpatch");
+                let _ = sys.hexpatch_delete(name);
+                nuked += 1;
+            }
+        }
+    }
+    if nuked > 0 {
+        debug!(nuked, absent, "nuke_props");
+    }
 }
diff --git a/src/prop/mod.rs b/src/prop/mod.rs
@@ -32,20 +32,26 @@ pub fn run_prop_watch() -> Result<()> {
         }
     };
 
+    enforcer::nuke_props(&sys, table::NUKE_PIF);
+    enforcer::nuke_props(&sys, table::NUKE_CUSTOM_ROM);
+
     let props: Vec<(&str, &str)> = table::GENERAL
         .iter()
         .map(|p| (p.name, p.value))
         .collect();
-    enforcer::enforce_once(&sys, &props);
+    enforcer::enforce_stealth(&sys, &props);
 
     let size = config.brene.vbmeta_size.to_string();
-    let _ = sys.set("ro.boot.vbmeta.size", &size);
+    if sys.get("ro.boot.vbmeta.size").as_deref() != Some(&size) {
+        let _ = sys.set_stealth("ro.boot.vbmeta.size", &size);
+    }
 
-    if !config.brene.verified_boot_hash.is_empty() {
-        let _ = sys.set("ro.boot.vbmeta.digest", &config.brene.verified_boot_hash);
+    let hash = &config.brene.verified_boot_hash;
+    if !hash.is_empty() && sys.get("ro.boot.vbmeta.digest").as_deref() != Some(hash.as_str()) {
+        let _ = sys.set_stealth("ro.boot.vbmeta.digest", hash);
     }
 
-    info!("general prop spoofing applied");
+    info!("prop spoofing applied (stealth mode)");
     Ok(())
 }
 
diff --git a/src/prop/table.rs b/src/prop/table.rs
@@ -35,3 +35,32 @@ pub(super) static GENERAL: &[PropEntry] = &[
     PropEntry { name: "ro.boot.warranty_bit", value: "0" },
     PropEntry { name: "ro.warranty_bit", value: "0" },
 ];
+
+// Props that leak PIF module presence
+pub(super) static NUKE_PIF: &[&str] = &[
+    "persist.sys.pihooks.status",
+    "persist.sys.pihooks",
+    "ro.pihooks.enable",
+    "persist.pihooks.mainline_update",
+    "persist.sys.pixelprops.pi",
+    "persist.sys.pixelprops.gms",
+    "persist.sys.pixelprops.gphotos",
+    "persist.sys.pixelprops.netflix",
+];
+
+// Props that leak custom ROM identity
+pub(super) static NUKE_CUSTOM_ROM: &[&str] = &[
+    "ro.lineage.build.version",
+    "ro.lineage.build.version.plat_sdk",
+    "ro.lineage.version",
+    "ro.lineage.display.version",
+    "ro.lineage.releasetype",
+    "ro.lineageaudio.version",
+    "ro.crdroid.build.version",
+    "ro.crdroid.version",
+    "ro.crdroid.display.version",
+    "ro.modversion",
+    "ro.romversion",
+    "ro.rom.build.display.id",
+    "ro.custom.build.version",
+];
