Introduction to Leoric
Leoric is a Proof of Concept (PoC) project demonstrating an advanced method to keep Android processes alive, effectively preventing them from being force-stopped. This technique works across various Android versions, showcasing its capability as a robust solution for app persistence.
Named after the character "Skeleton King"—or Leoric—in the game Dota, whose ultimate ability is "Reincarnation", the project embodies its name by enabling Android processes to practically "come back to life" after being terminated.
Development Environment
The Leoric project requires JDK 11 and NDK 19.2.5345600 to compile.
How to Reproduce
While theoretically compatible with any Android version, this PoC has been specifically tested on Android 9.0 and Android 10. Users interested in understanding how it functions can refer to the demo project for detailed guidance on utilization.
Implementation Principles
For those interested in the technical foundations of Leoric, further insights are available through these resources:
These articles dive deeply into the mechanisms behind keeping an app active and the intricate workings of Android's process management.
Countermeasures
Killing the Leoric process can be achieved with the following command:
ps -A | grep `ps -A | grep me.weishu.leoric | awk '{print $1}' | head -1` | awk '{print $2}' | xargs kill -19 && am force-stop me.weishu.leoric
System-level counteractions might include:
- Implementing logic that prevents starting new processes during a force-stop.
- Modifying the force-stop logic to preemptively collect and then terminate all relevant processes, possibly employing SIGSTOP beforehand.
However, with advancements such as those in Android 14, where the system introduces a logic to freeze applications in all cgroups before force-stopping, the effectiveness of such methodologies is reduced.
Important Notice
This project is intended solely for educational and research purposes. The developers are not responsible for any issues that arise from its use. Furthermore, it remains far from being viable for practical application and shouldn’t be assumed as such.
The motive behind sharing the code is to encourage improvements in system architectures and provide solutions, and it’s important not to misuse it.
Contact Information
For inquiries, the creator of Leoric can be reached at [email protected].
Licensing
Leoric is published under the Apache License, Version 2.0. You can find the full licensing details at:
Acknowledgments
Special credit is given to MarsDaemon, which served as inspiration in developing this project.