Hooking + Privacy Framework For Android 6.0 +
To understand it easily, XPL-EX is an application that conceals other applications from accessing any information about your device, whether the data is unique or generic. This project was originally forked from M66B's work, although, at this point, very few parts of the original code remain. Most of what exists now has been modified or added by me (over 40,000 lines modified/added). I further developed this app not just to fulfill a childhood dream but also to challenge the companies that trade our data, aiming to inspire hope for our future privacy. I seek no financial gain, only privacy for future generations.
XPL-EX is a hooking framework designed for privacy, arguably the best privacy-focused Xposed application for Android. It offers numerous hooks, significantly more than its competitors, and it is entirely open-source and free. No internet connection is required, no background analytics, no logging to servers – nothing! Just pure Java Android native UI, no authentication, all free and open-source.
This framework targets any selected application, masking your real data by feeding the targeted apps fabricated information. For example, if an app detected your device had 8 GB of RAM, with the memory options applied in XPL-EX, it could now detect 900 GB of RAM (or whatever you select). If your device is a Samsung, you can choose device name/manufacturer options to masquerade as an iPhone or Pixel – the possibilities are vast. While the applications won't fully believe they're interacting with an iPhone, given the JVM environment, it illustrates the app's potential.
We live in a world where applications consistently collect and sell user data. Ironically, some apps that offer similar functionalities to XPL-EX come with built-in data analytics and provide significantly fewer options. Some even require payment for features that XPL-EX offers for free, making alternative options less appealing.
Beyond privacy, this app serves various other purposes, allowing you to manipulate target applications if you know how to write LUA (the scripts executed within the hooks use LUA). XPL-EX is more than just a privacy tool; it's a comprehensive hooking framework that allows users to define hooks dynamically within the app.
As of now (March 26, 2024), XPL-EX only supports Java hooks, not native hooks. However, since most data requests are served through Java APIs, native APIs are less crucial (even with JNI, the execution still transitions through Java, where XPL-EX can intercept). In the future, XPL-EX plans to support native hooking, aiming to be an all-in-one hooking solution and the best application for protecting privacy from other apps.
I'm not a professional outside work environments. Away from professional settings, I pursue what pleases me, in the manner I choose, and at my convenience. My focus isn't on maintaining a professional facade; instead, I wish to showcase my art, my work, and my passion. My identity as an individual is secondary to what I create and contribute. I aim to enlighten and inspire, to demystify the seemingly incomprehensible, and to share knowledge. I am committed to learning whatever is necessary, hoping others will also pursue learning and achieve anything they aspire to. My journey has included reverse engineering, obfuscation, malware development, app development, Android game modding, among other skills. Time is the one commodity you cannot buy, sell, reverse, or trade. You can only spend it—so spend it on what your heart desires, and you will lead a fulfilling life.
Ps yes top half was refined with CHAT GPT ikik again im not professional :)
XPL-EX is not just an application designed for privacy; it also harbors potential for future enhancements in areas such as reverse engineering and concealing elements like Xposed, root access, and more. However, the primary focus remains steadfastly on privacy, with other features set to follow in due course.
This repository will offer a modified version of the Pro Companion app, which will facilitate free communication with XPL-EX. In time, the plan is to integrate all these functionalities into a single, unified application. This strategic approach ensures that while we expand the app's capabilities, its core mission of ensuring user privacy remains at the forefront.
XPL DEFINE
XPL-EX API
XPL-EX Examples
Hooked Apis in XPL-EX
Do note for every Hook that is not re-created or added within the 'PrivacyEx' or XPL-EX Collection (it will be added) but you can use both Collections at once.
You cen switch between the two collections in the "XPrivacy-LUA Pro Companion App". Please Avoid Selecting Hook Groups with similar Hooks
If the Hooks do not appear , nor the Collection appears in the Pro Companion App even after a Reboot.
Use a root file explorer navigate to the Directory "/data/system/xlua/" Backup any File in there (xlua) database, then delete it. Restart the Device
Later versions this will be 'fixed' / alot easier to work with within the UI etc
- Hook Java APIs
- Compatibility with Xposed, LSPosed, EdXposed, ThaiChi, VXP
- Dynamic Privacy Features (Free and Open Source Software)
- Modification of Hook Behavior using LUA Scripts
- Built-in Pre-defined Hooks for Enhanced Privacy
- UI Component for Intercepting System Properties (
System.getProperty
/SystemProperties.get
) - UI Component to Select CPU Maps for the System Information File
/proc/cpuinfo
- Expanded API Functions for Use in LUA Scripts
- Updated LUA Core (Note: Current version does not support BIG INT still...)
- Enhanced and Optimized Hooks for Android 14 and or Just Enhanced
- Dark Mode Feature in Main Application
- Added Settings UI
- Added ALOT more Properties
- Added Config UI
- Add new Text to different languages (Tanslation)
- Class Finder to Identify Classes Inheriting Specific Interfaces (e.g.,
javax.microedition.khronos.opengles.GL10
) - Protection Against Inner Process Communication
- Adding Icons and Refining Text & Names for CPUs
- Updating and Fixing LUA Code for More Hooks
- Secure Communication between Hook and XPL-EX
- Code Cleanup (Focus on UI Development)
- Hook Native APIs
- Target Native APIs (e.g.,
__system_property_get
,popen
,fopen
,open
,exec
) for Enhanced Privacy - Additional API Functions for LUA Scripts
- Integration of 'M66B's "XPrivacyLua-Pro Companion App" Features into Main App "XPL-EX"
- UI for Modifying/Mocking Specific Device Sensors
- Built-in Pre-defined Hooks for Reverse Engineering, Logging, Bypassing/Hiding, and Disabling Ad Libraries in Apps
- Mode/View Switcher (e.g., "Reverse Engineering Mode," "Privacy Mode")
- System for Selecting Phone Configurations for Spoofing
- Support for Frida
- Floating Menu in Hooked Apps for UI Inspection (Similar to "Reflect Master")
- Incorporation of Engaging Visual Elements and Progress Indicators
- Documentation Refinement and Language Corrections
Note: This roadmap is subject to change based on project development and user feedback.
- Some apps will start the camera app to take pictures. This cannot be restricted and there is no need for this, because only you can take pictures in this scenario, not the app.
- Some apps will use OpenSL ES for Android to record audio, an example is WhatsApp. Xposed cannot hook into native code, so this cannot be prevented.
- The get applications restriction will not restrict getting information about individual apps for stability and performance reasons.
- The telephony data restriction will result in apps seeing a fake IMEI. However, this doesn't change the IMEI address of your device.
- Restricting activity recognition (location) results for recent Google Maps versions and possibly other apps in the error ... java.lang.ClassNotFoundException ... for unknown reasons.
XPL-EX is supported on Android 6.0 Marshmallow and later. For Android 4.0.3 KitKat to Android 5.1.1 Lollipop you can use XPrivacy (unsupported though).
XPL-EX is supported for smartphones and tablets only. XPL-EX is not supported on emulators.
Hooking com.google.android.gms.location.ActivityRecognitionResult.extractResult (restriction Determine activity) is known to fail with script:25 vm error: java.lang.ClassNotFoundException: com.google.android.gms.location.DetectedActivity and script:28 attempt to call nil for some apps, like Google Maps and NetFlix, for yet unknown reasons. (maybe I can fix this OBC)
- Install Magisk
- Android 6-7: download, install, and activate Xposed
- Android 8.1-12: download, install, and activate LSPosed
or EdXposed - Download, install, and activate XPL-EX
LSPosed: please make sure that any app you want to restrict is in the 'scope' of LSposed.
See here for a list of often asked questions. (XPrivacy-Lua)
Me (ObbedCode)
BTC:
bc1q9daenk4sdfcxnqxducrxy69zfyruf6un5wytge
XMR:
489AB9gBxvKDbF1cJXXpFnWZ7ZPKsp6JWdZrxaytS4ceZV53fQ1Wj9nWBAotYEWGwPZByJyySmwPD1q8F1g7Pags6gHcKHa
ETH:
0x4282Bc864B29Dbd62B9A9960A71e8343eDA44707
LTC:
ltc1qlhlnfspn6j8v5s9xxp297zq2m3vhlk9dlrrvvk
BCH
bitcoincash:qz5scaha4gyh92pjw5z5uhuy33sm2rdh5v0tpw2ggm
M66B
https://lua.xprivacy.eu/
https://github.com/M66B/XPrivacyLua
Thanks M66B for what you have left us now I will continue <3
This app alone is not enough to "hide" you more so combine it with a Complex Security System. XPL-EX will only protect apps from identifying you in any way.
[AFWall+] with AFWall Anti Leak Module (Dont allow anything through that firewall not even the kernel)
[AppOps] rikka.appops to have Permission Control over your Apps (further restrict them)
[OVPN/Mullvad] Super Private <3 or Just use TOR ORBot (AFWalls has ability block those apps with allowed internet to only use the Internet if TOR is Connected)
[Hail] Disable / Freeze System Apps such as Google Play Services, Google Play etc
[Greenify] 5.0 Beta (because it is still useful all apps need to die in the background no matter)
[AdAway] Open Source System Wide AdBlocker allows you to add Repos to Block custom or more Trackers / Ads. (SYSTEM WIDE) so its super cool
[BromiteWebview] Modifed System Webview with More Pirvacy
[Sensor Disabler] Sensors Matter , Disable them all or Mock them ! Ps newer versions of Android has a Disable all Sensors on the Device Button
[Camera/Mic Blocker] Or you have have a phyisical pop up camera like the one seen on the Oneplus7 Pro to truly know if your being peeped on. Newer versions of Android also notifys you when your MIC or CAM are being used
[SD Maid] Version before there new version is good at being a System UTIL but also shows you all apps that start when the Phone Starts allowing you to disable them
[Hide My Applist] Best Xposed App to Hide Apps from other Apps
[Custom Router Firmware w VPN & Firewall & AdBlock] OpenWRT <3
[Custom ROM + Custom kernel] Open Source Cool ROM with a Cool String Kernel >:)
Once again do not let anything through that firewall not even on that list (AdAway, VPN, Webview) sure but the rest dont even let those through the great wall
Ps its not poor security having root if the user isnt the user to get click jacked or tricked into installing fake modules... dont be dumb
Songs I like:
Until the End
Hell on Earth
Ill
Sonne
Vanished
Sleep Mode
Morning Dew
Aint Heard About you
F*cking your Culture
The Call of Ktulu
Cool Band