https://github.com/qrjhamron/apexsu
Hardened Android root solution built on KernelSU — Rust-first userspace, stealth hardening, and built-in diagnostics.
https://github.com/qrjhamron/apexsu
android android-app android-root arm64 gki kernelsu lkm magisk root root-manager rootkit rust selinux
Last synced: 29 days ago
JSON representation
Hardened Android root solution built on KernelSU — Rust-first userspace, stealth hardening, and built-in diagnostics.
- Host: GitHub
- URL: https://github.com/qrjhamron/apexsu
- Owner: qrjhamron
- License: gpl-3.0
- Created: 2026-03-01T10:05:28.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-03-02T01:28:04.000Z (about 1 month ago)
- Last Synced: 2026-03-05T00:25:09.869Z (about 1 month ago)
- Topics: android, android-app, android-root, arm64, gki, kernelsu, lkm, magisk, root, root-manager, rootkit, rust, selinux
- Language: Kotlin
- Homepage: https://kernelsu.org
- Size: 18.7 MB
- Stars: 3
- Watchers: 0
- Forks: 0
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# ApexSU
> A hardened Android root solution built on KernelSU.
> Rust-first userspace. Stealth hardening. Built for precision.
[](https://github.com/qrjhamron/ApexSU/actions/workflows/ci.yml)
[](https://github.com/qrjhamron/ApexSU/releases)
[](LICENSE)
[](https://developer.android.com)
---
## What is ApexSU?
ApexSU is a fork of [KernelSU](https://kernelsu.org) focused on three things:
security hardening, Rust migration, and stealth improvements.
It is not a replacement for KernelSU. It is KernelSU with a different philosophy:
less C, more Rust, smaller attack surface, harder to detect.
---
## How ApexSU differs from KernelSU
| | KernelSU | ApexSU |
|---|---|---|
| JNI bridge | C++ | Rust |
| Anon inode name | `[ksu_driver]` | `[io_uring]` |
| Module validation | Basic | Path traversal + size + field validation |
| Diagnostics | None | Built-in health check (`ksud diagnose`) |
| Dead code tolerance | — | Zero `#[allow(dead_code)]` |
| Rust codebase % | ~15% | ~24% |
| Clippy policy | Not enforced | Zero warnings (`clippy::all` + `clippy::pedantic`) |
---
## Requirements
- Android 12 or higher
- Kernel 5.10+ (GKI 2.0)
- Unlocked bootloader
For full device compatibility list:
→ [kernelsu.org/guide/installation](https://kernelsu.org/guide/installation.html)
---
## Installation
1. Download the latest APK from [Releases](https://github.com/qrjhamron/ApexSU/releases)
2. Install the APK
3. Follow the in-app instructions
4. For flashing guide: [kernelsu.org](https://kernelsu.org/guide/installation.html)
---
## Building from source
Requirements:
- Rust stable (1.82+)
- Android NDK r29
- JDK 21
- Android SDK with build-tools 35.0.0
```bash
# Clone
git clone https://github.com/qrjhamron/ApexSU.git
cd ApexSU
# Build userspace daemon
cd userspace/ksud
cargo ndk -t arm64-v8a build --release
cd ../..
# Build manager APK
cd manager
./gradlew assembleRelease
```
---
## Architecture
```
┌─────────────────┐ ioctl ┌──────────────────┐
│ Manager App │ ────────────→ │ Kernel Module │
│ (Kotlin + Rust)│ │ (C, kernel-space)│
└────────┬────────┘ └──────────────────┘
│ ↑
↓ │
┌─────────────────┐ ioctl │
│ ksud │ ────────────────────────┘
│ (Rust daemon) │
└─────────────────┘
```
The kernel module hooks syscalls to enforce a UID allowlist for root access.
Communication uses IOCTLs on an anonymous inode — no `/proc`, `/sys`, or `/dev` entries.
---
## Security
To report a vulnerability: open a private GitHub Security Advisory.
Do not open public issues for security bugs. See [SECURITY.md](SECURITY.md).
---
## Contributing
See [CONTRIBUTING.md](CONTRIBUTING.md) for build instructions and code standards.
---
## Acknowledgments
- [KernelSU](https://github.com/tiann/KernelSU) — upstream project
- [topjohnwu](https://github.com/topjohnwu) — Magisk and magiskboot
- [Rust for Linux](https://rust-for-linux.com) — inspiration for Rust kernel work
---
## License
GPL-2.0 — inherited from KernelSU and the Linux kernel.