Kernel Spoof
About 428 wordsAbout 1 min
2026-04-25
Kernel Spoof can modify the kernel version and build time strings returned by uname(), making the kernel appear as an unpatched original kernel. Default Off.
Path: Settings page top-right function button → Kernel Spoof Config
How It Works
Kernel Spoof uses the KernelPatch SuperCall mechanism to intercept uname() system calls at the kernel level, directly replacing the release (kernel version, e.g., 5.15.123) and version (build time string) fields. The spoofing process is entirely in kernel space and cannot be bypassed from user space.
Configuration
Kernel VersionRequiredstring
The spoofed kernel version string, e.g., 5.15.123, 6.1.75. Leave empty to keep original.
Kernel Build TimeOptionalstring
The spoofed kernel build time string. Leave empty to keep original.
Setup Steps
- Enter the kernel version and/or build time you want to spoof
- Click Save to write the configuration
- Toggle Kernel Spoof on
Changes take effect immediately. The apd daemon automatically applies the spoof at boot.
Boot Safety Protection
Kernel Spoof includes a Boot Safety mechanism using a two-phase commit pattern to prevent boot loops caused by incorrect spoof configurations:
- Before applying spoof, apd creates a flag file
/data/adb/.uts_spoof_boot_pending - After Android finishes booting, the flag is automatically cleared
- If the flag still exists on the next boot (indicating a previous boot failure), spoof application is skipped
Risk Warning
Do NOT change the kernel version to one with a significantly different major version number from your actual kernel (e.g., spoofing 5.15.x when the real version is 6.1.x). This may cause system components or drivers to malfunction, potentially resulting in an inability to boot. It is recommended to only modify sub-versions within the same major version (e.g., 5.15.123 → 5.15.137).
Restore Original Values
Click Restore to immediately revert the kernel's original uname() values and clear all spoof configuration.
/data/adb
.uts_spoof_enable# Enable flag file
.uts_spoof_config# JSON spoof configuration (release, version)
.uts_spoof_boot_pending# Boot safety flag (temporary)
Related Features
- FolkPatch Hide: Basic Root characteristic hiding
- Umount Service: Unmount specified system paths
- Path Hide: Kernel-level file/directory hiding
Copyright
Copyright Ownership:FolkPatch Team
License under:Attribution 4.0 International (CC-BY-4.0)