Technical Manual: The Pentagruel Self-Protection Protocol and Automated Session Termination
Preface: Runtime Application Self-Protection
Our products and services are engineered to provide high-performance Android applications and executable scripts (Lua) within a strictly verified environment. To ensure the integrity of this ecosystem, we utilize an advanced Runtime Application Self-Protection (RASP) framework designed to detect and neutralize security threats in real-time.
This documentation provides a comprehensive analysis of the Self-Protection Protocol and the specific conditions that trigger an automated session termination.
I The Rationale: Why Automated Termination is Mandatory
The Pentagruel infrastructure operates on a trust-based handshake between the client application and the Hydra server. Automated termination is not a punitive measure; it is a critical defensive maneuver to prevent the following risks:
1. Intellectual Property Theft
Blocking unauthorized debuggers and tampering prevents the reverse-engineering of our proprietary motion logic.
2. Cryptographic Compromise
Ensuring the environment is secure prevents the interception of LibSodium encrypted metadata.
3. Infrastructure Abuse
Restricting unauthorized network configurations ensures the Usage Cap System remains unbypassable.
II Detection Vectors: Understanding Blocked Anomalies
The Self-Protection Protocol monitors several key vectors to ensure the application is running in a "Clean State". If anomalies are detected, the protocol initiates a protective response.
1. Network Integrity: The VPN Restriction
The usage of a Virtual Private Network (VPN) is strictly prohibited within the Pentagruel ecosystem. VPNs are frequently used to spoof location data or bypass server-side rate limits.
> ❌ Alert: Usage of Virtual Private Network (VPN) is prohibited as per our Terms of Service
// Trigger: onSystemVPNDetected listener
2. Debugging and Hooking Detection
To prevent unauthorized access to internal memory and logic flow, the protocol monitors for:
- Debugger Detection: Triggers when a debugger is attached to the release build.
- Hook Detection: Monitors for frameworks (e.g., Xposed, Frida) attempting to modify core methods.
3. Application Tampering
The integrity of the .apk is continuously verified against a master signature:
- Signature Matching: Validates the signing certificate hash (yoSMXlP...) against re-packaging.
- Tamper Detection: Immediate session termination upon modification of internal assets.
III Comprehensive Threat Response Matrix
The following table outlines the active detection callbacks implemented within the SecurityApplication layer:
| Threat Category | Callback Triggered | Resulting Action |
|---|---|---|
| Network Security | onSystemVPNDetected | Script Kill / Warning Alert |
| Code Analysis | onDebuggerDetected | Automated Shutdown |
| Logic Manipulation | onHookDetected | Session Termination |
| Asset Integrity | onTamperDetected | Immediate Application Exit |
| Environment | onMultiInstanceDetected | Parallel Execution Block |
| Data Security | onTime/Location Spoofing | Verification Failure |
IV Specialized Safeguards: Screen and Media Protection
Beyond execution security, the protocol implements Visual Privacy Safeguards to prevent the unauthorized capture of sensitive dashboard data or script configurations.
🚫 Screen Capture Blocking
The app utilizes blockScreenCapture(activity, false) to prevent screenshots and screen recordings of sensitive UI components.
⚠️ Real-time Callback Monitoring
The system employs a killOnBypass(true) configuration. If an attacker attempts to hook security callbacks, the app terminates internally.