❌ SuSFS Patches. You need a custom kernel (or GKI build) with SuSFS compiled in before installing BRENE.
SuSFS is one of the most robust root-hiding techniques available — operating at the Linux kernel filesystem layer, below the reach of any userspace scanner. But configuring it manually means editing shell scripts and config files by hand. BRENE by rrr333nnn333 eliminates that friction: a fully featured WebUI that exposes all SuSFS configuration options, KernelSU feature toggles, path hiding management, and Android Verified Boot hash spoofing — all in a clean graphical interface, no terminal required.
SuSFS Automation Features
A complete WebUI for configuring kernel-level root hiding — paths, entries, feature flags, and spoofing in one interface.
WebUI Configuration Interface
A modern, swipe-enabled WebUI accessible from your root manager provides graphical access to all BRENE settings — Paths Hiding, Other Hiding, Custom SuSFS Entries, KernelSU feature toggles, and logging. No config file editing required.
Paths Hiding
Configure which filesystem paths are hidden at the kernel VFS layer via SuSFS. Apps attempting to detect root by scanning for known Magisk/KSU paths (e.g., /data/adb/magisk, /data/adb/ksu) find them invisible — not just empty, but as if they don't exist.
Custom SuSFS Entries
Define your own custom paths, directories, or mount points to hide through SuSFS beyond the predefined list. Useful for hiding custom tools, scripts, or module data directories that standard hiding configurations don't cover.
AVB Hash Spoofing
Android Verified Boot hash spoofing — masks the boot verification state at the kernel level, preventing apps from reading the real AVB status. Works alongside SuSFS to address detection vectors that bypass purely filesystem-based hiding.
KernelSU Feature Flags
Configures KernelSU's kernel-level feature flags directly: kernel_umount (control how module paths are unmounted from processes) and su_compat (compatibility layer settings). These flags are applied via ksu feature set at boot for persistent kernel-level behavior.
Hide Custom ROM Props
Masks system properties that reveal a custom ROM — including halcyon props and other ROM-specific build properties. Apps checking for non-stock system properties as a root/modification indicator are shown clean stock-like values instead.
What Is SuSFS and Why Is Kernel-Level Hiding Stronger?
Most root-hiding tools — Shamiko, Magisk DenyList, HideMyApplist — operate at the userspace layer. They hook into the Zygote process via Zygisk, intercept API calls in app memory, and return filtered results. This is effective, but sophisticated detectors can probe at the system call level, use native code, or read /proc filesystem entries that userspace tools cannot intercept.
SuSFS takes a fundamentally different approach by patching the Linux kernel's Virtual Filesystem (VFS) layer. When an app calls open(), stat(), readdir(), or any other filesystem syscall on a hidden path, the kernel itself returns ENOENT (No such file or directory) — as if the path genuinely doesn't exist. The app never reaches userspace-interceptable code; the response comes directly from the kernel before any hook can fire.
BRENE automates the configuration of this kernel-level hiding. Instead of manually editing SuSFS config files via terminal, BRENE's WebUI lets you manage which paths are hidden, add custom entries, and configure KernelSU's complementary feature flags — all while displaying real-time status showing whether SuSFS patches are active on your kernel.
BRENE vs Shamiko — Hiding Depth
| Aspect | Shamiko (Zygisk) | BRENE + SuSFS |
|---|---|---|
| Hiding layer | Userspace (Zygisk) | Kernel (VFS layer) |
| Syscall-level hiding | ||
| Native code detection resistance | Partial | Strong |
| Requires Zygisk | ||
| Requires patched kernel | ||
| WebUI configuration |
BRENE/SuSFS and Shamiko are complementary, not mutually exclusive. Many users run both — SuSFS handles the kernel-level filesystem hiding while Shamiko handles the Zygisk-level process memory hiding.
Frequently Asked Questions
❌ SuSFS Patches after reboot.
kernel_umount, su_compat), Android Verified Boot hash spoofing, and Hide Custom ROM props including halcyon props.