- find a way to detect our rootkit in {k,}mem
- rewrite/update detector/*.{py,sh} to detect every syscall
- deploy and test it on a real Android Device (intel-based, 3.8.0-aia)
- inject code into vmlinux
- checksum vmlinux binary
- pagination hijacking and mitigation