// deep dive into the protection engine
Uses jq differential analysis to compare the current module list against the last successful boot snapshot. Disables only new or updated modules — whitelisted ones are always preserved. Surgical, fast, zero collateral damage.
Triggered when the loop threshold is reached and Stage 1 couldn't resolve it. Disables all modules except those explicitly protected in your whitelist. Broader sweep, still respects your safe list.
Last resort emergency mode. Disables everything — including AshLooper itself — completely ignoring the whitelist. When nothing else works, this guarantees you can boot into your OS.
Volume + Screen Key Listener — navigate the Action Menu using either your physical volume buttons or direct screen touches. Features an automatic fallback after 3 detection attempts to prevent any boot hangs if hardware keys aren't responding.
WebUI binds to a random port between 6000–9999 on each launch, seeded from /dev/urandom. No predictable port, no persistent attack surface.
Session tokens are passed via URL hash fragment (#TOKEN) and instantly wiped from browser history. No separate HTTP token request — zero interception window.
Commands are piped directly to stdin instead of being embedded in shell strings. Completely eliminates quote-escaping vulnerabilities in CGI script execution.
Protect essential modules from being disabled during Stage 2 Standard Lockdown. Whitelist is automatically maintained on every successful boot — orphaned entries (uninstalled modules) are cleaned up silently. Survives module updates and reflashes.