{"id":34829900,"url":"https://github.com/hansobored/android-mem-kit","last_synced_at":"2026-04-08T08:02:00.090Z","repository":{"id":329413385,"uuid":"1119492263","full_name":"HanSoBored/Android-Mem-Kit","owner":"HanSoBored","description":"A comprehensive llibrary for Android memory instrumentation.","archived":false,"fork":false,"pushed_at":"2026-03-30T05:33:38.000Z","size":65,"stargazers_count":8,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-03-30T05:55:22.795Z","etag":null,"topics":["dobby","game-modding","hooking","il2cpp","instrumentation","kittymemory","memory-manipulation","reverse-engineering","root","rust"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HanSoBored.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-19T11:02:07.000Z","updated_at":"2026-03-30T05:33:42.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/HanSoBored/Android-Mem-Kit","commit_stats":null,"previous_names":["hansobored/android-mem-kit"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/HanSoBored/Android-Mem-Kit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HanSoBored%2FAndroid-Mem-Kit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HanSoBored%2FAndroid-Mem-Kit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HanSoBored%2FAndroid-Mem-Kit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HanSoBored%2FAndroid-Mem-Kit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HanSoBored","download_url":"https://codeload.github.com/HanSoBored/Android-Mem-Kit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HanSoBored%2FAndroid-Mem-Kit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31545909,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"online","status_checked_at":"2026-04-08T02:00:06.127Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dobby","game-modding","hooking","il2cpp","instrumentation","kittymemory","memory-manipulation","reverse-engineering","root","rust"],"created_at":"2025-12-25T15:46:08.587Z","updated_at":"2026-04-08T08:02:00.084Z","avatar_url":"https://github.com/HanSoBored.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Android-Mem-Kit\n\n**A Lightweight Native Instrumentation Library for Android Security Research**\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n[![Platform: Android 5.0+](https://img.shields.io/badge/Platform-Android%205.0+-blue.svg)]()\n[![NDK: r25b+](https://img.shields.io/badge/NDK-r25b+-green.svg)]()\n\nAndroid-Mem-Kit is a minimal-overhead, pure C library for Android native instrumentation. It provides memory patching, function hooking, and symbol resolution capabilities for **security research, debugging, and educational purposes**.\n\n---\n\n## ⚠️ Disclaimer\n\nThis library is intended for:\n- ✅ **Security research** (analyzing app security, reverse engineering)\n- ✅ **Educational purposes** (learning Android internals, hooking techniques)\n- ✅ **Application debugging** (understanding native code behavior)\n- ✅ **Malware analysis** (dynamic analysis of malicious apps)\n- ✅ **Penetration testing** (with proper authorization)\n\n**NOT intended for:**\n- ❌ Game cheating or bypassing game protections\n- ❌ Circumventing security in production applications\n- ❌ Any illegal activities or unauthorized access\n\n**Always use responsibly and within legal boundaries.**\n\n---\n\n## Features\n\n| Feature | Implementation | Description |\n| :--- | :--- | :--- |\n| **Memory Patching** | Custom (mprotect-based) | Cross-page safe memory patching with XOM bypass |\n| **Function Hooking** | [ShadowHook](https://github.com/bytedance/android-inline-hook) | ByteDance's inline hook library with excellent stability |\n| **Symbol Resolution** | [XDL](https://github.com/hexhacking/xdl) | Advanced symbol resolution bypassing Android 7+ linker restrictions |\n| **IL2CPP Support** | Built-in | Unity app analysis and instrumentation |\n\n### Why Pure C?\n\n- **Small Binary Size**: \u003c100KB overhead (vs several MB for Rust)\n- **Simple NDK Integration**: No FFI bridge or complex build setup\n- **Direct JNI/NDK Access**: Native C integration with Android frameworks\n- **Modern Tooling**: Leverages battle-tested libraries (ShadowHook, XDL)\n\n---\n\n## Quick Start\n\n### 1. Prerequisites\n\n```bash\n# Android NDK (r25b or newer)\nexport ANDROID_NDK_HOME=/path/to/your/android-ndk-r29\n```\n\n### 2. Clone \u0026 Setup\n\n```bash\ngit clone https://github.com/HanSoBored/Android-Mem-Kit.git\ncd Android-Mem-Kit\n\n# Clone dependencies (git submodules)\ngit submodule update --init --recursive\n```\n\n### 3. Build (Makefile - Recommended)\n\n```bash\n# Default build (arm64-v8a)\nmake\n\n# Custom ABI\nmake ANDROID_ABI=armeabi-v7a\n\n# Custom platform\nmake ANDROID_ABI=arm64-v8a ANDROID_PLATFORM=android-35\n\n# Clean build\nmake clean \u0026\u0026 make\n```\n\n### 3. Build (CMake - Alternative)\n\n```bash\nmkdir build \u0026\u0026 cd build\n\n# Configure for Android ARM64\ncmake .. \\\n    -DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK_HOME/build/cmake/android.toolchain.cmake \\\n    -DANDROID_ABI=arm64-v8a \\\n    -DANDROID_PLATFORM=android-35\n\n# Build\ncmake --build .\n```\n\n### 4. Basic Usage\n\n```c\n#include \"memkit.h\"\n#include \u003candroid/log.h\u003e\n\n#define LOG_TAG \"MyResearch\"\n#define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)\n\n// Original function pointer\nstatic int (*orig_SSL_read)(void* ssl, void* buf, int num) = NULL;\nstatic void* ssl_hook_stub = NULL;\n\n// Hooked function - log SSL reads for research\nstatic int my_SSL_read(void* ssl, void* buf, int num) {\n    LOGI(\"SSL_read called with buffer: %p, size: %d\", buf, num);\n\n    // Call original\n    int ret = orig_SSL_read(ssl, buf, num);\n\n    if (ret \u003e 0) {\n        LOGI(\"Received %d bytes\", ret);\n        // Analyze decrypted data (for research only!)\n    }\n\n    return ret;\n}\n\n// Initialize when library loads\n__attribute__((constructor))\nvoid init() {\n    // Initialize hooking\n    if (memkit_hook_init(SHADOWHOOK_MODE_UNIQUE, false) != 0) {\n        LOGE(\"Failed to init ShadowHook\");\n        return;\n    }\n\n    // Hook SSL_read (example for security research)\n    ssl_hook_stub = memkit_hook_by_symbol(\n        \"libssl.so\",\n        \"SSL_read\",\n        (void*)my_SSL_read,\n        (void**)\u0026orig_SSL_read\n    );\n\n    if (ssl_hook_stub) {\n        LOGI(\"SSL_read hooked successfully!\");\n    }\n}\n```\n\n---\n\n## Documentation\n\nFor detailed usage and examples, see:\n\n- **[docs/USAGE.md](docs/USAGE.md)** - Complete API reference and examples\n- **[docs/RECIPES.md](docs/RECIPES.md)** - Common patterns and use cases\n- **[docs/SECURITY_RESEARCH.md](docs/SECURITY_RESEARCH.md)** - Legitimate research examples\n\n---\n\n## Project Structure\n\n```\nAndroid-Mem-Kit/\n├── CMakeLists.txt          # Build configuration (CMake)\n├── Makefile                # Build configuration (Make - Recommended)\n├── include/\n│   └── memkit.h            # Public API header\n├── src/\n│   ├── memory.c            # Memory patching (mprotect-based)\n│   ├── hooking.c           # ShadowHook wrapper\n│   ├── il2cpp.c            # IL2CPP symbol resolution (uses memkit_xdl_* wrapper)\n│   └── xdl_wrapper.c       # Generic xDL wrapper layer\n├── examples/\n│   └── main.c              # Complete usage example\n├── docs/\n│   ├── USAGE.md            # Detailed documentation\n│   ├── RECIPES.md          # Common patterns\n│   └── SECURITY_RESEARCH.md # Research use cases\n└── deps/\n    ├── xdl/                # XDL library (git submodule)\n    └── shadowhook/         # ShadowHook library (git submodule)\n```\n\n---\n\n## API Overview\n\n### Memory Functions\n\n```c\n// Get library base address\nuintptr_t base = memkit_get_lib_base(\"libtarget.so\");\n\n// Create patch from hex string\nMemPatch* patch = memkit_patch_create(base + 0x1234, \"00 00 80 D2\");\n\n// Apply/restore/free\nmemkit_patch_apply(patch);\nmemkit_patch_restore(patch);\nmemkit_patch_free(patch);\n```\n\n### Hooking Functions\n\n```c\n// Initialize (call once)\nmemkit_hook_init(SHADOWHOOK_MODE_UNIQUE, false);\n\n// Hook by symbol\nvoid* stub = memkit_hook_by_symbol(\"lib.so\", \"func_name\", my_func, (void**)\u0026orig);\n\n// Hook by address\nvoid* stub = memkit_hook(address, my_func, (void**)\u0026orig);\n\n// Unhook\nmemkit_unhook(stub);\n```\n\n### IL2CPP Functions (Unity Apps)\n\n```c\n// Auto-cached function call\nvoid* (*il2cpp_domain_get)(void) = IL2CPP_CALL(void*, \"il2cpp_domain_get\");\nvoid* domain = il2cpp_domain_get();\n\n// Resolve from .symtab for internal symbols\nvoid* internal = memkit_il2cpp_resolve_symtab(\"_ZN6Player13InternalInitEv\");\n```\n\n---\n\n## Common Use Cases\n\n### 1. SSL Pinning Bypass (Research)\n\n```c\n// Hook SSL_verify_cert_chain to always return success\nstatic int (*orig_SSL_verify_cert_chain)(void*) = NULL;\n\nstatic int my_SSL_verify_cert_chain(void* cert_chain) {\n    LOGI(\"SSL certificate verification intercepted\");\n    return 1; // Always succeed (for research only!)\n}\n\nmemkit_hook_by_symbol(\"libssl.so\", \"SSL_verify_cert_chain\",\n                      my_SSL_verify_cert_chain, (void**)\u0026orig_SSL_verify_cert_chain);\n```\n\n### 2. Integrity Check Bypass (Analysis)\n\n```c\n// Hook signature verification to return valid\nstatic int (*orig_verifySignature)(const char* data) = NULL;\n\nstatic int my_verifySignature(const char* data) {\n    LOGI(\"Signature verification called with: %s\", data);\n    return 1; // Always valid (for analysis only!)\n}\n\nmemkit_hook_by_symbol(\"libtarget.so\", \"verifySignature\",\n                      my_verifySignature, (void**)\u0026orig_verifySignature);\n```\n\n### 3. Function Tracing (Debugging)\n\n```c\n// Trace all calls to a function\nstatic void (*orig_targetFunc)(int param) = NULL;\n\nstatic void my_targetFunc(int param) {\n    LOGI(\"targetFunc called with param: %d\", param);\n    // Log stack trace, parameters, etc.\n    orig_targetFunc(param);\n}\n\nmemkit_hook_by_symbol(\"libtarget.so\", \"targetFunc\",\n                      my_targetFunc, (void**)\u0026orig_targetFunc);\n```\n\n---\n\n## ShadowHook Modes\n\n| Mode | Description | Use Case |\n| :--- | :--- | :--- |\n| `SHADOWHOOK_MODE_UNIQUE` | Same address can only be hooked once | Most research scenarios |\n| `SHADOWHOOK_MODE_SHARED` | Multiple hooks allowed (recursion prevention) | When using multiple SDKs |\n| `SHADOWHOOK_MODE_MULTI` | Multiple hooks allowed (no prevention) | Advanced use cases |\n\n---\n\n## Troubleshooting\n\n### Library Not Found\n\n```c\n// If memkit_get_lib_base() returns 0:\n// 1. Ensure library is loaded in target process\n// 2. Use exact name (e.g., \"libil2cpp.so\" not \"il2cpp\")\n// 3. Add retry loop to wait for loading\nuintptr_t base = 0;\nfor (int i = 0; i \u003c 30 \u0026\u0026 base == 0; i++) {\n    base = memkit_get_lib_base(\"libtarget.so\");\n    if (base == 0) sleep(1);\n}\n```\n\n### Hook Fails\n\n```c\nvoid* stub = memkit_hook_by_symbol(\"lib.so\", \"func\", my_func, (void**)\u0026orig);\nif (stub == NULL) {\n    int err = shadowhook_get_errno();\n    const char* msg = shadowhook_to_errmsg(err);\n    LOGE(\"Hook failed: %d - %s\", err, msg);\n}\n```\n\nCommon errors:\n- `SHADOWHOOK_ERRNO_HOOK_DLSYM` - Symbol not found\n- `SHADOWHOOK_ERRNO_HOOK_ENTER` - Failed to enter hook\n- `SHADOWHOOK_ERRNO_UNINIT` - ShadowHook not initialized\n\n---\n\n## Migration from Rust Version\n\n| Rust API | C Equivalent |\n| :--- | :--- |\n| `memory::get_lib_base()` | `memkit_get_lib_base()` |\n| `MemoryPatch::from_hex()` | `memkit_patch_create()` |\n| `hooking::attach()` | `memkit_hook()` / `memkit_hook_by_symbol()` |\n| `il2cpp::resolve_export()` | `memkit_il2cpp_resolve()` |\n| `il2cpp_call!()` | `IL2CPP_CALL()` |\n\n---\n\n## Credits\n\nThis project utilizes excellent open-source libraries:\n\n- **[ShadowHook](https://github.com/bytedance/android-inline-hook)** by ByteDance - Inline hooking for Android\n- **[XDL](https://github.com/hexhacking/xdl)** by HexHacking - Dynamic linker bypass\n- **[Dobby](https://github.com/jmpews/Dobby)** - Lightweight hooking framework (original inspiration)\n- **[KittyMemory](https://github.com/MJx0/KittyMemory)** - Memory patching library (original inspiration)\n\n---\n\n## License\n\nMIT License - See [LICENSE](LICENSE) file for details.\n\n---\n\n## Contributing\n\nContributions are welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) first.\n\n### Areas for Contribution:\n- 📚 More documentation and examples\n- 🔧 Additional utility functions\n- 🐛 Bug fixes and improvements\n- 🧪 Test cases for different Android versions\n\n---\n\n## Security Policy\n\nIf you find a security vulnerability, please see [SECURITY.md](SECURITY.md) for responsible disclosure guidelines.\n\n---\n\n## Support\n\n- **Issues**: [GitHub Issues](https://github.com/HanSoBored/Android-Mem-Kit/issues)\n- **Discussions**: [GitHub Discussions](https://github.com/HanSoBored/Android-Mem-Kit/discussions)\n\n---\n\n*Built for the security research community. Use responsibly.*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhansobored%2Fandroid-mem-kit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhansobored%2Fandroid-mem-kit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhansobored%2Fandroid-mem-kit/lists"}