{"id":17383399,"url":"https://github.com/idanbanani/elf-processs-injection-linux-android","last_synced_at":"2025-04-15T09:40:35.331Z","repository":{"id":248659009,"uuid":"696496789","full_name":"IdanBanani/ELF-Processs-Injection-Linux-Android","owner":"IdanBanani","description":"Shared object ELF Process injection and loading resources.","archived":false,"fork":false,"pushed_at":"2024-09-24T15:03:42.000Z","size":21,"stargazers_count":9,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-28T18:51:58.204Z","etag":null,"topics":["android","dlopen","elf","elf-format","elf-loader","exploitation","linux","position-independent-code","reflected-binary-code","reflective-injection","reflective-loading","shellcode","shellcode-development","shellcode-injection","shellcode-loader","trojan"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IdanBanani.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-25T21:31:14.000Z","updated_at":"2025-03-05T15:54:47.000Z","dependencies_parsed_at":"2024-07-16T10:49:54.070Z","dependency_job_id":null,"html_url":"https://github.com/IdanBanani/ELF-Processs-Injection-Linux-Android","commit_stats":null,"previous_names":["idanbanani/elf-injection-shellcode-bridgehead"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdanBanani%2FELF-Processs-Injection-Linux-Android","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdanBanani%2FELF-Processs-Injection-Linux-Android/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdanBanani%2FELF-Processs-Injection-Linux-Android/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IdanBanani%2FELF-Processs-Injection-Linux-Android/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IdanBanani","download_url":"https://codeload.github.com/IdanBanani/ELF-Processs-Injection-Linux-Android/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249045382,"owners_count":21203865,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","dlopen","elf","elf-format","elf-loader","exploitation","linux","position-independent-code","reflected-binary-code","reflective-injection","reflective-loading","shellcode","shellcode-development","shellcode-injection","shellcode-loader","trojan"],"created_at":"2024-10-16T07:41:30.727Z","updated_at":"2025-04-15T09:40:35.303Z","avatar_url":"https://github.com/IdanBanani.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"Pull requests are welcomed.\n\n- [ ] Try to run the given injection techniques code.\n- [ ] Understand how each technique works\n- [ ] Understand the attack vector and the different parts (stages) of the chain    \n  (i.e the bridgehead shellcode, injection to process memory,LPE, when to create a new process etc.)\n- [ ] Describe the need for a custom statically PIC compiled elf (Shared object library) loader shellcode.  \n- [ ] Injection vs patching at runtime?\n- [ ] Implement / imporve it by yourself.\n\n# Research Papers and Articles\n- [Linkers \u0026 Loaders](https://www.wh0rd.org/books/linkers-and-loaders/linkers_and_loaders.pdf) by John R. Levine (1999)\n- [Using procfs to execute ELF without touching the disk](https://blog.entysec.com/2023-04-02-remote-elf-loading/)\n- [The Nexus between Static and Position Independent Code](https://tmpout.sh/1/10/)\n- [Enabling SHELF Loading in Chrome for fun and profit](https://tmpout.sh/2/5.html)\n- [General Linux Process injection techniques](https://github.com/itaymigdal/awesome-injection#linux-injection)\n  \n# Projects and Code Repositories\n\n## 2023\n- [Playstation5 ELF Manipulation](https://github.com/astrelsky/libhijacker/blob/msg/libhijacker/source/elf/elf.cpp)\n\n## 2022\n- [NASM Linux x86_64 Pure Shared Library](https://github.com/therealdreg/nasm_linux_x86_64_pure_sharedlib)\n\n## 2018\n- ARM: [SamyGOso Next-Gen](https://github.com/openlgtv/samyGOso_ng/blob/master/core/samyGOso.c)\n  - Based on 2014 ARM: [HideAndroidEmulator ADBI Hook System Call](https://github.com/MindMac/HideAndroidEmulator/blob/master/HITCON/DemoCode/adbi_hook_systemcall/hijack/hijack.c)\n- [Reflective Injection for Linux](https://github.com/haidragon/ReflectiveInjection/blob/master/linux%E7%89%88/inject/src/inject.c)\n\n## 2017\n- [DarkElf - Linux ELF Injector](https://github.com/jordan9001/darkelf/tree/master)\n\n## 2016\n- [XHook JNI Hijack](https://github.com/hello2mao/XHook/blob/master/ref/jni/hijack_ref/hijack.c)\n- [ReflectiveSOInjection](https://github.com/infosecguerrilla/ReflectiveSOInjection/)\n\n## 2014\n- [Insecurity - Elves for Linux](https://github.com/nima/insecurity/blob/master/elvez/elves.c)\n\n# Appendix / Somewhat Related / Need to organize\n\n## Ptrace related (most implementations are based on it)\n**TODO**: how likely is it that the process you wish to inject to has already ptraced (attached) itself?, what would you do in such scenario?  \n- [Linux ptrace introduction AKA injecting into sshd for fun - XPN InfoSec Blog](https://blog.xpnsec.com/linux-process-injection-aka-injecting-into-sshd-for-fun/)\n- [Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation - exploit database | Vulners.com](https://vulners.com/packetstorm/PACKETSTORM:139923)\n- [Code search results on GitHub (ProcDump for Linux - ptrace)](https://github.com/search?q=repo%3ASysinternals%2FProcDump-for-Linux%20ptrace\u0026type=code)\n- [HookProcessEvent: PtraceInject.h at main · Jingle-BF/HookProcessEvent](https://github.com/Jingle-BF/HookProcessEvent/blob/main/app/src/main/cpp/include/PtraceInject/include/PtraceInject.h)\n- [Code search results on GitHub (PTRACE_SETREGSET, NT_PRSTATUS, PTRACE_SETREGS, CPSR_T_MASK)](https://github.com/search?q=%22ptrace%28PTRACE_SETREGSET%22+NT_PRSTATUS+PTRACE_SETREGS+PTRACE_CONT+CPSR_T_MASK+PTRACE_POKEDATA\u0026type=code)\n- [W3ndige/linux-process-injection: Proof of concept for injecting simple shellcode via ptrace](https://github.com/W3ndige/linux-process-injection)\n  ### TODO: Check if helpful\n- [Ptrace pokedata Input/output error in memory injection - Stack Overflow](https://stackoverflow.com/questions/76393009/ptrace-pokedata-input-output-eror-in-memory-injection)\n- [Ptrace(PTRACE_PEEKDATA, ...) error: data dump - Stack Overflow](https://stackoverflow.com/questions/53213591/ptraceptrace-peekdata-error-data-dump)\nWatch for ptrace alignment issues?\n\n## 2018\n- [Saruman ELF Virus](https://github.com/elfmaster/saruman/blob/master/launcher.c)\n\n## Miscellaneous\n- [ElfMaster - ELF Internals projects (Injection, Patching etc.)](https://github.com/elfmaster)\n- [DEF CON 31 - Revolutionizing ELF binary patching w Shiva - ElfMaster](https://www.youtube.com/watch?v=TDMWejaucdg)\n- [CVE-2022-34918 Shellcode Generation](https://github.com/jiayy/android_vuln_poc-exp/blob/master/linux/CVE-2022-34918/generate_shellcode/gen_shellcode.sh)\n- [DDexec - Linux Binary Execution Technique](https://github.com/arget13/DDexec-)\n- [bhook - Android PLT Hook Library](https://github.com/bytedance/bhook)\n\n- [vfsfitvnm/intruducer](https://github.com/vfsfitvnm/intruducer)\n- [arget13/memdlopen](https://github.com/arget13/memdlopen)\n- [Shared Library Injection in Android](https://shunix.com/shared-library-injection-in-android/)\n- [Shellcode Android Internals CTF ex4](https://dev.to/wireless90/shellcode-android-internals-ctf-ex4-4357)\n- [Paper: 46043 - Android System Tracing: A Real-Life Story](https://www.exploit-db.com/papers/46043)\n- [ELF Shared Library Injection Forensics](https://engineering.backtrace.io/2016-04-14-elf-shared-library-injection-forensics/)\n\n\n# Android specific open-source material  \n\n\n## Riru\n- [Riru (C++)](https://github.com/KitsuneMagisk/Riru/tree/master)\n- [Riru Project](https://github.com/RikkaApps/Riru)\n  - Inject into zygote process (see also Zygisk project)\n\n## Android NDK\n- [NDK Build Guide](https://developer.android.com/ndk/guides/ndk-build)\n\n## Android Linker and Libraries\n- [Modern Linker JNI (Chromium)](https://cs.android.com/android/platform/superproject/main/+/main:base/android/linker/modern_linker_jni.cc;l=1)\n- [dlext.h](https://cs.android.com/android/platform/superproject/main/+/main:bionic/libc/include/android/dlext.h;l=1?q=dlext.h\u0026sq=\u0026ss=android%2Fplatform%2Fsuperproject%2Fmain)\n- [dlext_test.cpp](https://cs.android.com/android/platform/superproject/main/+/main:bionic/tests/dlext_test.cpp;l=1?q=dlext_test.cpp\u0026sq=\u0026ss=android%2Fplatform%2Fsuperproject%2Fmain)\n- [dlfcn.cpp](https://cs.android.com/android/platform/superproject/main/+/main:bionic/linker/dlfcn.cpp;l=1?q=dlfcn.cpp\u0026sq=\u0026ss=android%2Fplatform%2Fsuperproject%2Fmain)\n- [Webview Loader](https://cs.android.com/android/platform/superproject/main/+/main:frameworks/native/opengl/libs/EGL/Loader.cpp;l=1?q=Loader.cpp%20\u0026sq=\u0026ss=android%2Fplatform%2Fsuperproject%2Fmain)\n- [oat_file.cc](https://cs.android.com/android/platform/superproject/main/+/main:art/runtime/oat/oat_file.cc;l=1?q=oat_file.cc%20\u0026sq=\u0026ss=android%2Fplatform%2Fsuperproject%2Fmain)\n\n## Obfuscation\n- [DJI: The Art of Obfuscation](https://blog.quarkslab.com/dji-the-art-of-obfuscation.html)\n\n## VNDK Linker Namespace\n- [Linker Namespace](https://source.android.com/docs/core/architecture/vndk/linker-namespace)\n\n## Projects\n- [AndKittyInjector (C++)](https://github.com/MJx0/AndKittyInjector)\n\n## Android Dynamic Linker\n- [Android Dynamic Linker (Marshmallow)](https://zhenhuaw.me/assets/paper/Android%20Dynamic%20Linker%20-%20Marshmallow.pdf)\n- [Android Dynamic Linker Blog](https://zhenhuaw.me/blog/2016/android-dynamic-linker.html)\n- [Android Linker (Part 1)](http://pwn4.fun/2017/07/02/Android-Linker%EF%BC%88%E4%B8%80%EF%BC%89/)\n- [Linker Explanation](https://github.com/nzcv/note/blob/master/linker/10why_three.md/readme.md)\n- [Linker Blog Post](https://github.com/xuanxuanblingbling/xuanxuanblingbling.github.io/blob/master/_posts/2018-02-23-so.md)\n- [Fake Linker](https://github.com/sanfengAndroid/fake-linker)\n\n## dlopen_ext.h and android_dlopen_ext\n- [libdl Group](https://developer.android.com/ndk/reference/group/libdl)\n- [android_dlextinfo Struct](https://developer.android.com/ndk/reference/structandroid/dlextinfo)\n- [dlopen Manual](https://linux.die.net/man/3/dlopen)\n- [Loading SO Files in Android](http://gttiankai.github.io/2018/01/03/android%E7%B3%BB%E7%BB%9F%E5%8A%A0%E8%BD%BDso%E7%9A%84%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90/)\n\n## Dlopen Examples\n- [Dlopen Greylisted Libraries or Custom LD_LIBRARY_PATH (Android 5.0+)](https://gist.github.com/khanhduytran0/faee2be9c8fd1282783b936156a03e1c)\n\n## Blog Posts\n- [CSDN Blog on Android](https://blog.csdn.net/god_wen/article/details/136527072)\n\n## Linker PLT Hook\n- [Linker PLT Hook](https://github.com/CrackerCat/simpread/blob/main/md/Android%20%E5%8A%A8%E6%80%81%E4%BF%AE%E6%94%B9%20Linker%20%E5%AE%9E%E7%8E%B0%20LD_PRELOAD%20%E5%85%A8%E5%B1%80%E5%BA%93%20PLT%20Hook%20%7C%20sfAndroid%20%E7%A7%BB%E5%8A%A8%E5%AE%89%E5%85%A8.md)\n\n## System.loadLibrary\n- [System.loadLibrary Analysis](https://github.com/CrackerCat/simpread/blob/main/md/%E5%AE%89%E5%8D%93%2010%20%E6%BA%90%E7%A0%81%E5%BC%80%E5%8F%91%E5%AE%9A%E5%88%B6%20(28)System.loadLibrary%20%E6%B5%81%E7%A8%8B%E5%88%86%E6%9E%90.md)\n- [CSDN Blog on System.loadLibrary](https://blog.csdn.net/weixin_30736301/article/details/99779643)\n- [Things About System.loadLibrary](https://github.com/imlk0/imlk0.github.io/blob/master/content/posts/things-about-system-loadibrary.md)\n\n## SO Section Headers\n- [SoRebuilder](https://github.com/giglf/SoRebuilder)\n\n## Hook dlopen\n- [Hook Dlopen](https://github.com/ogli324/Learn-and-Think-More/blob/master/Android%20Security/Android%E5%BA%94%E7%94%A8%E5%8A%A0%E5%9B%BA/Native%20Hook%E6%B3%A8%E5%85%A5/Android9.0%20hook%20dlopen%E9%97%AE%E9%A2%98%E5%A6%82%E4%BD%95hook%20dlopen%E7%9B%B8%E5%85%B3%E5%87%BD%E6%95%B0%20.md)\n\n## Rust Bindings\n- [Rust Mobile Android Activity](https://github.com/rust-mobile/android-activity)\n- [Rust Mobile NDK](https://github.com/rust-mobile/ndk?tab=readme-ov-file)\n\n## Miscellaneous\n- [Jianshu Article](https://www.jianshu.com/p/764960e933a7)\n\n## Webview Loader\n- [Webview Loader Blog](https://blog.csdn.net/Luoshengyang/article/details/53209199)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidanbanani%2Felf-processs-injection-linux-android","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fidanbanani%2Felf-processs-injection-linux-android","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidanbanani%2Felf-processs-injection-linux-android/lists"}