{"id":18010099,"url":"https://github.com/strazzere/android-lkms","last_synced_at":"2025-03-26T14:31:47.502Z","repository":{"id":19022211,"uuid":"22245551","full_name":"strazzere/android-lkms","owner":"strazzere","description":"Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators","archived":false,"fork":false,"pushed_at":"2014-09-11T22:23:54.000Z","size":154,"stargazers_count":209,"open_issues_count":0,"forks_count":64,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-03-21T23:23:06.345Z","etag":null,"topics":["android","android-lkms","emulators","kernel","loadable-kernel-modules","reverse-engineering"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/strazzere.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-07-25T05:05:12.000Z","updated_at":"2025-03-08T05:54:07.000Z","dependencies_parsed_at":"2022-08-28T14:40:57.170Z","dependency_job_id":null,"html_url":"https://github.com/strazzere/android-lkms","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strazzere%2Fandroid-lkms","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strazzere%2Fandroid-lkms/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strazzere%2Fandroid-lkms/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/strazzere%2Fandroid-lkms/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/strazzere","download_url":"https://codeload.github.com/strazzere/android-lkms/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245670767,"owners_count":20653416,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-lkms","emulators","kernel","loadable-kernel-modules","reverse-engineering"],"created_at":"2024-10-30T02:12:54.908Z","updated_at":"2025-03-26T14:31:47.229Z","avatar_url":"https://github.com/strazzere.png","language":"C","readme":"android-lkms\n============\n\nAndroid Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators.\n\n * antiptrace - simple ptrace hooking module for use to aid in reversing native applications on Android\n * open-read-write - hooks lots of functions in an attempt to find out what files a piece of malware was touching\n * antiunlink - prevents a specificed package name from unlinking files in it's own directory, specifically for use against dexprotector\n\nWarning\n-------\n\nBeware using any of these in a production like environment, they have been tested only in my personal\nqemu environments. Some are (bad) attempts at trying different methods of hooking things to see the\noutcome. The results may be unexpected and cause qemu environments to slow down due to performing slower\noperations in the kernel than you should be. Someone help your poor soul if you try to run all of these\non a real device.\n\nCompiling\n---------\n\nEdit the Makefile prior and ensure that the paths are correct for your system. There are\nassumptions made how your environments are set up. You will also need the 'sys_call_table'\nfrom the compiled kernel - which is grabbed automatically by a script. You can manually insert\nthis value into android_module.h if you would prefer.\n\nUsing the LKMS\n--------------\n\nI've written a blog about setting up an OSX environment for compiling the a Kernel capable of running\nLKMs, you should reference this for a quick and easy how-to;\n[Compiling an Android Emulator Kernel for Loadable Kernel Modules](http://www.strazzere.com/blog/2014/07/compiling-an-emulator-kernel-for-loadable-modules/)\n\n\ndiff@lookout.com","funding_links":[],"categories":["Tools"],"sub_categories":["Dynamic Analysis Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstrazzere%2Fandroid-lkms","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstrazzere%2Fandroid-lkms","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstrazzere%2Fandroid-lkms/lists"}