unidbg

Allows you to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS ARM32 emulation.

This is an educational project to learn more about the ELF file format and ARM assembly.

Use it at your own risk !

License

• unidbg uses software libraries from Apache Software Foundation.
• unidbg developer Idea enterprise licenses are supported by Jetbrains.
• IntelliJ IDEA can be used to edit unidbg sources.
• 

Simple tests under src/test directory

• unidbg-android/src/test/java/com/bytedance/frameworks/core/encrypt/TTEncrypt.java

---

• unidbg-android/src/test/java/com/sun/jna/JniDispatch32.java
  

---

• unidbg-android/src/test/java/com/sun/jna/JniDispatch64.java
  

---

• unidbg-android/src/test/java/org/telegram/messenger/Utilities32.java
  

---

• unidbg-android/src/test/java/org/telegram/messenger/Utilities64.java
  

More tests

• unidbg-android/src/test/java/com/github/unidbg/android/QDReaderJni.java

Features

• Emulation of the JNI Invocation API so JNI_OnLoad can be called.
• Support JavaVM, JNIEnv.
• Emulation of syscalls instruction.
• Support ARM32 and ARM64.
• Inline hook, thanks to HookZz.
• Android import hook, thanks to xHook.
• iOS fishhook and substrate and whale hook.
• Support simple console debugger, gdb stub, experimental IDA android debugger server, instruction trace, memory read/write trace.
• Support iOS objc and swift runtime.
• Support dynarmic backend.
• Support Apple M1 hypervisor backend.

Thanks

• unicorn
• dynarmic
• HookZz
• xHook
• AndroidNativeEmu
• usercorn
• keystone
• capstone
• idaemu
• jelf
• whale
• kaitai_struct
• fishhook
• runtime_class-dump