Awesome
linjector-rs
Android port of linux_injector. Library injection using /proc/mem, without ptrace. Only aarch64 is supported.
To get an idea of how it works, you can read the blog post.
Usage
Inject code into a running process using /proc/mem
Usage: linjector-cli [OPTIONS] --file <FILE>
Options:
-p, --pid <PID>
pid of the target process
-a, --app-package-name <APP_PACKAGE_NAME>
target application's package name, (re)start the application and do injection
-f, --file <FILE>
path of the library/shellcode to inject
-i, --injection-type <INJECTION_TYPE>
type of injection
[default: raw-dlopen]
Possible values:
- raw-dlopen: Use dlopen to inject a library
- memfd-dlopen: Use memfd_create and dlopen to inject a library
- raw-shellcode: Inject raw shellcode
--func-sym <FUNC_SYM>
function to hijack for injection, in the form "lib.so!symbol_name"
--var-sym <VAR_SYM>
variable to hijack for injection, in the form "lib.so!symbol_name"
-d, --debug
enable debug logs
--logcat
print logs to logcat
-h, --help
Print help (see a summary with '-h')
-V, --version
Print version
Modes
Currently only raw dlopen mode works. Since SELinux doesn't allow calling dlopen on a memfd, memfd dlopen will not work. Shellcode mode is not yet implemented.