Reverse engineer an Android app's native .so library without a physical device.
Trace and hook function calls inside a native library using Frida-style scripts.
Debug a native library step by step with breakpoints and a GDB server.
Bypass common anti-debugging checks while analyzing a binary you're authorized to study.
| elvi7major/pyunidbg | 0-bingwu-0/live-interpreter | 0xkaz/llm-governance-dashboard | |
|---|---|---|---|
| Stars | 2 | 2 | 2 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 4/5 | 2/5 | 4/5 |
| Audience | researcher | general | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Core engine installs via pip, but the web UI, IDE bridges, and concolic extras need extra optional dependencies.
PyUniDbg is a Python tool that lets you run Android and iOS native library files, the low level .so and dylib files apps ship with, directly on your own desktop computer instead of on a phone or emulator. It does this by using the Unicorn Engine to simulate the actual CPU instructions inside those files, so you can inspect and control exactly what the code does, without needing Java or any special build step, since everything is written in pure Python. It supports the four processor types found in real Android and iOS devices, arm, arm64, x86, and x86 64, and understands the file formats those libraries come in, including the dynamic linking and initialization steps a real device would perform. It also reimplements the JNI layer that Android apps use to call into native code, along with a good chunk of the underlying Linux and Android system calls and C library functions those libraries typically rely on. The main use case is security research and reverse engineering. You can set breakpoints, step through code one instruction at a time, watch memory for changes, or attach a real debugger through a built in GDB server. It can save and restore the full CPU and memory state at any point, letting you rewind and compare different runs. It also supports writing Frida style scripts to intercept function calls, and it includes bypasses for common anti debugging tricks apps use, like checking process status files or watching for timing anomalies. For working alongside other reverse engineering tools, it offers bridges to IDA Pro, Ghidra, Binary Ninja, and Radare2. Beyond direct Python scripting, there is a command line interface for running, calling into, and analyzing a library file, plus an optional browser based web interface with a terminal, disassembly view, and scripting tab, meant for a single trusted user rather than public exposure. The project describes itself as still in beta, with Android support considered stable and iOS support still maturing, and asks that it only be used on software you own or are authorized to analyze. It is released under the Apache 2.0 license.
A pure Python tool that emulates Android and iOS native library files on your desktop for reverse engineering, with hooks, a GDB server, and a web-based interface.
Mainly Python. The stack also includes Python, Unicorn Engine, JNI.
Apache 2.0 licensed, free to use, modify, and distribute, including commercially, with patent protection and an attribution requirement.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.