Skip to content

Commit cd567eb

Browse files
MJx0MJx0
committed
v4.0.0 Update
-Overall code improvements & fixes -Use JNI_OnLoad as entry point -New better method to find soinfo offsets -New solist patch method for emulators -New better method to find exported namespace for emulators
1 parent d6a5508 commit cd567eb

File tree

14 files changed

+844
-351
lines changed

14 files changed

+844
-351
lines changed

AndKittyInjector/injtest/arm64-v8a/libinjtest.so

72 Bytes
Binary file not shown.

AndKittyInjector/injtest/armeabi-v7a/libinjtest.so

92 Bytes
Binary file not shown.

AndKittyInjector/injtest/x86/libinjtest.so

108 Bytes
Binary file not shown.

AndKittyInjector/injtest/x86_64/libinjtest.so

80 Bytes
Binary file not shown.

AndKittyInjector/runtest.bat

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,10 +35,17 @@ adb shell "su -c 'kill $(pidof %INJECTOR_NAME%) > /dev/null 2>&1'"
3535
:: exec perm
3636
adb shell "su -c 'chmod 755 %INJECTOR_PATH%'"
3737

38-
:: using -dl_memfd -hide -watch
38+
:: using -dl_memfd -hide_maps -hide_solist -watch
3939
:: native injection might not need -delay when using -watch
40-
:: unless you try to inject emulated lib x86_64 -> arm64 / x86 -> arm
41-
adb shell "su -c './%INJECTOR_PATH% -pkg %APP% -lib %LIB_PATH% -dl_memfd -hide -watch'"
40+
:: unless you try to inject emulated lib with NativeBridge then you will need some delay
41+
SET NATIVE_CMD=adb shell "su -c './%INJECTOR_PATH% -pkg %APP% -lib %LIB_PATH% -dl_memfd -hide_maps -hide_solist -watch'"
42+
43+
:: using -dl_memfd -hide_maps -hide_solist -watch -delay 800000 (800ms) increase if needed
44+
:: recommended for emulated injection with NatievBridge
45+
:: -hide_solist here will be using memory scans to find solist, might not be perfect but it works most of time
46+
SET EMULATED_CMD=adb shell "su -c './%INJECTOR_PATH% -pkg %APP% -lib %LIB_PATH% -dl_memfd -hide_maps -hide_solist -watch -delay 800000'"
47+
48+
IF "%INJECTOR_ARCH%"=="%LIB_ARCH%" (%NATIVE_CMD%) ELSE (%EMULATED_CMD%)
4249

4350
ECHO ========= CHECKING MAPS =========
4451

AndKittyInjector/runtest_google.bat

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ SET "INJECTOR_PATH=/data/local/tmp/AndKittyInjector"
77
SET "APP=com.kiloo.subwaysurf"
88

99
:: test lib prints hello world to ( logcat -s "KittyMemoryEx" )
10-
SET "LIB_ARCH=x86_64"
10+
SET "LIB_ARCH=arm64"
1111
SET "LIB_PATH=/data/local/tmp/injtest.so"
1212

1313
ECHO INJECTOR_PATH = %INJECTOR_PATH%
@@ -37,10 +37,17 @@ adb shell "kill $(pidof %INJECTOR_NAME%) > /dev/null 2>&1"
3737
:: exec perm
3838
adb shell "chmod 755 %INJECTOR_PATH%"
3939

40-
:: using -dl_memfd -hide -watch
40+
:: using -dl_memfd -hide_maps -hide_solist -watch
4141
:: native injection might not need -delay when using -watch
42-
:: unless you try to inject emulated lib x86_64 -> arm64 / x86 -> arm
43-
adb shell "./%INJECTOR_PATH% -pkg %APP% -lib %LIB_PATH% -dl_memfd -hide -watch"
42+
:: unless you try to inject emulated lib with NativeBridge then you will need some delay
43+
SET NATIVE_CMD=adb shell "./%INJECTOR_PATH% -pkg %APP% -lib %LIB_PATH% -dl_memfd -hide_maps -hide_solist -watch"
44+
45+
:: using -dl_memfd -hide_maps -hide_solist -watch -delay 800000 (800ms)
46+
:: recommended for emulated injection with NatievBridge
47+
:: -hide_solist here will be using memory scans to find solist, might not be perfect but it works most of time
48+
SET EMULATED_CMD=adb shell "./%INJECTOR_PATH% -pkg %APP% -lib %LIB_PATH% -dl_memfd -hide_maps -hide_solist -watch -delay 800000"
49+
50+
IF "%INJECTOR_ARCH%"=="%LIB_ARCH%" (%NATIVE_CMD%) ELSE (%EMULATED_CMD%)
4451

4552
ECHO ========= CHECKING MAPS =========
4653

0 commit comments

Comments
 (0)