[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82869":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":14,"forks30d":14,"starsTrendScore":18,"compositeScore":19,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":9,"pushedAt":9,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":14,"starSnapshotCount":14,"syncStatus":35,"lastSyncTime":36,"discoverSource":37},82869,"akane-injector","aimardcr\u002Fakane-injector","aimardcr","A kernel-assisted shared-library injector for Android. Loads any .so into a target process without ptrace, in-process dlopen, or visible traces in \u002Fproc\u002F\u003Cpid>\u002Fmaps. GKI 2.0 (Android 12-16).",null,"C",104,28,1,0,4,25,37,15,4.39,false,"main",true,[24,25,26,27,28,29,30,31],"android","anti-detection","arm64","frida","gki","injection","kernel-module","ptrace-free","2026-06-12 02:04:28","# akane-injector\n\nA kernel-assisted, tracelessly-resumable shared-library injector for Android.\nLoads any `.so` into a target process without `ptrace`, `dlopen` from inside,\nor visible artifacts in `\u002Fproc\u002F\u003Cpid>\u002Fmaps`.\n\n## Components\n\n- **`module\u002F`**: `akane.ko`, the kernel module. Exposes `\u002Fdev\u002Fakane` and\n four ioctl bands: memory (alloc \u002F read \u002F write \u002F protect in a target's mm),\n maps (per-VMA naming for disguise, plus `HIDE_FROM_MEMORY` to mask perms to\n `---p` and block non-root `\u002Fproc\u002F\u003Cpid>\u002F{mem,smaps,pagemap}` +\n `process_vm_readv\u002Fwritev` + `mincore`),\n hide (paths \u002F modules \u002F ports), and task_work (queue a `task_work_add` to\n redirect a target thread).\n- **`injector\u002Fcontroller\u002F`**: `akane-injector`, the host-side CLI. Drives the\n kernel module to map the runtime + payload into the target, patches the\n payload's GOT, and hijacks a thread via task_work to enter the bootstrap.\n- **`injector\u002Fruntime\u002F`**: `libakane-runtime.so`, loaded into the target\n alongside every payload. Provides `dl_iterate_phdr` \u002F `dladdr` \u002F `dlopen` \u002F\n `dlsym` \u002F `dlclose` \u002F `dlerror` hooks + a payload registry so libraries that\n introspect their own loaded image (Frida gadget, unwinders, sanitizers) find\n themselves.\n- **`injector\u002Fbootstrap\u002F`**: `bootstrap.S`, a small position-independent stub\n that gets `mem_write`'d into the target as an RX page. Spawns a worker\n thread to run the payload's `.init_array`, then resumes the hijacked thread.\n- **`injector\u002Floader\u002F`**: vendored CSOLoader (in-process ELF loader). Parses\n segments, resolves symbols, applies relocations.\n\n## Prerequisites\n\n- **Docker**: used to build the kernel module against an Android 12 \u002F 5.10\n kernel via `ghcr.io\u002Fylarod\u002Fddk-min`.\n- **Android NDK r26**: typically at `~\u002FAndroid\u002FSdk\u002Fndk\u002F26.3.11579264`.\n Override with `ANDROID_NDK_HOME` if installed elsewhere.\n- **adb**, with a rooted device or emulator connected.\n\n## Device requirements\n\nThe embedded-blob model requires a **GKI 2.0** device: i.e. a kernel with a\nfrozen KMI (Kernel Module Interface), which is what lets a single prebuilt\n`akane.ko` load across any device on that branch via `finit_module()`.\n\n| Requirement | Supported |\n|-------------|-----------|\n| Android version | **12 and later** (12, 13, 14, 15, 16) |\n| Kernel | **5.10 and later** (5.10, 5.15, 6.1, 6.6, 6.12) |\n| GKI generation | **2.0** (stable, enforced KMI) |\n| ABI | `arm64-v8a` (default), `armeabi-v7a` |\n| Access | rooted device \u002F emulator (the injector loads the module as root) |\n\n**Not supported, by design:**\n\n- **Android 11 \u002F kernel 5.4 (GKI 1.0).** GKI exists here, but its KMI is *not*\n frozen: retail kernels ship divergent symbol CRCs (`CONFIG_MODVERSIONS`), so\n a universal prebuilt module is rejected with a symbol-version mismatch. Only\n per-device, exact-kernel modules work, which the embedded-blob design can't\n ship. The `ghcr.io\u002Fylarod\u002Fddk-min` toolchain has no 5.4 branch for the same\n reason.\n- **Android 10 and older \u002F kernels 4.x (pre-GKI).** No generic kernel image at\n all; every module is per-device.\n\nThe matching is keyed on the kernel's GKI branch (the `androidNN` tag in\n`uname -r`), which is **frozen at device launch** and does not change when the\nOS is updated: a device that shipped `android13-5.15` still reports it after\nupgrading to Android 14.\n\n## Quickstart\n\n```sh\nmake # build everything under out\u002F\n.\u002Fscripts\u002Fdeploy.sh # adb push to \u002Fdata\u002Flocal\u002Ftmp\n.\u002Fscripts\u002Frun.sh -p \u003Cpid> -s \u002Fdata\u002Flocal\u002Ftmp\u002Fyour.so # invoke on device\nadb shell su -c \"rmmod akane\" # unload (optional)\n```\n\nOther Make targets: `make module`, `make injector`, `make clean`. Override the\nABI or kernel list per-invocation: `make ABI=armeabi-v7a`, `make KERNELS=android12-5.10`.\n\n## Module auto-load (multi-kernel)\n\nThe build matrix produces one `akane.ko` per supported GKI kernel target;\nevery successful build is `.incbin`'d into the same `akane-injector`\nbinary. On each invocation the injector checks for `\u002Fdev\u002Fakane`, and on\nabsence it:\n\n1. Reads `uname -r` (e.g. `5.10.236-android12-9-…`).\n2. Parses out the kernel `major.minor` (`5.10`) and the Android compat\n tag (`android12`).\n3. Picks the matching embedded blob: exact `(android, kernel)` first;\n same-kernel any-android fallback; otherwise refuses with a list of\n the kernels this binary was built with.\n4. Writes that blob to a memfd and calls `finit_module()`: no\n `.ko` ever lands on disk in the target.\n\n### Configured kernel targets\n\nDefault `KERNELS` list (override to build a subset):\n\n| `KERNEL` | Kernel | Android GKI |\n|---------------------|--------|-------------|\n| `android16-6.12` | 6.12 | 16 |\n| `android15-6.6` | 6.6 | 15 |\n| `android14-6.1` | 6.1 | 14 |\n| `android14-5.15` | 5.15 | 14 |\n| `android13-5.15` | 5.15 | 13 |\n| `android13-5.10` | 5.10 | 13 |\n| `android12-5.10` | 5.10 | 12 |\n\n```sh\nmake KERNELS=\"android14-6.1 android15-6.6\" # build a subset\n```\n\nA docker build failure for any single kernel prints a warning and is\nexcluded from embedding; the remaining kernels still build and the\ninjector still ships with whatever succeeded.\n\n### Discovering a device's target\n\n```sh\nadb shell uname -r\n# 5.10.236-android12-9-… -> android12-5.10 (or fall back to android13-5.10)\n```\n\n## Build artifacts\n\nAll outputs land under `out\u002F`:\n\n```\nout\u002F\n├── module\u002F\n│ ├── android12-5.10\u002Fakane.ko (embedded into the injector)\n│ ├── android13-5.10\u002Fakane.ko\n│ ├── android14-6.1\u002Fakane.ko\n│ └── … (one dir per KERNEL target)\n└── injector\u002F\n ├── blobs\u002F (generated .S + table.c for embedding)\n └── libs\u002Farm64-v8a\u002F\n ├── akane-injector\n └── libakane-runtime.so\n```\n\n`out\u002F` is gitignored. Source trees stay clean.\n\n## Multi-ABI\n\nDefault ABI is `arm64-v8a`. Override per invocation:\n\n```sh\nmake injector ABI=armeabi-v7a\n```\n\n## Credits\n\n- [**ddk**](https:\u002F\u002Fgithub.com\u002FYlarod\u002Fddk): Android kernel-module build\n toolchain; `ghcr.io\u002Fylarod\u002Fddk-min` builds `akane.ko` against each GKI branch.\n- [**CSOLoader**](https:\u002F\u002Fgithub.com\u002FThePedroo\u002FCSOLoader): vendored in-process\n ELF loader (`injector\u002Floader\u002F`) that parses segments, resolves symbols, and\n applies relocations.\n","akane-injector 是一个用于Android的内核辅助共享库注入工具,能够无痕地将任意.so文件加载到目标进程中。它不使用ptrace或进程内dlopen,并且在\u002Fproc\u002F\u003Cpid>\u002Fmaps中不留痕迹,支持GKI 2.0(Android 12-16)。该项目的核心功能包括通过内核模块实现内存操作、映射伪装、隐藏路径和端口等,同时提供命令行界面进行控制。适用于需要在不被检测的情况下对Android应用进行动态分析或调试的场景,如安全研究、逆向工程等。",2,"2026-06-11 04:09:29","CREATED_QUERY"]