Skip to content
/ MemKernel Public

A android kernel driver for read/write physical memory.

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

onghua/MemKernel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
kernel
kernel
 
 
user
user
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

MemKernel

MemKernel is a Kernel Driver for Android. Created by Jiang-Night, modified according to my personal need. This driver Reads, Writes physical memory of target process (effectively bypassing anticheats).

Integration

3 ways you can integrate this driver to your kernel source (for compilation) using setup script:

  • Y : To build the source as part of the kernel. (statically build within kernel).
curl -LSs "https://raw.githubusercontent.com/aiichi/MemKernel/main/kernel/setup.sh" | bash -s Y
  • M : To build lkm (loadable kernel module). after adding this driver and building the kernel again, the lkm might be shipped within kernel (remember it).
curl -LSs "https://raw.githubusercontent.com/aiichi/MemKernel/main/kernel/setup.sh" | bash -s M
  • M-OUT : People who don't want to integrate this driver to their kernel source can use this option. this tells the setup script that the driver will be build out-of-tree as module. (Note: upstream linux discourages support for building out-of-tree modules: Read-Article)
curl -LSs "https://raw.githubusercontent.com/aiichi/MemKernel/main/kernel/setup.sh" | bash -s M-OUT

TIP : By default the setup script generates random name for the driver (/dev/randomname), this is to bypass existency check done via access(2) syscall. but you can override this behaviour by providing 2nd argument to the setup script like this:

curl -LSs "https://raw.githubusercontent.com/aiichi/MemKernel/main/kernel/setup.sh" | bash -s M myname

Compilation

Totally depends on the kernel source you're building (gki & non-gki). I leave this part upto you.

How It Works

On a higher level:

This driver code (be it lkm or inbuilt within kernel) creates a character device driver in dev folder (/dev/drivername). A userspace app with root permission can talk to this driver (file) via ioctl(2) syscall. the kernel part (driver) reads or writes the target memory behalf on userspace app and forward read data to userspace app to use.

Problems

  • This driver currently don't have synchronisation mechanism to handle multiple users or multiple threads of single user.
  • No validation layer exists, so any root users can use this driver (if they know the name and purpose of the driver). it's a critical security risk, You have been warned: use it at your own risk.

About

A android kernel driver for read/write physical memory.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages