chinleez

chinleez / eBPFDexDumper-rs

Public

面向 Android ARM64 的 eBPF DEX dump 工具。

19
8
69% credibility
Found May 09, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

A utility for extracting and reconstructing bytecode from executing Android applications on rooted devices.

How It Works

1
🔍 Discover the app explorer

You hear about a simple tool that lets you peek inside Android apps to see their inner workings on your special phone.

2
📱 Prepare your phone

Connect your phone and pick the app you want to explore by its name or number.

3
▶️ Start capturing secrets

Hit go and watch as the tool quietly grabs the app's hidden instructions while it runs.

4
⏹️ Stop and collect files

When ready, stop to get raw files full of the app's code snippets.

5
🔧 Polish the files

Run a quick fix to fill in any missing pieces and make everything complete.

Unlock the app's code

Enjoy studying the full, working code of your chosen app, ready for your analysis.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is eBPFDexDumper-rs?

eBPFDexDumper-rs is a Rust tool using eBPF to dump DEX files from live Android ARM64 apps on rooted devices running Android 13-17. It hooks ART runtime entrypoints to snag DEX from memory, captures bytecode of executed methods, and runs a 'fix' command to patch dumps with real code plus coverage reports. Outputs ready-to-use DEX for analysis, no APK unpacking needed.

Why is it gaining traction?

Unlike static unpackers, it grabs runtime DEX post-decryption and backfills missing bytecode automatically, with modes like 'lifecycle' for stealthier probes on anti-debug apps. Handles android arm64 emulator quirks and builds cleanly in android github actions or codespaces. Flexible CLI targets packages, PIDs, or UIDs, plus native ELF scanning for hidden loaders.

Who should use this?

Android reverse engineers dumping protected apps from rooted phones or android arm64 qemu images. Security researchers tracing method execution on android arm64 utm VMs or custom android arm64 iso downloads. Teams analyzing ARM64 vs x86 behaviors without full device teardowns.

Verdict

Worth trying for runtime DEX on Android ARM64—download the prebuilt android arm64 binary from releases. At 19 stars and 0.699999988079071% credibility score, it's niche and maturing; strong README guides rooted setups, but test on your kernel first. Solid if eBPF fits, otherwise stick to Frida.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.