apk-medit: Memory Search and Patch Tool on Debuggable APK
Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile game security testing.
Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can be used casually like GameGuardian. However, there were no tools available for non-root device and CUI. So I made it as a security testing tool.
This is a demo that uses apk-medit to clear a game that requires one million taps to clear.
Download the binary from GitHub Releases, please push the binary in /data/local/tmp/ on an android device.
You can build with make command. It requires a go compiler. After the build is complete, if adb is connected, it pushes the built binary in /data/local/tmp/ on an android device.
GOOS=linux GOARCH=arm64 GOARM=7 go build -o medit
/bin/sh -c "adb push medit /data/local/tmp/medit"
medit: 1 file pushed. 23.7 MB/s (3131205 bytes in 0.126s)
Use the run-as command to read files used by the target app, so apk-medit can only be used with apps that have the debuggable attribute enabled. To enable the debuggable attribute, open AndroidManifest.xml, add the following xml attribute in application xml node:
You can also use aktsk/apkutil to easily enable the debuggable attribute without editing AndroidManifest.xml, it is useful.
$ apkutil debuggable <target-apk-name>.apk
After running the run-as command, directory is automatically changed. So copy medit from /data/local/tmp/. Running medit launches an interactive prompt.
$ adb shell
$ pm list packages # to check <target-package-name>
$ run-as <target-package-name>
$ cp /data/local/tmp/medit ./medit
Here are the commands available in an interactive prompt.
Search the specified integer on memory.
> find 999982
Search UTF-8 String...
Target Value: 999982([57 57 57 57 56 50])
parsing 999982: value out of range
Search Double Word...
Target Value: 999982([46 66 15 0])
You can also specify datatype such as string, word, dword, qword.