ColorOS短信漏洞，以及用户自救方案

Script to quickly hook natives call to JNI in Android

Writeup and exploit for CVE-2025-22441: Privilege escalation from installed app to SystemUI process on Android due to pass of untrusted ApplicationInfo to LoadedApk

Writeup and exploit for CVE-2024-49746: Android's Parcel::continueWrite closing File Descriptors that are later used

Writeup and exploit for CVE-2024-34740, integer overflow in Android's BinaryXmlSerializer to system_server file write and then to system_server code execution from normal installed app

Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".

Guide and theoretical code for CVE-2023-35674

2025年最好用的BT种子下载网站推荐！除了介绍优质的BT种子网站之外，本文还会推荐几款实用的BT下载工具，配合使用效果更佳。如果你想长期稳定地获取BT种子资源，减少广告干扰，提高下载成功率，这份清单值得收藏。

A binder interceptor framework for Android

插件化加载技术：APK插件LoadedApk、系统服务动态代理。

plugin use LoadedApk and custom ClassLooader

安卓系统定制：从入门到实践 开源图书🔥

A collection of samples of different Android OS platform APIs.

The FLARE team's open-source tool to identify capabilities in executable files.

Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source V…

CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch)

PoC of CVE-2022-20474

Significant security enchancements of recent major Android versions.

Silent Clipboard Reader

Proof-of-concept code for Android APEX key reuse vulnerability

dex-vm used to protect the android classes.dex file

Writeup and exploit for CVE-2023-45777, bypass for Intent validation inside AccountManagerService on Android 13 despite "Lazy Bundle" mitigation

A new version of Soot with a completely overhauled architecture

Implementing Siamese networks with a contrastive loss for similarity learning

AOSP picture-in-picture source code explore. 安卓画中画源码分析

A curation of awesome tools, documents and projects about LLM Security.

Android background process keep-alive, prevent uninstallation, anti-uninstall, background pop-up activity. The latest Android high-availability black-tech application keep-alive for 2024, achieving…

Multiple samples showing the best practices in identity on Android.