Pure-Python multi-architecture native library emulator (Android/iOS) with JNI, hooks, GDB and a web UI
Project description
PyUniDbg
Pure-Python multi-architecture native library emulator with JNI, hooks, a GDB server, and a built-in web UI.
PyUniDbg loads Android .so (and iOS dylib / Mach-O) native libraries on
your desktop machine, runs them under Unicorn Engine,
and exposes a Python-first API for hooking, tracing, and instrumentation
similar in spirit to unidbg — but
without any Java dependency.
Features
- Pure Python — no JVM, no native build step required.
- Multi-architecture —
arm,arm64,x86,x86_64. - ELF / Mach-O loading — full segment mapping, dynamic linker, init arrays.
- Complete JNI layer —
JNIEnv,JavaVM, jstrings, jbyteArray, jclass… - Linux/Android syscalls —
open,read,mmap,fstat(full struct),ptrace, signals… - libc emulation —
pthread,stdio,stdlib,string,wchar,memory… - Hooks — function, syscall, code, memory-read/write, address ranges.
- Frida-compatible scripting —
Interceptor,Memory,Module,Process,NativePointer,Stalker,Java. - Debugging — breakpoints, single-step, watchpoints, GDB-stub server, DAP/LLDB bridge.
- Snapshots & time-travel — save/restore CPU + memory state, diff snapshots.
- Coverage / tracing / taint —
drcovexport, instruction-level tracing, taint analysis. - Anti-debug bypass —
/proc/self/status,ptrace, signals, timing checks. - IDE bridges — IDA Pro, Ghidra, Binary Ninja, Radare2.
- Web UI — browser-based session manager with terminal, disassembly, scripting tab.
Installation
From PyPI (once published)
pip install pyunidbg # core engine only
pip install "pyunidbg[web]" # + FastAPI web UI
pip install "pyunidbg[all]" # everything (web, integrations, concolic, pwn, dev)
From source
git clone https://github.com/elvi7major/PyUniDbg.git
cd PyUniDbg
pip install -e ".[dev]"
Quick Start
from pyunidbg import AndroidEmulator
emu = AndroidEmulator(arch="arm64")
# Load a native library
module = emu.load_library("libnative.so")
# Allocate a JNI string and call a JNI function
jstr = emu.jni.new_string_utf("Hello World")
result = emu.call(
module.find_symbol("Java_com_example_Native_encrypt").address,
args=[emu.jni.env_ptr, emu.jni.jclass_ptr, jstr],
)
print("encrypted jstring ptr =", hex(result))
Hooking
from pyunidbg import AndroidEmulator, HookAction
emu = AndroidEmulator(arch="arm64")
@emu.hook.function("strlen")
def _trace_strlen(emu, address, args):
print("strlen(", emu.memory.read_string(args[0]), ")")
return HookAction.CONTINUE
@emu.hook.syscall("openat")
def _trace_open(emu, dfd, path_ptr, flags, mode):
print("open(", emu.memory.read_string(path_ptr), ")")
return HookAction.CONTINUE
Command-line interface
pyunidbg run libnative.so
pyunidbg call libnative.so -f Java_com_example_getSign --args "input" --context
pyunidbg scan libnative.so --jni --apk app.apk --with-address
pyunidbg info libnative.so --exports
pyunidbg debug libnative.so -p 1234 # GDB stub
pyunidbg analyze libnative.so --coverage -o coverage.drcov --format drcov
The CLI is also reachable via python -m pyunidbg. See
docs/cli.md for every command and option.
Web interface
pip install "pyunidbg[web]"
pyunidbg-web --port 8080
Open http://localhost:8080 and you get a full session manager with
terminal, disassembly, hex view, hook manager, scripting tab and live log
streaming.
Architecture
+-------------------------------------------------------+
| PyUniDbg |
+-------------------------------------------------------+
| High-Level API (CLI / Frida-bridge / Web UI / Apps) |
+-------------------------------------------------------+
| JNI layer | Syscall layer | libc/libart |
+-------------------------------------------------------+
| Memory Manager | Virtual FS | Snapshot system |
+-------------------------------------------------------+
| ELF / Mach-O loader | Dynamic linker |
+-------------------------------------------------------+
| CPU Emulator (Unicorn Engine) |
| ARM | ARM64 | x86 | x86_64 |
+-------------------------------------------------------+
Documentation
- What's New in 0.2.0
- Getting Started
- CLI Reference
- Architecture
- API Reference
- Android Emulator
- Hooks Guide
- JNI Reference
- Syscall Reference
- Debugging & Analysis
- Integrations (IDA / Ghidra / Binja / Radare2)
- Examples
Examples
examples/basic_usage.py— minimal emulator setup, memory and JNI string demo.examples/real_world_demo/— end-to-end demo against a self-built native library that mirrors real-world Android app patterns (anti-debug, sign generation, XOR string decryption, init-array constructors).
Project status
Beta — the core emulator and Android layer are stable; iOS support and some integrations are still maturing. See ROADMAP.md for what's coming next and CHANGELOG.md for the per-release history.
Known limitations
- iOS / Mach-O loading and the Objective-C runtime are functional for simple binaries but have less coverage than the Android path.
- The x86 and x86_64 backends are new in 0.2.0; the SysV / cdecl ABIs and
most libc are wired up, but expect rougher edges than
arm/arm64. - The optional
pyunidbg[concolic]extra requiresz3-solver, andpyunidbg[pwn]requirespwntools— both are heavy native installs that may need extra tooling on Windows / macOS. - The web UI (
pyunidbg[web]) is single-user by design; do not expose it to untrusted networks without your own authentication layer.
Disclaimer
PyUniDbg is intended for legitimate security research, education and software analysis on binaries you own or are authorised to analyse. By using the project you accept full responsibility for compliance with applicable laws, regulations and licence agreements. Reverse-engineering third-party software may be restricted in your jurisdiction.
Contributing
Pull requests, bug reports, and documentation improvements are very welcome — please read CONTRIBUTING.md first.
License
PyUniDbg is licensed under the Apache License, Version 2.0. See LICENSE and NOTICE for details.
Acknowledgments
- Unicorn Engine — CPU emulation.
- Capstone — disassembly.
- Keystone — assembly / patching.
- LIEF — ELF / Mach-O parsing.
- unidbg — original inspiration.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyunidbg-0.2.0.tar.gz.
File metadata
- Download URL: pyunidbg-0.2.0.tar.gz
- Upload date:
- Size: 726.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
29d3231a971ae4f7bd58148772607b91b66bf2b08f153846839606b319bd352d
|
|
| MD5 |
5e779a75d8e6a74595dc1fe2ee61bf7d
|
|
| BLAKE2b-256 |
8c93c4999a72760b6bc36398cec003990db1da531bea7b40291ef01dc8016448
|
File details
Details for the file pyunidbg-0.2.0-py3-none-any.whl.
File metadata
- Download URL: pyunidbg-0.2.0-py3-none-any.whl
- Upload date:
- Size: 799.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d5a211426ed0748de8fe1f8e6f4880488f40c88745ab4c8dd1f4d6ec46172c25
|
|
| MD5 |
3560f6a775d3da3e6dc88418a634d7a9
|
|
| BLAKE2b-256 |
d2c211bc92ec6709bb5f343b92cf64668de04947c1dae6c62ae1adc513d2c788
|
