SherlockElf
SherlockElf is a powerful tool designed for both static and dynamic analysis of Android ELF binaries and dynamic iOS Macho-O binaries (experimental).
Install / Use
/learn @iamtorsten/SherlockElfREADME
SherlockElf is a powerful tool designed for both static and dynamic analysis of Android ELF binaries and dynamic analysis of iOS Macho-O binaries (experimental). It helps security researchers, developers, and reverse engineers gain insights into ELF (Executable and Linkable Format) binaries used in Android applications and Mach-O (Mach Object) binaries used in iOS applications. <br>
Emulator:
<p align="center"> <img src="assets/Emu.gif" alt="Emu"/> </p>Dynamic Binary Instrumentor:
<p align="center"> <img src="assets/Instrumentor.png" alt="Emu"/> </p>Features ✨
- Static Analysis: Extracts and analyzes metadata, headers, and sections from ELF binaries.
- Dynamic Analysis: Executes and monitors ELF and Mach-O (experimental) binaries to observe runtime behavior and identify potential vulnerabilities.
- User-friendly Interface: Intuitive command-line interface for easy interaction.
- Comprehensive Reports: Generates detailed analysis reports for further inspection.
- Cross-platform Support: Works seamlessly on multiple platforms including Windows, macOS, and Linux.
Installation 🛠️
To get started with SherlockElf, follow these steps:
-
Clone the Repository:
git clone https://github.com/iamtorsten/SherlockElf.git cd SherlockElf -
Install Dependencies:
pip install -r requirements.txt -
Setup Environment:
- Magisk or KernelSU rooted Android Phone or Tablet
- Jailbroken iOS Device (experimental)
- Running SherlockElf Server on Phone or Tablet
- Installed Frida Tools on PC
Usage 🚀
Using SherlockElf is straightforward. Below are some common commands and their descriptions:
- Static Analysis:
This command performs a static analysis on the specified ELF binary and outputs the results. <br><br>python emulator.py - Dynamic Analysis:
This command executes the ELF binary and monitors its memory behavior.with open("hook/mem.js") as f: script_code = f.read() sherlock = Inject(target=target) device, session = sherlock.attach() script = sherlock.source(session, script_code) script.on('message', on_message) script.load()
Contributing 🤝
We welcome contributions from the community! If you'd like to contribute to SherlockElf, please follow these steps:
- Fork the Repository: Click the "Fork" button at the top right of this page.
- Clone Your Fork:
git clone https://github.com/iamtorsten/SherlockElf.git - Create a Branch:
git checkout -b feature-branch - Make Your Changes and Commit:
git commit -am 'Add new feature' - Push to Your Fork:
git push origin feature-branch - Create a Pull Request: Navigate to the original repository and submit a pull request.
License 📜
SherlockElf is licensed under the MIT License. See the LICENSE file for more information.
Contact 📬
For any questions or feedback, please reach out via email at torsten.klinger@googlemail.com.
Disclaimer ⚖️
This Project is just for personal educational purposed only. You can modify it for your personal used. But i do not take any resonsibility for issues caused by any modification of this project. All processes illustrated in the project serve only as examples. <br><br>Use of this code must comply with applicable laws.
