Project: Indroid - Thread Injection Kit
Author: Aseem Jakhar
Organization: null - The open security community
Copyright (c) 2011-2021 Aseem Jakhar <aseemjakhar_at_gmail.com>. All rights reserved.
The aim of the project is to demonstrate that a simple debugging functionality on *nix systems a.k.a
ptrace() can be abused by malware to inject malicious code in remote processes. Indroid provides
CreateRemoteThread() equivalent for ARM based *nix devices.
If you want to get a more deeper insight into the working of the framework you may:
1. Watch my Defcon 19 video on Jugaad - http://www.youtube.com/watch?v=vju6tq1lp0k
2. Read the paper - http://www.slideshare.net/null0x00/project-jugaad
To use Indroid in a program all you need to do is compile the source. It creates libjugaad.a library which
you can link in your programs. You need to include jugaad.h in your code. The function that provides this
functionality is create_remote_thread() and is perhaps the only function required to be used.The header
file jugaad.h also explains the create_remote_thread() function and it's parameters in detail.
C. Compilation and instructions
1. The directory testproc contains a simple test target program only used for testing.
2. The directory asm contains assembly code which was used to create the ARM shellcode for indroid.
3. The directory indroid contains all the code for indroid framework.
4. You need the Android NDK setup and ndk-build script part of the $PATH
5. In the indroid directory run
This will create the android binary for testing.
b. For creating a static or shared library you need to change the Android.mk file accordingly.
6. The Makefile defaults to creating debug version of the library which has way too many printfs'.
If you want to compile libjugaad for production, make sure you remove the CFLAGS '-DDEBUG' and '-g'
in the Android.mk.
D. Next release
1. Add support for stealthy library injection.
2. Add support for remote process snooping.
3. Add Dex injection support
Feel free to send me an email (on aseemjakhar_at_gmail.com):
1. If you would like to contribute to indroid project.
2. If you would like to contribute to the null community in any way.