ARTist is anCode Instrumentation Framework.
It makes use of ART (Android RunTime),
specifically of ART’s dex2oat compiler, which ARTist uses for it’s code modification functionality.
The ARTist Toolkit consists of various modules, that depend and make use of each other.
In order to provide this functionality, ARTist needs root access on the device, because it needs to replace the compiled oat executables of already installed applications with it’s own injected version.
Android’s modified dex2oat compiler is used for the code injection.
dex2oat is part of ART (Android Runtime).
- ArtistGUI: Deployment tool for the installation and usage of ARTist on an android device.
- CodeLib (Java):
Contains the code that gets injected into existing Android application by
This enables the user to implement all the complex functionality in easy to write java sourcecode.
- codelib-gen: is
a sourcecode generation tool for artist.
It parses your Java CodeLib and generates a c++ header and sourcefile.
You can use theses generated sources with ARTist, to inject method calls to the Java CodeLib.
- codelib-gen: is a sourcecode generation tool for artist.
- monkey-troop: Python tool created to ease the evaluation of ARTist modules on real applications at large. Can recompile and test applications concurrently on multiple devices and supports downloading apps on the fly from Google Play.
With this setup, ARTist is able to provide researchers, developers and testers with an easy to use tool for compiler-based instruction injection.
Where to start
ARTist’s GUI Usage Guide helps you to handle the deployment application.
Supported Android versions:
Android 6.0 [API level 23]
Android 7.0 [API level 24]
Android 7.1 [API level 25]
Android 8.0 [API level 26]
Code Injection Process
- APK Preprocessing
- DexMerging (Checksum Rewriting)
- App Apk Compilation & Code Injection
- (Oat Execution)
CodeLib (partial) Merging
Partially merge CodeLib into existing applications. It is placed along the
classes.dex files as classes
2.dex … classes
Existing Dex files are updated with the CodeLib’s MethodIDs, StringIDs,
Strings, etc, but not the ClassDefinition itself.
- App recompilation
- Injection of method calls to the CodeLib
- CheckSum Rewriting
- OatFile Creation
- App recompilation