ARTist is an Code Instrumentation Framework.

It makes use of ART (Android RunTime), specifically of ART’s dex2oat compiler, which ARTist uses for it’s code modification functionality.
The ARTist Toolkit consists of various modules, that depend and make use of each other.

In order to provide this functionality, ARTist needs root access on the device, because it needs to replace the compiled oat executables of already installed applications with it’s own injected version.

ARTist ToolKit

  • art with ARTist: Android’s modified dex2oat compiler is used for the code injection.
    dex2oat is part of ART (Android Runtime).
  • ArtistGUI: Deployment tool for the installation and usage of ARTist on an android device.
  • CodeLib (Java): Contains the code that gets injected into existing Android application by ARTist.
    This enables the user to implement all the complex functionality in easy to write java sourcecode.
    • codelib-gen: is a sourcecode generation tool for artist.
      It parses your Java CodeLib and generates a c++ header and sourcefile.
      You can use theses generated sources with ARTist, to inject method calls to the Java CodeLib.
  • monkey-troop: Python tool created to ease the evaluation of ARTist modules on real applications at large. Can recompile and test applications concurrently on multiple devices and supports downloading apps on the fly from Google Play.

With this setup, ARTist is able to provide researchers, developers and testers with an easy to use tool for compiler-based instruction injection.

Where to start

Before you can start developing with ARTist, you should complete the Build Setup, Developing ARTist and ARTist’s CodeLib.

ARTist’s GUI Usage Guide helps you to handle the deployment application.

Supported Android versions:

Android 6.0 [API level 23]
Android 7.0 [API level 24]
Android 7.1 [API level 25]
Android 8.0 [API level 26]

Code Injection Process

  1. APK Preprocessing
    • DexMerging (Checksum Rewriting)
    • ReZip
    • ReSign
  2. App Apk Compilation & Code Injection
  3. (Oat Execution)

CodeLib (partial) Merging

Partially merge CodeLib into existing applications. It is placed along the applications classes.dex files as classes2.dex … classesn.dex. Existing Dex files are updated with the CodeLib’s MethodIDs, StringIDs, Strings, etc, but not the ClassDefinition itself.

  • ARTist
    • App recompilation
      • Injection of method calls to the CodeLib
      • CheckSum Rewriting
      • OatFile Creation