SherlockElf is a versatile tool for static and dynamic analysis of Android ELF binaries and experimental dynamic analysis of iOS Mach-O binaries.
SherlockElf is a powerful tool designed for both static and dynamic analysis of Android ELF binaries and dynamic iOS Macho-O binaries (experimental).
This tool is primarily used by security researchers, developers, and reverse engineers to analyze the structure and runtime behavior of Android and iOS application binaries. It enables detailed inspection of ELF and Mach-O files to identify vulnerabilities and understand malware behavior through both static and dynamic analysis.
Requires rooted Android devices (Magisk or KernelSU) or jailbroken iOS devices for dynamic analysis. The iOS Mach-O dynamic analysis feature is experimental and may have limited stability. Users should comply with applicable laws and use the tool for educational or authorized security research purposes only.
git clone https://github.com/iamtorsten/SherlockElf.git
cd SherlockElf
pip install -r requirements.txt
Use a Magisk or KernelSU rooted Android device or a jailbroken iOS device (experimental)
Run SherlockElf server on the phone or tablet
Install Frida tools on the PCpython emulator.py
Performs static analysis on the specified ELF binary and outputs the results.
with open("hook/mem.js") as f: script_code = f.read() sherlock = Inject(target=target) device, session = sherlock.attach() script = sherlock.source(session, script_code) script.on('message', on_message) script.load()
Executes the ELF binary and monitors its memory behavior dynamically using Frida instrumentation.