OPPO Amber Lab

Aug 31, 2020 · Information Security

Android Kernel Hooking: Bypassing GKI Limits & Memory Protection

This article examines the security challenges of Android and IoT devices built on ARM/ARM64 platforms, explains how Google's Generic Kernel Image (GKI) restricts kernel modifications, and provides detailed techniques—including memory‑page attribute manipulation, remap_pfn_range, and assembly‑level hook implementations—to safely inject custom functionality into the kernel while addressing write‑protection, concurrency, and module‑unloading issues.