# BPFroid

**Repository Path**: dolfly/BPFroid

## Basic Information

- **Project Name**: BPFroid
- **Description**: Trace Android framework API, native libraries, system calls and other events using eBPF
- **Primary Language**: Go
- **License**: Apache-2.0
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2026-03-26
- **Last Updated**: 2026-04-08

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

![No Maintenance Intended](https://img.shields.io/maintenance/no/2021.svg)
# BPFroid
Trace Android framework API, native libraries, system calls and other events using eBPF.
Based on Tracee: https://github.com/aquasecurity/tracee

For more information about this work also see: https://arxiv.org/abs/2105.14344

## Requirements
* Android linux kernel that provides BPF capabilities: BPF, Kprobes and Uprobes
* kernel headers (used for BPF program compilation)
* clang

## Building BPFroid for arm64
* Prepare compilation environment with docker:
  docker run -it --rm --privileged multiarch/qemu-user-static --credential yes --persistent yes
* Use the Dockerfile in builder directory to build an image of the build environment
* Run builder container with BPFroid sources mounted and kernel headers as well, e.g:
  docker run -it --rm -v /path/to/tracee:/tracee -v /path/to/android-kernel:/headers bpfroid_builder
* Set KERN_HEADERS variable in the Makefile to point to the correct location, then make, e.g:
  KERN_HEADERS=/headers make

## Building for android emulator
* KERN_HEADERS=/path/to/android-goldfish-kernel make

## Running BPFroid
* Clone and build BPFroid
* Copy bpfroid binary and bpf object file to target device (built into "dist" by default)
* Configure required hooks in hooks.json
* Run

## Notes
* System updates that change oat framework files requires deleting hooks.cache file!