unidbg
unidbg is a Java-based emulator for running Android and iOS native libraries (ARM32/ARM64) in isolation on desktop systems. It supports JNI emulation, multiple CPU backends (Unicorn, dynarmic, Apple M1 hypervisor, KVM), and includes a debugger with Model Context Protocol (MCP) integration for AI-assisted analysis.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | zhkl0228/unidbg |
| Owner | zhkl0228 |
| Primary language | Java |
| License | Apache-2.0 — OSI-approved |
| Stars | 5.1k |
| Forks | 1.2k |
| Open issues | 419 |
| Latest release | v0.9.9 (2026-03-05) |
| Last updated | 2026-06-28 |
| Source | https://github.com/zhkl0228/unidbg |
What unidbg is
unidbg emulates ELF/MachO binaries and ARM instruction sets via pluggable backends (Unicorn, dynarmic, hypervisor, KVM), providing JNI Invocation API, syscall emulation, inline/Android import hooking, memory tracing, and breakpoint debugging. Recent versions add MCP server support for real-time AI-assisted debugging via tools like Cursor.
Get the unidbg source
Clone the repository and explore it locally.
git clone https://github.com/zhkl0228/unidbg.gitcd unidbg# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Java 8+ required; unidbg is a pure Java library with no native dependencies beyond the CPU emulation backends themselves (Unicorn, dynarmic are embedded as JARs).
- Requires understanding of ARM assembly, JNI, ELF/MachO formats, and Linux/macOS syscalls to effectively use debugger and trace features.
- MCP integration requires Cursor (or compatible AI tool) and active debugger session; breakpoint-based workflows pause emulation waiting for user input or AI commands.
- Memory leak detection and backtrace inspection add overhead; consider disabling for performance-sensitive analysis runs.
- iOS support is noted as experimental; feature parity and stability with Android emulation is unknown.
When to avoid it — and what to weigh
- Production runtime execution — unidbg is explicitly marked 'Use it at your own risk' and is an educational project, not a hardened production runtime. Not suitable for serving real user traffic or security-critical applications.
- Full application testing requiring OS integration — Emulates only native libraries and JNI; does not provide a full Android/iOS OS environment. App-level features (networking, graphics, sensors, permissions) require Android Studio emulator or Xcode simulator instead.
- High-performance ARM compute workloads — Emulation overhead is inherent; backends like dynarmic and hypervisor are faster than Unicorn but still slower than native execution. Not intended for performance-critical batch processing.
- Commercial code obfuscation or anti-reverse-engineering — unidbg is a reverse-engineering tool. If your business model depends on preventing code analysis, this tool contradicts that goal.
License & commercial use
Licensed under Apache License 2.0 (Apache-2.0), an OSI-approved permissive license allowing commercial use, modification, and distribution with attribution and indemnification clauses.
Apache-2.0 permits commercial use. However, unidbg is labeled an educational project with 'Use it at your own risk'; commercial users should conduct own due diligence on suitability, legal compliance (especially in jurisdictions with anti-circumvention laws), and assume all liability. No warranty or SLA provided by maintainer.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Possible |
| Assessment confidence | High |
unidbg emulates native code without sandboxing; malicious input or zero-days in emulated code could theoretically affect host. Use on trusted code or in isolated environments. No security audits or CVE tracking documented. Syscall emulation is partial (not comprehensive). Memory safety depends on unicorn/dynarmic implementations. For analyzing untrusted code, consider running in VM or container.
Alternatives to consider
Android Studio Emulator / Xcode Simulator
Full OS emulation with UI, sensors, networking. Slower but provides realistic app testing. Required if native code depends on Android/iOS framework calls beyond JNI.
Frida
Dynamic instrumentation and function hooking for running Android/iOS processes on real or emulated devices. Higher fidelity but requires device access and runtime injection.
Ghidra / IDA Pro
Static reverse engineering of binaries; no execution. Preferred for code analysis without running untrusted code, though less interactive for dynamic inspection.
Build on unidbg with DEV.co software developers
unidbg is ideal for security teams analyzing native libraries, malware researchers, and NDK developers testing code. Assess suitability for your use case—check iOS experimental status and legal/compliance requirements in your jurisdiction before production adoption.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
unidbg FAQ
Can I use unidbg to test my Android NDK library without a physical device?
What backends should I choose?
Is unidbg secure for analyzing malware?
How does MCP mode work with AI tools?
Software developers & web developers for hire
Need help beyond evaluating unidbg? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and mcp servers integrations — and maintain them long-term.
Evaluate unidbg for Your Reverse Engineering Workflow
unidbg is ideal for security teams analyzing native libraries, malware researchers, and NDK developers testing code. Assess suitability for your use case—check iOS experimental status and legal/compliance requirements in your jurisdiction before production adoption.