DEV.co
MCP Servers · zhkl0228

unidbg

unidbg is a Java-based emulator for running Android and iOS native libraries (ARM32/ARM64) in isolation on desktop systems. It supports JNI emulation, multiple CPU backends (Unicorn, dynarmic, Apple M1 hypervisor, KVM), and includes a debugger with Model Context Protocol (MCP) integration for AI-assisted analysis.

Source: GitHub — github.com/zhkl0228/unidbg
5.1k
GitHub stars
1.2k
Forks
Java
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryzhkl0228/unidbg
Ownerzhkl0228
Primary languageJava
LicenseApache-2.0 — OSI-approved
Stars5.1k
Forks1.2k
Open issues419
Latest releasev0.9.9 (2026-03-05)
Last updated2026-06-28
Sourcehttps://github.com/zhkl0228/unidbg

What unidbg is

unidbg emulates ELF/MachO binaries and ARM instruction sets via pluggable backends (Unicorn, dynarmic, hypervisor, KVM), providing JNI Invocation API, syscall emulation, inline/Android import hooking, memory tracing, and breakpoint debugging. Recent versions add MCP server support for real-time AI-assisted debugging via tools like Cursor.

Quickstart

Get the unidbg source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/zhkl0228/unidbg.gitcd unidbg# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Security research and reverse engineering

Analyze Android/iOS native libraries in a controlled environment without running on a physical device. Inspect JNI calls, hook functions, trace memory, and step through ARM code with a debugger.

Malware analysis and threat assessment

Safely execute and analyze suspicious native code from apps, extract encryption keys, and understand obfuscated logic using memory inspection, syscall tracing, and function hooking.

Native code testing and debugging

Test C/C++ libraries compiled for ARM in CI/CD pipelines or locally without device emulators; useful for NDK development, library behavior validation, and cross-platform verification.

Implementation considerations

  • Java 8+ required; unidbg is a pure Java library with no native dependencies beyond the CPU emulation backends themselves (Unicorn, dynarmic are embedded as JARs).
  • Requires understanding of ARM assembly, JNI, ELF/MachO formats, and Linux/macOS syscalls to effectively use debugger and trace features.
  • MCP integration requires Cursor (or compatible AI tool) and active debugger session; breakpoint-based workflows pause emulation waiting for user input or AI commands.
  • Memory leak detection and backtrace inspection add overhead; consider disabling for performance-sensitive analysis runs.
  • iOS support is noted as experimental; feature parity and stability with Android emulation is unknown.

When to avoid it — and what to weigh

  • Production runtime execution — unidbg is explicitly marked 'Use it at your own risk' and is an educational project, not a hardened production runtime. Not suitable for serving real user traffic or security-critical applications.
  • Full application testing requiring OS integration — Emulates only native libraries and JNI; does not provide a full Android/iOS OS environment. App-level features (networking, graphics, sensors, permissions) require Android Studio emulator or Xcode simulator instead.
  • High-performance ARM compute workloads — Emulation overhead is inherent; backends like dynarmic and hypervisor are faster than Unicorn but still slower than native execution. Not intended for performance-critical batch processing.
  • Commercial code obfuscation or anti-reverse-engineering — unidbg is a reverse-engineering tool. If your business model depends on preventing code analysis, this tool contradicts that goal.

License & commercial use

Licensed under Apache License 2.0 (Apache-2.0), an OSI-approved permissive license allowing commercial use, modification, and distribution with attribution and indemnification clauses.

Apache-2.0 permits commercial use. However, unidbg is labeled an educational project with 'Use it at your own risk'; commercial users should conduct own due diligence on suitability, legal compliance (especially in jurisdictions with anti-circumvention laws), and assume all liability. No warranty or SLA provided by maintainer.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

unidbg emulates native code without sandboxing; malicious input or zero-days in emulated code could theoretically affect host. Use on trusted code or in isolated environments. No security audits or CVE tracking documented. Syscall emulation is partial (not comprehensive). Memory safety depends on unicorn/dynarmic implementations. For analyzing untrusted code, consider running in VM or container.

Alternatives to consider

Android Studio Emulator / Xcode Simulator

Full OS emulation with UI, sensors, networking. Slower but provides realistic app testing. Required if native code depends on Android/iOS framework calls beyond JNI.

Frida

Dynamic instrumentation and function hooking for running Android/iOS processes on real or emulated devices. Higher fidelity but requires device access and runtime injection.

Ghidra / IDA Pro

Static reverse engineering of binaries; no execution. Preferred for code analysis without running untrusted code, though less interactive for dynamic inspection.

Software development agency

Build on unidbg with DEV.co software developers

unidbg is ideal for security teams analyzing native libraries, malware researchers, and NDK developers testing code. Assess suitability for your use case—check iOS experimental status and legal/compliance requirements in your jurisdiction before production adoption.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

unidbg FAQ

Can I use unidbg to test my Android NDK library without a physical device?
Yes. Load the compiled .so file via DalvikVM/Emulator, call JNI functions, and inspect results. This works well for pure native code; if your library calls Android framework APIs, those require emulation setup (partial in unidbg).
What backends should I choose?
Unicorn is most compatible and featured (debugger, tracing, gdb stub). dynarmic and hypervisor are faster. KVM is for Linux + Raspberry Pi. Choose based on speed vs. feature needs.
Is unidbg secure for analyzing malware?
Safer than running on a real device, but not a sandbox. Emulation can be escaped or bypassed by sophisticated code. Use in isolated VMs or containers for untrusted binaries.
How does MCP mode work with AI tools?
When debugger hits a breakpoint, type 'mcp' in console to start an HTTP server. Configure Cursor or other MCP clients to connect; AI can then inspect registers, memory, call functions, and step execution. Suitable for interactive reverse engineering, not batch automation.

Software developers & web developers for hire

Need help beyond evaluating unidbg? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and mcp servers integrations — and maintain them long-term.

Evaluate unidbg for Your Reverse Engineering Workflow

unidbg is ideal for security teams analyzing native libraries, malware researchers, and NDK developers testing code. Assess suitability for your use case—check iOS experimental status and legal/compliance requirements in your jurisdiction before production adoption.