ADB-based Android memory modification toolkit — single binary with CLI + Web UI
memdroid lets you inspect and modify memory of Android processes directly from your PC — no PC root required. Connect via USB or Wi-Fi ADB, attach to any process, and start searching for values in seconds.
- CLI + Web UI run simultaneously — use whichever you prefer
- No PC root — all privileged operations run on the device via
adb shell su - Single binary — download, run, done
Grab the latest binary for your platform from the Releases page:
| Platform | File |
|---|---|
| macOS (Apple Silicon) | memdroid-darwin-arm64 |
| macOS (Intel) | memdroid-darwin-amd64 |
| Linux x86_64 | memdroid-linux-amd64 |
| Linux ARM64 | memdroid-linux-arm64 |
| Windows x86_64 | memdroid-windows-amd64.exe |
git clone https://github.com/ykus4/memdroid.git
cd memdroid
go build -o memdroid .adbin PATH- macOS:
brew install android-platform-tools - Linux:
sudo apt install adb
- macOS:
- Android device with root (e.g. Magisk) and USB debugging enabled
1. Connect your Android device via USB (or Wi-Fi ADB)
2. Run ./memdroid
3. Open http://localhost:8080 in your browser ← Web UI
or use the interactive CLI menu ← CLI
1s Attach to process → search "com.example.game"
7 Search value → enter current HP (e.g. 100)
Take damage in-game...
11 Filter: Decreased → narrow candidates
Repeat until 1–5 remain
15 Modify → set HP to 9999
17 Freeze → lock it there
pt Pointer Scan → find stable address for next session
28 Save State → persist bookmarks + candidates
| Category | Feature |
|---|---|
| Device | USB device selection, Wi-Fi ADB connect/disconnect |
| Process | List, search by name, multi-attach, switch active process |
| Search | Exact value — int32/64 uint32/64 float32/64 bytes, parallel scanning |
| Pattern | Byte pattern with ?? wildcard (e.g. FF 00 ?? 01) |
| String | UTF-8 and UTF-16LE string search & in-place edit |
| Filter | Changed / Unchanged / Increased / Decreased / Exact value |
| Pointer Scan | Find stable pointer chains, auto-resolve after ASLR rebasing |
| Modify | Write value with Undo, Freeze (configurable interval), Dump to file |
| Snapshot Diff | Compare two memory snapshots to find changed bytes |
| Watch | Real-time value change monitor — streamed to Web UI via WebSocket |
| Alerts | Conditional watch — auto-write or notify when value crosses threshold |
| Bookmarks | Named addresses, bulk modify, CheatEngine .CT import |
| Session | Save / load state (bookmarks + candidates) as JSON |
| Web UI | Hex viewer, paginated candidates, pointer tree view at http://localhost:8080 |
memdroid
├── CLI (main goroutine)
│ ├── main.go — entry point + REPL loop
│ ├── cli_helpers.go — prompt, parse, guards
│ ├── cli_device.go — device handlers
│ ├── cli_process.go — process handlers
│ ├── cli_search.go — search/filter handlers
│ └── cli_memory.go — modify, watch, pointer, maps, bookmarks
├── HTTP Server :8080 — Web UI + REST API + WebSocket
└── app.State (mutex-protected)
└── driver.Driver
├── ListProcesses — adb shell ps -A
├── Attach/Detach — kill -STOP / -CONT via su
├── Peek/Poke — /proc/<pid>/mem via dd + base64
└── ReadMaps — /proc/<pid>/maps
| Doc | Contents |
|---|---|
| docs/usage.md | Full CLI menu reference, workflows, value types, Wi-Fi ADB |
| docs/api.md | REST + WebSocket API reference |
| docs/architecture.md | Package structure, design decisions, algorithms |
| docs/development.md | Setup, pre-commit hooks, contribution guide |
This tool is intended for security research, CTF challenges, and personal educational use on devices you own.
- Only use memdroid on devices and applications you have explicit permission to analyze
- Do not use this tool to cheat in online multiplayer games or circumvent anti-cheat systems
- The authors are not responsible for any misuse or damage caused by this software
- Requires root on the Android device (
sumust be available inadb shell) - Pointer scan reads all
rwmemory regions — may take 30–60 s on large processes - Memory reads use
dd if=/proc/<pid>/mempiped throughbase64to survive ADB text transport - Full scans typically complete in seconds — each region is read in a single
adb shellcall