4-day longest streak
A 21 y.o. sophomore (also a former secondary vocational school student) from China. Expected to be unavailable in a short period due to health issues. Blog: https://blog.canyie.top/ <!-- Telegram channel:…
A 21 y.o. sophomore (also a former secondary vocational school student) from China. Expected to be unavailable in a short period due to health issues.
Blog: https://blog.canyie.top/
<!--
Telegram channel: @CanyieChannel -->
Research Outputs (such as papers, presentations, etc.):
- Parcel Mismatch - The History, Mitigation and Vulnerabilities *Google bugSWAT Mexico City 2025 (Closed-Door Conference)*
- VsyncBreaker: Subverting Screen Trust via State Disruption and ONE-WAY Flooding *BlackHat Asia 2026*
Also see my blog which contains many informal research articles.
Acknowledgements & Rankings:
- As of 2026/04/14 I am currently ranked #19 in the world on the entire Google Bug Hunters platform, #7 in the 2024 year, #6 in the 2025 year, and #5 in the entire Android Program. I'm also the champion of the Android Vulnerability Reward Program in 2025, see my name in Google VRPs in Review – 2025!
- Nickname "canyie" on Android Security Acknowledgements, Google Bug Hunters Leaderboard, Xiaomi Security Center, Huawei Bug Bounty Program, Huawei Security Acknowledgement, and Samsung Mobile Security
Bugs & Vulnerabilities (including independently discovered and those I have contributed to):
- Android & Google Devices: contributed to CVE-2021-39787, CVE-2024-0044 (PoC & writeup), CVE-2024-31318, CVE-2024-43080, CVE-2024-43081, CVE-2024-43088, CVE-2024-43090, CVE-2024-43762, CVE-2024-49733, CVE-2024-49741, CVE-2024-49743, CVE-2024-49744, CVE-2025-0076, CVE-2025-0100, CVE-2025-22432, CVE-2025-26464, CVE-2025-32323, CVE-2025-36889, CVE-2025-48524, CVE-2025-48535, CVE-2025-48545, CVE-2025-48554, CVE-2025-48569, CVE-2025-48570, CVE-2025-48573, CVE-2025-48575, CVE-2025-48580, CVE-2025-48582, CVE-2025-48611, CVE-2025-48615, CVE-2025-48635, CVE-2025-48645, CVE-2025-48648, CVE-2026-0014, CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0049, CVE-2026-0051, CVE-2026-0052, CVE-2026-0067, CVE-2026-0068, CVE-2026-0069, CVE-2026-0079, CVE-2026-0080, CVE-2026-0091, CVE-2026-0098, CVE-2026-28575
- Huawei: CVE-2025-31175, CVE-2026-41973, CVE-2026-41974
- Samsung: SVE-2025-1890 (CVE-2026-21014)
(This list may be out of sync. Search "canyie" in Android acknowledgements for all!)
<!--
Discussion Group:
- QQ Group: 949888394
- Telegram Group: [@DreamlandFramework](t.me/DreamlandFramework)
<!-- What are you trying to seek out? -->
Disclaimer: Although I'm a member of LSPosed Team, all repositories hosted by this account are owned by myself. They are maintained by me alone and have no affiliation with the LSPosed team nor are they part of the LSPosed community.
<!--
canyie/canyie is a ✨ _special_ ✨ repository because its README.md (this file) appears on your GitHub profile.
Here are some ideas to get you started:
- 🔭 I’m currently working on ...
- 🌱 I’m currently learning ...
- 👯 I’m looking to collaborate on ...
- 🤔 I’m looking for help with ...
- 💬 Ask me about ...
- 📫 How to reach me: ...
- 😄 Pronouns: ...
- ⚡ Fun fact: ...
-
pine
Dynamic java method hook framework on ART. Allowing you to change almost all java methods' behavior dynamically.
Java ★ 1.5k 7mo agoExplain → -
Dreamland
A third-party Xposed framework implementation which supports Android 5.0~14.
Java ★ 917 2y agoExplain → -
Riru-MomoHider ▣
A Riru module trying to make Magisk more hidden.
C++ ★ 721 3y agoExplain → -
MagiskKiller
Two ways to detect Magisk v23.0 and older. Magisk v24+ users won't be affected. OLD VERSIONS WERE BUGGY, UPGRADE YOUR MAGISK.
Java ★ 216 3y agoExplain → -
MagiskEoP
Exploit and writeup for installed app to root privilege escalation through CVE-2024-48336 (Magisk Bug #8279), Privileges Escalation / Arbitrary Code Execution Vulnerability
Java ★ 205 1y agoExplain → -
CVE-2024-0044
RunAsAnyone: PoC and writeup for bypassing the initial patch of CVE-2024-0044, Android run-as any app vulnerability allowing privilege escalation from adb to installed app
Java ★ 178 1y agoExplain → -
NbInjection
PoC of injecting zygote processes by replacing system native bridge support
C++ ★ 164 5y agoExplain → -
SettingsFirewall
Block shitty apps from reading system settings
Java ★ 160 2y agoExplain → -
DreamlandManager
Installer and manager for the Dreamland framework.
Java ★ 117 1y agoExplain → -
CVE-2024-23700
PoC for CVE-2024-23700, Android slient privilege escalation allow to read/write contacts, SMS, calendar, call log and voicemail, make outgoing calls or answer incoming calls, manipulate call settings, access & control notifications sent by other apps, control nearby devices, record audio, access device identifiers, and bypass background restriction
Java ★ 68 4mo agoExplain → -
BypassKeyguard
PoC of unlocking an Android device without lock screen password
Java ★ 67 3y agoExplain → -
Riru ⑂
Inject into zygote process
C++ ★ 36 3y agoExplain → -
canyie.github.io
残页的小博客
HTML ★ 25 11d agoExplain → -
Magisk ⑂
The Magic Mask for Android
C++ ★ 17 4mo agoExplain → -
canyie
It's me!! So cute!!!
★ 15 15d agoExplain → -
riru_dreamland
For Magisk module submission.
Shell ★ 10 5y agoExplain → -
awesome-google-vrp-writeups ⑂
🐛 A list of writeups from the Google VRP Bug Bounty program
★ 6 1y agoExplain → -
android-testdpc ⑂
Test DPC is a sample device policy controller for use with Android Enterprise. It gives developers the ability to see how their app will behave in a managed context such as device owner or within a managed profile. Users can set up a work profile, enable work apps, set applications restrictions, manage security polices, and much more.
★ 5 1y agoExplain → -
LSPosed ⑂
LSPosed Framework
Java ★ 5 4y agoExplain → -
selinux ⑂
This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to [email protected].
★ 5 2y agoExplain → -
libsu ⑂
A complete solution for apps using root permissions
Java ★ 5 2y agoExplain → -
blockblockchainchain
A list that collects all Twitter users who use automatic tools like twitter-blockchain to block users
★ 5 1y agoExplain → -
KernelSU ⑂
A Kernel based root solution for Android GKI
★ 5 3y agoExplain → -
Dobby ⑂
a lightweight, multi-platform, multi-architecture hook framework.
★ 5 2y agoExplain → -
iQOO-Z1-kernel
The source code of iQOO Z1's kernel. Cloned from https://opensource.vivo.com/Project
C ★ 4 4y agoExplain → -
Dress ⑂
好耶 是女装
★ 4 3y agoExplain → -
RikkaX ⑂
Rikka's Android libraries.
★ 3 4y agoExplain → -
chinese-independent-blogs ⑂
中文独立博客列表
★ 3 3y agoExplain → -
QAuxiliary ⑂
QNotified phoenix - To make OICQ great again
Java ★ 2 3y agoExplain → -
OneText-Library ⑂
Some sentences collected by myself
★ 1 4y agoExplain →
No repos match these filters.