Reversing Native Libraries

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Deepen your expertise in Mobile Security with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:

On-demand Mobile Security Training | 8kSec Academy8kSec Academy

For further information check: https://maddiestone.github.io/AndroidAppRE/reversing_native_libs.html

Programu za Android zinaweza kutumia maktaba za asili, ambazo kwa kawaida zimeandikwa kwa C au C++, kwa kazi zinazohitaji utendaji wa juu. Waumbaji wa malware pia hutumia maktaba hizi, kwani ni vigumu zaidi kuzirekebisha kuliko bytecode ya DEX. Sehemu hii inasisitiza ujuzi wa kurekebisha ambao umeandaliwa kwa Android, badala ya kufundisha lugha za mkusanyiko. Toleo la ARM na x86 la maktaba linapatikana kwa ajili ya ulinganifu.

Key Points:

Native Libraries in Android Apps:
Zinatumika kwa kazi zinazohitaji utendaji wa juu.
Zimeandikwa kwa C au C++, na kufanya kurekebisha kuwa changamoto.
Zinapatikana katika muundo wa .so (kipande kilichoshirikiwa), sawa na binaries za Linux.
Waumbaji wa malware wanapendelea msimbo wa asili ili kufanya uchambuzi kuwa mgumu.
Java Native Interface (JNI) & Android NDK:
JNI inaruhusu mbinu za Java kutekelezwa katika msimbo wa asili.
NDK ni seti ya zana maalum za Android za kuandika msimbo wa asili.
JNI na NDK huunganisha msimbo wa Java (au Kotlin) na maktaba za asili.
Library Loading & Execution:
Maktaba zinapakiwa kwenye kumbukumbu kwa kutumia System.loadLibrary au System.load.
JNI_OnLoad inatekelezwa wakati wa kupakia maktaba.
Mbinu za asili zilizotangazwa na Java huunganisha na kazi za asili, na kuwezesha utekelezaji.
Linking Java Methods to Native Functions:
Dynamic Linking: Majina ya kazi katika maktaba za asili yanalingana na muundo maalum, kuruhusu uunganisho wa moja kwa moja.
Static Linking: Inatumia RegisterNatives kwa uunganisho, ikitoa kubadilika katika majina ya kazi na muundo.
Reverse Engineering Tools and Techniques:
Zana kama Ghidra na IDA Pro husaidia kuchambua maktaba za asili.
JNIEnv ni muhimu kwa kuelewa kazi na mwingiliano wa JNI.
Mazoezi yanatolewa ili kufanyia mazoezi kupakia maktaba, kuunganisha mbinu, na kutambua kazi za asili.

Resources:

Learning ARM Assembly:
Inapendekezwa kwa kuelewa kwa kina muundo wa msingi.
ARM Assembly Basics kutoka Azeria Labs inapendekezwa.
JNI & NDK Documentation:
Oracle's JNI Specification
Android's JNI Tips
Getting Started with the NDK
Debugging Native Libraries:
Debug Android Native Libraries Using JEB Decompiler

Deepen your expertise in Mobile Security with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:

On-demand Mobile Security Training | 8kSec Academy8kSec Academy

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousReact Native Application NextSmali - Decompiling/[Modifying]/Compiling

Last updated 6 days ago