Anybody have experience reversing APK’s with Ghidra? – Digitalmunition

Home Forums Anybody have experience reversing APK’s with Ghidra?

This topic contains 1 reply, has 2 voices, and was last updated by  woodchipper2point0 1 month ago.

  • Author
  • #260068


    I have an app that imports 4 native libraries. The one im working on is called, do I have to load in all the other SO files in order to fully understand what the codes doing?

    Ive been looking everywhere to find out what this is doing, I dont know if I have to link the jni file or what?

    puVar1 = (undefined4 *)(**(code **)(*param_1 + 0x2ec))(param_1,param_4,0);

  • #260070


    You don’t really need to do that I think. Use apktool, and then dex2jar. Then use java decompiler to read the code pretty much line for line

  • #260075


    Any reason you couldn’t just use APKTool?

  • #260081


    What are you trying to achieve? Understand what it does? Start the higher level first, the JNI calls in your dex code. Their names often give interesting hints at what the native library does. Inspect the call parameters, you can also do it runtime, eg. With Frida. Once you have little understanding you may fire ghidra with the .so file. Look at the call graph and/or pseudo code starting from the JNI functions you already identified in dex classes.

You must be logged in to reply to this topic.