This topic contains 1 reply, has 2 voices, and was last updated by woodchipper2point0 1 month ago.
- June 5, 2020 at 6:47 pm #260068
I have an app that imports 4 native libraries. The one im working on is called rt_main.so, do I have to load in all the other SO files in order to fully understand what the codes doing?
Ive been looking everywhere to find out what this is doing, I dont know if I have to link the jni file or what?
puVar1 = (undefined4 *)(**(code **)(*param_1 + 0x2ec))(param_1,param_4,0);
- June 5, 2020 at 6:53 pm #260070
You don’t really need to do that I think. Use apktool, and then dex2jar. Then use java decompiler to read the code pretty much line for line
- June 5, 2020 at 6:53 pm #260075
Any reason you couldn’t just use APKTool?
- June 5, 2020 at 6:53 pm #260081
What are you trying to achieve? Understand what it does? Start the higher level first, the JNI calls in your dex code. Their names often give interesting hints at what the native library does. Inspect the call parameters, you can also do it runtime, eg. With Frida. Once you have little understanding you may fire ghidra with the .so file. Look at the call graph and/or pseudo code starting from the JNI functions you already identified in dex classes.
You must be logged in to reply to this topic.