Anybody have experience reversing APK’s with Ghidra? – Digitalmunition




Home Forums Anybody have experience reversing APK’s with Ghidra?

This topic contains 1 reply, has 2 voices, and was last updated by  woodchipper2point0 1 month ago.

  • Author
    Posts
  • #260068

    anonymous
    Participant

    I have an app that imports 4 native libraries. The one im working on is called rt_main.so, do I have to load in all the other SO files in order to fully understand what the codes doing?

    Ive been looking everywhere to find out what this is doing, I dont know if I have to link the jni file or what?

    puVar1 = (undefined4 *)(**(code **)(*param_1 + 0x2ec))(param_1,param_4,0);

  • #260070

    woodchipper2point0

    You don’t really need to do that I think. Use apktool, and then dex2jar. Then use java decompiler to read the code pretty much line for line

  • #260075

    myk3h0nch0

    Any reason you couldn’t just use APKTool?

  • #260081

    tinycrazyfish

    What are you trying to achieve? Understand what it does? Start the higher level first, the JNI calls in your dex code. Their names often give interesting hints at what the native library does. Inspect the call parameters, you can also do it runtime, eg. With Frida. Once you have little understanding you may fire ghidra with the .so file. Look at the call graph and/or pseudo code starting from the JNI functions you already identified in dex classes.

You must be logged in to reply to this topic.