Reverse Engineering Asked by Pervy Sage on January 20, 2021
I know how to reverse engineer normal android APKs using tools like APK-tool anddex2jar but i don’t know how to work with obfuscation. Can anyone help or atleast provide some pointers? I know this largely constitues learning by myself but I really don’t know what to look or where to look. Some examples would be really helpful. Thanks!
Edit:
When I extract everything from APK, I get some SMALI files (I tried JD-GUI but the strings contained random names. Probably obfuscated using Proguard.), some resource files and a “.so” files in the lib directory. How do I analyze the “.so” file. I know that SO files are, kind of DLLs of the Linux world but what are the tools that can be used to analyze SO files. Any links to videos would be very helpful. 🙂
Also, how would I get around if there were a JAR file instead of SO file in the APK?
The .so file is a compiled library, in most cases from C or C++ source code. .so stands for Shared Object, it doesn't have anything to do with obfusation, it just means someone wrote parts of the app in C.
In some cases, there is existing C code and it's just easier for the programmer to build a JNI interface to call the library from java; in other cases, the programmer wants the speed advantage that compiled C has over java. And of course, if i want to hide how some part of my application works, writing that in C and compiling it to a .so makes it much harder to reverse.
If you want to reverse an android .so, these are the options you have:
Beware, though, in all of these cases, you need a thorough understanding of the ARM processor architecture, assembler language, JNI conventions, and compiler ABI to make any sense of the disassembly. Prepare for many long nights if you're unexperienced.
Correct answer by Guntram Blohm on January 20, 2021
You can also try a dynamic approach by hooking APIs and observing arguments and return values. This will allow you to look at data going into crypto APIs, which may help a lot when dealing with network protocols. Check out the Frida instrumentation toolkit for an open source cross-platform solution (Android, iOS, Windows, Mac and Linux). There's a tutorial showing how to build an interactive instrumentation tool in a few minutes, which injects code into the “Yo” app on iOS and plots network connections using Google Maps.
Answered by Ole André Vadla Ravnås on January 20, 2021
Besides Guntram's suggestions, check out the retargetable decompiler aka retdec. It can decompile the binary to Python or C code. At least for me, it reads easier than pure assembly (and it works for ARM binaries).
It works very well for sketching you the rough workings of the shared object.
A plugin for select IDA versions exists, but the main limitation is that it doesn't support 64-bit code.
Answered by Cedric VB on January 20, 2021
Use android-ndk, https://developer.android.com/ndk/downloads/index.html.
You can use the toolchains inside the ndk to perform the type of disassembling you want to. For e.g. if I decompile an apk and get a .so library out of it, I will do :
./android-ndk-r15b/toolchains/arm-linux-androideabi-4.9/prebuilt/darwin-x86_64/bin/arm-linux-androideabi-objdump -T "SAMPLE.so | less
To get an objdump
.
Answered by Shailesh Mota on January 20, 2021
You can also try the Snowman tool: https://derevenets.com/.
Snowman is a native code to C/C++ decompiler
It supports ARM, x86, and x86-64 architectures as specified on their website.
Answered by Adrian Paul on January 20, 2021
You can also reverse-engineer APK files directly on an android device.
(Disclaimer: I 'm the developer)
Disassemble ANY files including android shared libraries (aka .so files) (NDK, JNI), windows PE files(EXE, DLLs, SYSs, etc..), linux executables, object files, ANY files you want like pictures, audios, etc(for fun) entirely on Android. Capstone-based disassembler application on android.
Disassemble
button!This app used - Capstone - Storage-Chooser - Colorpickerview - Java-binutils - PECOFF4J.
https://reverseengineering.stackexchange.com/a/20124/23870
Answered by KYHSGeekCode on January 20, 2021
According to this blog post, GikDbg seems like an Ollydbg mod to debug native Android libraries.
Unfortunatly, the website of GikDbg doesn't exist anymore.
Answered by Sam on January 20, 2021
you can try the ghidra ,Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. link:https://github.com/NationalSecurityAgency/ghidra
Answered by 梁赛飞 on January 20, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP