TransWikia.com

Use Android Shared library (.so) files in Linux

Reverse Engineering Asked by IrajTaghlidi on October 3, 2020

I decompiled an APK file,and that program have native codes in a .so file.

I want to use that .so file in Linux in order to use inline functions.
These codes have functions to connect to a server and perform encryption/decryption on the data transfered.

I decompiled that with IDA Pro too. Can I decompile and recompile ARM codes to a x64 CPU and run it in Linux ?

Or, do I need a light simulator to run that ARM *.so file ?

IDA Pro decompile the codes, I see the assembly functions but I’m not used to assembly, nor to reverse engineering. How to translates these functions to C or python functions ?

3 Answers

For decompile a APK file, you can use different tools(https://mobilesecuritywiki.com/). If you use python this is the best:

https://github.com/androguard/androguard or https://code.google.com/p/androguard/(see also this example: https://github.com/androguard/androguard/tree/master/demos)

You can decompile for ARM, but for test you should be use quemu (for ARM) or eclipse.

Answered by invictus85 on October 3, 2020

Have a look at NativeFunction API of frida. It helps you call any native function. With a little bit of reversing, you'll have something like

var func = new NativeFunction(Module.findExportByName('libxx.so', 'fun'), 'uint32', []);

Answered by sudhackar on October 3, 2020

First, extract the whole APK (it's a renamed ZIP) and check whether there's not a x86 version of the binary, in addition of the ARM. If there's none, you have a couple of options.

Both options assume that you have analyzed the binary using a tool such as IDA, Hex-Rays or Hopper and that you could identify the functions that you want to reach.


  • One quite common, but sometimes painful option is using libhybris, a thin wrapper around Android's custom libc (Bionic) calling conventions that will allow you to call functions from the reverse engineered JNI from a regular GCC or Clang-compiled GLIBC program. Tutorials for libhybris are not numerous, but you'll find a couple of open source projects on the Internet that rely on it and will serve as sample code.

    However, libhybris will emulate the calling conventions but not the architecture. You have a few options here, either running your part of the program on an ARM host - this could be the Android emulator, your smartphone, a cheap ARM VPS, a Raspberry Pi or something else - either using an emulator such as QEMU in user mode (that allows you to emulate a single ELF file in a chrooted environment without emulating a whole system). Also, you'll likely have to cross-compile your code.


  • Another option is using Unicorn engine, a library based on QEMU's code that allows you to emulate machine code on a foreign host in a way similar to using a debugger, by reading/writing registers, memory and setting breakpoints.

    Unicorn's API is pretty bare-metal: to use it, you parse the elf(5) structure yourself, then, you allocate and write the relevant sections of the binary yourself, you set the registers (PC for the target function, SP at a point with free space, R0, R1 and so forth for the arguments, LR at a point where you set a hook) and your start the emulator.You can find a few easy-to-understand examples here, in C and in Python.

Answered by Cécile Bertau on October 3, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP