Exercise 5 and 6
Determine which method are actually loaded from the MediaCodec.apk shared libraries.
strings
Do we have interfaces matching the functions we know to be native?
int bspatch(String str, String str2, String str3).void m2054a(String s)
strings lib/x86/librrnad.so |grep "(Ljava/lang/String"
nm
Do we have dynamic linking? Let's look for methods following the known pattern.
nm –gD lib/x86/librrnad.so |grep java_, none is found.
Conclusion:
We have artefacts pointing to Java types.
We do not indicate Dynamic Linking.
ghidra
Open ghidra, create a new project and load a library.
Several interesting functions were discovered.
JNI_Load,registerNatives, registerNativeMethods,FUN_00011230, FUN_000270, FUN_11290, FUN_112b4,native_setAppKey
Coherent with Static Linking.
Explore the functions, exports, Classes, etc… lots of info.
Graph -> Block Flow from JNI_OnLoad.
Decompile JNI_OnLoad
Loading the jni_all.gdt, and retyping the variables, allows the resolution of symbols, such as the FindClass.
registerNatives
registerNativesregisterNativeMethods
registerNativeMethodsLast updated
