Notes - MCS
Reverse Engineering
Notes - MCS
Reverse Engineering
  • Reverse Engineering
  • Introduction to Reverse Engineering
    • What is Reverse Engineering (RE)
    • RE Concepts
    • When do we have RE activities?
    • Why RE is Relevant and Required
    • Limitations of RE
    • Legal Framework
    • What RE Recovers?
    • Software Reversing
    • Low-level languages
  • Files and Filetypes
    • Files
    • File extensions
    • File Signature
    • Content Type Obfuscation
  • Android – Static Analysis
    • Java Language
    • Application Entry Points
    • Application Structure
    • AndroidManifest.xml
    • Exercise 1
    • Exercise 2
    • Exercise 3
    • Exercise 4
    • Native Applications
    • Java Native Interface
    • Android Native Development Kit (NDK)
    • Android binary libraries
    • JNI Dynamic Linking
    • JNI Static Linking
    • Exercise 5 and 6
    • Web and Hybrid applications
  • Android – Dynamic Analysis
    • Dynamic Analysis
    • Logs
    • Network MiTM
    • Certificate Pinning
    • Dynamic Code Instrumentation
    • Dynamic Binary Instrumentation
    • FRIDA
  • Binary Analysis
    • Binary Objects
    • Executable Symbols
    • What is inside an Object File?
    • ELF Files
    • ELF Program Headers
    • Dynamic Linker
      • Example
    • Binary Analysis Process
    • Function detection
    • Calling Conventions
    • Common Logic Structures
    • C++ code
  • Emulation and Instrumentation
    • Dynamic Binary Analysis
    • Considerations
    • Processes
    • Dynamic Binary Instrumentation (DBI)
    • DBI with Qiling
  • Obfuscation Techniques
    • Obfuscation Techniques
    • Content Type Obfuscation
    • Code Obfuscation
  • Serial Communication
    • Comunicação paralelo
    • Comunicação série
    • Sincronização entre transmissor e recetor
    • Sincronização de relógio
    • Transmissão de dados
    • Topologias de comunicação série
    • Elementos de uma ligação série
  • A interface RS-232C
    • RS-232C
    • Estrutura da trama
    • Camada física
    • Taxa de transmissão (baudrate)
    • Receção de dados
    • Identificar parâmetros de comunicaçãoIdentificar parâmetros de comunicação
    • Encontrar a UART
    • Captura de sinais
  • Norma SPI
    • Introdução
    • Descrição geral
    • Operação
    • Simulação do master SPI
    • Arquiteturas de ligação
    • Tipos de transferências
    • Configuração de um master SPI
    • Procedimento para identificação dos sinais
    • Exemplo
  • Norma I2C
    • Introdução
    • Caraterísticas básicas
    • Exemplo de interligação num barramento I2C
    • Terminologia
    • Masters e Slaves
    • Sinalização
    • Endereçamento
    • Transferência de dados
    • Clock stretching
    • Múltiplos masters
    • Arbitragem
    • Endereços reservados
Powered by GitBook
On this page
  • Mediacode.apk
  • JNI Arguments
  1. Android – Static Analysis

Android binary libraries

Last updated 1 year ago

Mediacode.apk

The application contains DEX code and binary blobs.

One version for each architecture.

  • armeabi: ARM 32bits no Floating Point

  • mips: MIPS

  • x86: intel X86 32bits

Libraries export symbols to be used through JNI.

  • nm -gD lib/x86/librrnad.so | grep JNI

Before the binary libraries can be used, Java must load them.

  • System.loadLibrary: argument is the library name (without lib, architecture or .so).

  • System.load: generic object load. The argument is the full path to the object.

  • The JNI_OnLoad method is called automatically (in the lib).

    • Allows automatic setup of data structures and generic initialization.

    • May be abused if malware is present.

Without the library, the application will crash when external methods are requested.

JNI Arguments

Native methods support arguments from Java code.

  • Arguments are pointers to Java structures.

  • Must be processed using specific methods, capable of handling the native Java types.

Native methods can also be called Java methods and classes.

  • Mainly achieved by the first argument of any JNI method: JNIEnv*.

JNIEnv* is a pointer to a structure with a large number of functions.

  • JNI Methods use it to invoke Java methods and handle Java types.

In the Java world native methods are declared:

  • With the keyword native.

  • Without implementation.

Easy to spot if we have the Java or Smali code.

  • Java: public native String decryptString(String).

  • Smali: .method public native decryptString(Ljava/lang/String;)Ljava/lang/String