Android binary libraries
Last updated
Reverse Engineering
Last updated
The application contains DEX code and binary blobs.
One version for each architecture.
armeabi: ARM 32bits no Floating Point
mips: MIPS
x86: intel X86 32bits
Libraries export symbols to be used through JNI.
nm -gD lib/x86/librrnad.so | grep JNI
Before the binary libraries can be used, Java must load them.
System.loadLibrary: argument is the library name (without lib, architecture or .so).
System.load: generic object load. The argument is the full path to the object.
The JNI_OnLoad method is called automatically (in the lib).
Allows automatic setup of data structures and generic initialization.
May be abused if malware is present.
Without the library, the application will crash when external methods are requested.
Native methods support arguments from Java code.
Arguments are pointers to Java structures.
Must be processed using specific methods, capable of handling the native Java types.
Native methods can also be called Java methods and classes.
Mainly achieved by the first argument of any JNI method: JNIEnv*.
JNIEnv* is a pointer to a structure with a large number of functions.
JNI Methods use it to invoke Java methods and handle Java types.
In the Java world native methods are declared:
With the keyword native.
Without implementation.
Easy to spot if we have the Java or Smali code.
Java: public native String decryptString(String).
Smali: .method public native decryptString(Ljava/lang/String;)Ljava/lang/String
