Skip to content

Find JNI function signatures in APK and apply to reverse-engineering tools.

Notifications You must be signed in to change notification settings

evilpan/jni_helper

Repository files navigation

JNI Helper

CI

Find JNI function signatures in APK and apply to reverse tools.

Basic Usage

  1. Use extract_jni.py to generate signature.json
  2. Load signature.json into Ghidra/IDA/BinaryNinja

extract_jni.py

Install dependences:

pip3 install -r requirements.txt

Usage:

$ ./extract_jni.py -h
usage: extract_jni.py [-h] [-j WORKERS] [-o OUTFILE] apk

positional arguments:
  apk         /path/to/apk

optional arguments:
  -h, --help  show this help message and exit
  -j WORKERS  parse apk with multiple workers(processes) (default: 8)
  -o OUTFILE  save JNI methods as formatted json file (default: stdout)

Example:

./extract_jni.py app-debug.apk -o signature.json

extract

Ghidra Plugin

See Ghidra.

Before After
g1 g2

IDA Plugin

See IDA.

Before After
i1 i2

Binary Ninja Plugin

see Binary Ninja.

Type Image
Before b2
After b4

Radare2 Plugin

WIP, see Radare2

Demo

Tested with demo APK.

cd demo_apk
./gradlew assembleDebug

TODO

  • support both C/C++ JNI functions
  • support overloaded JNI functions
  • remove Jadx dependence, all in Python
  • Add BinaryNinja plugin
  • support env->RegisterNatives JNI functions

LINKS