JNI

JNI Deobfuscation

Reversing the library

Ghidra / IDA Pro / radare2 and GL my friend!

Frida method

Using frida snippet like JADX and Frida.

Executing the functions from JNI in an Android app

Create a New Project on Android Studio

# Android Studio > New > New Project > Empty Views Activity

Copy all folders from resources/lib/* from the original to app/jniLibs/* in new project

Create a new Java class in AS "java" folder (including class name)

# App: io.hextree.weatherusa
# Class name: InternetUtil
io.hextree.weatherusa.InternetUtil

Check the logic of using the native library (this is the decompiler code)

package io.hextree.weatherusa;

[...]

public abstract class InternetUtil {
[...]
    httpURLConnection2.setRequestProperty("X-API-KEY", getKey("jhnef6d~efu?tjfus3tobunaa3tbdrun"));
[...]

    private static native String getKey(String str);
}

And make it usable on our class (java/io.hextree.weatherusa/InternetUtil.java)

package io.hextree.weatherusa;

public class InternetUtil {
    private static native String getKey(String str);

    public static String solve(){
        System.loadLibrary("native-lib");
        return getKey("jhnef6d~efu?tjfus3tobunaa3tbdrun");
    }
}

Finally, call to our new class from MainActivity (java/com.example.empty_for_pocs_java/MainActivity.java)

package com.example.empty_for_pocs_java;

import android.os.Bundle;
import android.widget.TextView;

import androidx.appcompat.app.AppCompatActivity;

import io.hextree.weatherusa.InternetUtil;

public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        TextView homeText = findViewById(R.id.home_text);
        homeText.setText(String.format("API: %s", InternetUtil.solve()));
    }
}

Set the homeText "id" in activity_main (res/layout/activity_main.xml)

<?xml version="1.0" encoding="utf-8"?>
<androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:app="http://schemas.android.com/apk/res-auto"
    xmlns:tools="http://schemas.android.com/tools"
    android:id="@+id/main"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    tools:context=".MainActivity">

    <TextView
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:text="Hello World!"
        android:id="@+id/home_text"
        app:layout_constraintBottom_toBottomOf="parent"
        app:layout_constraintEnd_toEndOf="parent"
        app:layout_constraintStart_toStartOf="parent"
        app:layout_constraintTop_toTopOf="parent"
        tools:visibility="visible" />

</androidx.constraintlayout.widget.ConstraintLayout>

References

Sugerencias de JNI | Android NDK | Android DevelopersAndroid Developers

Previousjadx Nextobjection

Last updated 1 year ago

hashtagJNI Deobfuscation

hashtagReversing the library

hashtagFrida method

hashtagExecuting the functions from JNI in an Android app

hashtagReferences

JNI Deobfuscation

Reversing the library

Frida method

Executing the functions from JNI in an Android app

References