Skip to content

A Ghidra script to aid reverse engineering of Android native (.so) libraries, by identifying dynamically registered functions within the Code Listing.

Notifications You must be signed in to change notification settings

LAripping/NativeEnrich

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Native Enrich

A Ghidra script to aid reverse engineering of Android native (.so) libraries, by identifying dynamically registered functions within the Code Listing. Read the accompanying blog post

This script can take you from this:

void FUN_00905b34 (undefined8 param_1, undefined8 param_2)

...to this:

jboolean handleOnClick (JNIEnv* env, jobject thiz, jobject a0, jobject a1, jint a2, jint a3)

How to install the extension

  1. Clone this repository

    $ git clone https://github.com/laripping/NativeEnrich.git && cd NativeEnrich
  2. Build the script, pointing Graddle to your Ghidra installation directory

    ...as our build.graddle is just a wrapper of Ghidra's bundled Extension compiler

    $ gradle -PGHIDRA_INSTALL_DIR=<YOUR GHIDRA INSTALLATION DIRECTORY>

    You should now have a sleek ZIP file in your dist/ directory

  3. Import the script in Ghidra from the Projects Window

    File > Install Extensions... > choose the ZIP file

  4. Restart Ghidra as prompted

ℹ️ The complete flow listed above is needed at least once to bundle the GSON library and populate the Java classes in Ghidra's directories. Further changes to the main file ghidra_scripts/NativeEnrich.java can then be made on the fly using Ghidra's Script Manager, and selecting the "Edit script with basic editor" button on the top right

About

A Ghidra script to aid reverse engineering of Android native (.so) libraries, by identifying dynamically registered functions within the Code Listing.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages