im reverse engineering a app (with the permission of the dev) and im still new to this but is it possible to get the name of the native function thats calling a java method? and in which library?? i know for sure the native functions are being called yet if i try to intercept the library using frida i get a error saying that frida cant find the library i decompiled the apk using jd-gui and i couldnt find the library in the libs folder i tried to intercept the System.loadLibrary() but the app crashes with invalid address error yet i did find a library being loaded by the app if i enumertae loaded modules using frida i dont find that library name and its also not found in the libs folder is there a way to specify a native library path in java? and how can the app load librarys yet frida cant see them??
how to find the native c++ function who called a java method in a android app and in which library?
1.4k views Asked by ahmed mani At
2
There are 2 answers
2
emandt
On
If I understood well you want to find native function name that is called BY Java?
- list all calls to System.loadLibrary() to detect all libraries
- using IDA Pro (or one of its alternatives here: https://reverseengineering.stackexchange.com/questions/1817/is-there-any-disassembler-to-rival-ida-pro) check for all methods starting with "Java_...."
The theory behind this is that all native methods should start with "Java_" and continue by the rest of package name.
For example:
Java_com_foobar_main_test(...);
rapresents a method "test()" in packagename "com.foobar" and classfile "main". Overloaded methods could have their signature after the method name like:
Java_com_foobar_main_test__Ljava_lang_String_I(..., jstring text, jint integer);
but the concept remains the same as before.
If you want to know which Java method is called by a specific native method, then you have to find "GetMethodID(..)" or "GetStaticMethodID(..)" from native code and check the string as 3rd argument: it's the name of Java method.
Related Questions in JAVA
- I need the BIRT.war that is compatible with Java 17 and Tomcat 10
- Creating global Class holder
- No method found for class java.lang.String in Kafka
- Issue edit a jtable with a pictures
- getting error when trying to launch kotlin jar file that use supabase "java.lang.NoClassDefFoundError"
- Does the && (logical AND) operator have a higher precedence than || (logical OR) operator in Java?
- Mixed color rendering in a JTable
- HTTPS configuration in Spring Boot, server returning timeout
- How to use Layout to create textfields which dont increase in size?
- Function for making the code wait in javafx
- How to create beans of the same class for multiple template parameters in Spring
- How could you print a specific String from an array with the values of an array from a double array on the same line, using iteration to print all?
- org.telegram.telegrambots.meta.exceptions.TelegramApiException: Bot token and username can't be empty
- Accessing Secret Variables in Classic Pipelines through Java app in Azure DevOps
- Postgres && statement Error in Mybatis Mapper?
Related Questions in ANDROID
- Creating global Class holder
- Flutter + Dart: Editing name of a tab shows up a black screen
- android-pdf-viewer Received status code 401 from server: Unauthorized
- Sdk 34 WRITE_EXTERNAL_STORAGE not working
- ussd reader in Recket Native module
- Incorrect display of LinearGradientBrush in IOS
- The Binary Version Of its metadata is 1.8.0, expected Version is 1.6.0 build error
- I can't make TextInput to auto expand properly in Android
- Creating multiple instances of a class with different initializing values in Flutter
- How to create a lottie animation
- making android analyze with coverity sast tool
- Flutter plugin development android src not opening after opening example
- I initialize my ViewModel in the Activity with several fragments as tabs, but the fragments(tabs) return null for the updated livedata
- Node.js Server + Socket.IO + Android Mobile Applicatoin XHR Polling Error...?
- How I can use the shared preferences class?
Related Questions in REVERSE-ENGINEERING
- How to find a sequence of bytes on the target program from my injected dll?
- Reversing and vtable swapping in dxgi.dll
- How to know Vector3 Position in Unity Mono Game
- Extracting an archive created via Java RandomAccessFile with PHP
- How can I verbosely track the whole process of calling a function?
- How can I patch a function call to a Windows DLL (e.g. kernel32 LoadLibrary)? Is this even possible?
- Grab SSL pinning certificate using Frida on iOS
- Kaitai Struct: error accessing elements in _parent
- How to restore damaged (mp3?) file
- CGSRegionRef: How is an arbitrary region represented as union of rects?
- can a convolutional neural network be reverse engineered?
- Decode suspected timestamps
- Extract Note Text Format (Bold/Italic/Strikethrough) from iOS OTG Backup
- Reverse engineer LCD Protocol used in MPC2000XL
- Opening a serial port using a prebuilt .so library
Related Questions in FRIDA
- Grab SSL pinning certificate using Frida on iOS
- how to print method variables using frida
- frida read file from android device report error
- SSL Pinning bypass using retrofit
- Frida not hooking Android method, implmentation unchanged
- frida attach to android native process crash
- Frida il2cppbridge access violation when trying method Add or Insert at System.Collections.Generic.List`1 (List<int>)
- Unable to find JNI function with frida (android)
- how to call pointer function in Frida script
- frida load gadget config in android fail
- Hook function in arm library on arm64 process in Frida
- Function tracing using Frida Stalker on Android
- Issues installing frida with pip
- Frida problem unable to connect to remote frida-server: closed
- Frida how to rewrite OkHttp response body
Related Questions in JAVA-NATIVE-LIBRARY
- GrallVM native-image build error "java.lang.NoSuchMethodException: sun.invoke.util.ValueConversions.booleanToİnt(boolean)"
- How to convert jeprof output to human readable format?
- How do I configure jpackage to use native libraries on Linux
- How Use Native Library Existing (.a) and (.h) file to android?
- Force 64-Bit JDK/JRE to pick the 64-Bit library on Linux
- Xamarin Android Mapping field Java.Lang.Enum to C# Enum
- Use of Conscrypt library
- Load Android Native library with Java reflection
- How can I set java.library.path in gradlew installDist
- Is it possible to make a native in pure Java using python?
- JNI: SIGSEGV when calling native function from Java, after native registration of same function on library second opening
- spark.driver.extraLibraryPath override original library path
- how to find the native c++ function who called a java method in a android app and in which library?
- Can't find native libraries used by apk on my phone
- Mapping JNA Java to Native C Shared Library
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
my skills have advanced since this question so hopefully someone finds this helpful
sadly there is no way to get a java traceback using frida that includes C++ functions however there is better solutions but before that how is a java function get called from native layer?
first a method id of the java method is fetched using the jni function "GetMethodID" which returns a unique integer relative to the method then the methodid and the method javaobject which the method will called on is passed to one of these functions depending on the return value of the java method for example if the java returns void "callVoidMethod" will be called and so on
the idea here is to hook getmethodid and log the params as the method signature will be passed as string
second solution is to emulate the so library inside a android so emulator and to print the debug log there currently 2 emus capable of doing this