6

I decompiled an APK file,and that program have native codes in a .so file.

I want to use that .so file in Linux in order to use inline functions. These codes have functions to connect to a server and perform encryption/decryption on the data transfered.

I decompiled that with IDA Pro too. Can I decompile and recompile ARM codes to a x64 CPU and run it in Linux ?

Or, do I need a light simulator to run that ARM *.so file ?

IDA Pro decompile the codes, I see the assembly functions but I'm not used to assembly, nor to reverse engineering. How to translates these functions to C or python functions ?

Improve this question
3
  • You need an emulator. There is an ARM VM here - opensecuritytraining.info/IntroARM.html
    – Vitaly Osipov
    Commented May 14, 2015 at 23:38
  • You shouldn't use IDA anymore as Ghidra decompiles it a lot better to pure C code without any remainder in form of inline ARM and such. This enables you to recompile C code to x86-64 architecture or anything else you need. And there is no such language as x64, I don't know who started using this, the only language which exists is x86-64/IA64 which is just the same thing.
    – Danil
    Commented Aug 19, 2020 at 20:45
  • 1
    @Danil I converted your comment to a comment as it wasn't an answer. x64 is indeed a thing. In particular Microsoft was using that term for x86-64 early on as they supported AMD and Intel CPUs. Wikipedia even mentions x64. Oh and sorry to break it to you, but x86-64 and IA-64 are not the same thing ... and "IA64" is even less of a thing. x(86-)64 is a 64-bit extension of IA-32. So while your advice with Ghidra may be valid in general, that wasn't available in 2015 to the public either.
    – 0xC0000022L
    Commented Aug 20, 2020 at 15:11

3 Answers 3

Reset to default
6

First, extract the whole APK (it's a renamed ZIP) and check whether there's not a x86 version of the binary, in addition of the ARM. It will depend on the best option to choose.

The following options assume that you have analyzed the binary using a tool such as IDA, Hex-Rays or Hopper and that you could identify the functions that you want to reach.

If you need to emulate the calling conventions between a GLIB-based Linux system and a .so Android-targeted library, and that emulating the architecture is not a problem, for example because you have a x86 version of the library available in the APK:

  • One quite common, but sometimes painful option is using libhybris, a thin wrapper around Android's custom libc (Bionic) calling conventions that will allow you to call functions from the reverse engineered JNI from a regular GCC or Clang-compiled GLIBC program. Tutorials for libhybris are not numerous, but you'll find a couple of open source projects on the Internet that rely on it and will serve as sample code.

    However, libhybris will emulate the calling conventions but not the architecture.

If you need to emulate both the architecture and the Android ABIs:

  • You have a few options here, either running your part of the program on an ARM host - this could be the Android emulator, your smartphone, a cheap ARM VPS, a Raspberry Pi or something else - either using an emulator such as QEMU in user mode (that allows you to emulate a single ELF file in a chrooted environment without emulating a whole system). Also, you'll likely have to cross-compile your code.

If you need to emulate the architecture, the Android ABIs and you wish to have more control over the emulated binary at the expense of parsing the ELF/handling the memory layout with code yourself:

  • Another option is using Unicorn engine, a library based on QEMU's code that allows you to emulate machine code on a foreign host in a way similar to using a debugger, by reading/writing registers, memory and setting breakpoints.

    Unicorn's API is pretty bare-metal: to use it, you parse the elf(5) structure yourself, then, you allocate and write the relevant sections of the binary yourself, you set the registers (PC for the target function, SP at a point with free space, R0, R1 and so forth for the arguments, LR at a point where you set a hook) and your start the emulator.You can find a few easy-to-understand examples here, in C and in Python.

Improve this answer
0

For decompile a APK file, you can use different tools(https://mobilesecuritywiki.com/). If you use python this is the best:

https://github.com/androguard/androguard or https://code.google.com/p/androguard/(see also this example: https://github.com/androguard/androguard/tree/master/demos)

You can decompile for ARM, but for test you should be use quemu (for ARM) or eclipse.

Improve this answer
0

Have a look at NativeFunction API of frida. It helps you call any native function. With a little bit of reversing, you'll have something like

var func = new NativeFunction(Module.findExportByName('libxx.so', 'fun'), 'uint32', []);
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.