Reputation: 311
how to find the native c++ function who called a java method in a android app and in which library?
im reverse engineering a app (with the permission of the dev) and im still new to this but is it possible to get the name of the native function thats calling a java method? and in which library?? i know for sure the native functions are being called yet if i try to intercept the library using frida i get a error saying that frida cant find the library i decompiled the apk using jd-gui and i couldnt find the library in the libs folder i tried to intercept the System.loadLibrary() but the app crashes with invalid address error yet i did find a library being loaded by the app if i enumertae loaded modules using frida i dont find that library name and its also not found in the libs folder is there a way to specify a native library path in java? and how can the app load librarys yet frida cant see them??
Upvotes: 0
Views: 1770
Answers (2)
Reputation: 311
my skills have advanced since this question so hopefully someone finds this helpful
sadly there is no way to get a java traceback using frida that includes C++ functions however there is better solutions but before that how is a java function get called from native layer?
first a method id of the java method is fetched using the jni function "GetMethodID" which returns a unique integer relative to the method
then the methodid and the method javaobject which the method will called on is passed to one of these functions depending on the return value of the java method for example if the java returns void "callVoidMethod" will be called and so on
the idea here is to hook getmethodid and log the params as the method signature will be passed as string
second solution is to emulate the so library inside a android so emulator and to print the debug log there currently 2 emus capable of doing this
Upvotes: 0
Reputation: 2706
If I understood well you want to find native function name that is called BY Java?
- list all calls to System.loadLibrary() to detect all libraries
- using IDA Pro (or one of its alternatives here: https://reverseengineering.stackexchange.com/questions/1817/is-there-any-disassembler-to-rival-ida-pro) check for all methods starting with "Java_...."
The theory behind this is that all native methods should start with "Java_" and continue by the rest of package name.
For example:
Java_com_foobar_main_test(...);
rapresents a method "test()" in packagename "com.foobar" and classfile "main". Overloaded methods could have their signature after the method name like:
Java_com_foobar_main_test__Ljava_lang_String_I(..., jstring text, jint integer);
but the concept remains the same as before.
If you want to know which Java method is called by a specific native method, then you have to find "GetMethodID(..)" or "GetStaticMethodID(..)" from native code and check the string as 3rd argument: it's the name of Java method.
Upvotes: 1
Related Questions
- Where can i find the source of an Android's method?
- Is it possible to locate function names from a C++ backtrace from Android app?
- Find manually registered (obfuscated) native function address
- How to trace execution path in native library on android?
- Android Tracing a Java API back to jni
- Is it possible to find the source for a Java native method?
- Find the functions in a JNI Shared Library?
- How to find source code of native java function call
- how to get stack trace c++ functions names in android
- Identify library file/Source that contains native method implementation