Awesome

JNI Helper

Find JNI function signatures in APK and apply to reverse tools.

Basic Usage

1. Use extract_jni.py to generate signature.json
2. Load signature.json into Ghidra/IDA/Radare2

extract_jni.py

Install dependences:

pip3 install -r requirements.txt

Usage:

$ ./extract_jni.py -h
usage: extract_jni.py [-h] [-j WORKERS] [-o OUTFILE] apk

positional arguments:
  apk         /path/to/apk

optional arguments:
  -h, --help  show this help message and exit
  -j WORKERS  parse apk with multiple workers(processes) (default: 8)
  -o OUTFILE  save JNI methods as formatted json file (default: stdout)

Ghidra Plugin

See Ghidra.

Before	After

IDA Plugin

See IDA.

Before	After

Radare2 Plugin

WIP, see Radare2

Demo

Tested with demo APK.

cd demo_apk
./gradlew assembleDebug

TODO

• support both C/C++ JNI functions
• support overloaded JNI functions
• remove Jadx dependence, all in Python
• support env->RegisterNatives JNI functions
• Add BinaryNinja plugin

LINKS

• android native-libraries
• 安卓逆向之自动化JNI静态分析