Android Dalvik, inside OAT, inside ELF

As a follow up to our last blog on Adobe PDF and Microsoft XLS plugins for JEB2, here is another example of deep analysis support in the case of nested artifacts, as is the case for Android pre-compiled native apps.

Those apps are run using ART, the newest Android Runtime. They are native Linux ELF .so files, embedding a custom Android OAT file, which in turns contains one or more Dalvik DEX bytecode files. See the pictures below for an example:

jeb2-elf-oat-1 jeb2-elf-oat-2

 

The ELF and OAT plugins will be open sourced.

Stay tuned for more news within the next few days!

 

JEB2 plugins for document formats

As explained in our June 18 blog, JEB2 architecture and back-end API allows the development of third-party code: Plugins such as disassemblers, decompilers, parsers, or else, can be easily integrated to provide analysis capability for virtually any type of data.

We have been working on proof-of-concepts plugins for various file formats internally, such as:

An Adobe PDF file format plugin. The plugin provides deep PDF view and navigation, anomaly detection, binary correspondence, and more. Coupled with other JEB2 analysis plugins (such as a JavaScript beautifier plugin), that makes for a powerful PDF reverse-engineering tool:

jeb2-pdf-2 jeb2-pdf-1

jeb2-pdf-0

A Microsoft Compound File / OLE file, for various document types, such as Excel in the pictures below:

jeb2-ole-4 jeb2-ole-1

 

jeb2-ole-3 jeb2-ole-2

We also have plugins for ELF object files, MIPS machine code, Android OAT resource extraction, ETC1 image reconstruction, etc.

Plugins can work on several types of input, including the output of other plugins, for recursive and deep analysis in artifact data. We are planning to open up the back-end API shortly after the full versions release, which will happen in mid July.

Some of those plugins will be open-source, we hope they provide  great tutorials and insights into plugins writing for the JEB2 back-end API.