{"id":161,"date":"2013-07-27T14:51:49","date_gmt":"2013-07-27T22:51:49","guid":{"rendered":"http:\/\/www.android-decompiler.com\/blog\/?p=161"},"modified":"2018-12-19T13:43:22","modified_gmt":"2018-12-19T21:43:22","slug":"jeb-1-3-how-to-sign-and-match-third-party-library-code","status":"publish","type":"post","link":"https:\/\/www.pnfsoftware.com\/blog\/jeb-1-3-how-to-sign-and-match-third-party-library-code\/","title":{"rendered":"JEB 1.3: How to Sign and Match Third-Party Library Code"},"content":{"rendered":"

JEB 1.3 ships with two plugins that allow users to create signatures<\/span> for library code, and\u00a0apply signatures<\/span> onto DEX files. (Note: we are not<\/strong> talking about digital signatures<\/em> here, but rather, binary strings that are used to identify a method<\/em> or body of code.)<\/p>\n

Combined with the new navigation bar<\/strong>, portions of a DEX file that contain third-party frameworks (such as those ubiquitous ad libraries) or already analyzed code, can be easily identified: such areas will be marked using a light-green color in the navigation bar.<\/p>\n

Applying signatures<\/h2>\n

In practice, applying signatures is extremely easy:<\/p>\n

1- Load the file in JEB: as can be seen below, the navigation bar is mostly blue<\/strong>, which means no library code has been spotted yet. (Note: The orange marks identify public\u00a0constant fields\u00a0– public static final.)<\/p>\n

\"1\"<\/a><\/p>\n

2- Fire up the Library Recognition<\/strong> plugin. (Menu:\u00a0Action \/ Custom Action \/ Library Recognition.<\/em>)<\/p>\n

\"2\"<\/a><\/p>\n

3- By default, the plugin looks for library signature files (*.sig<\/em> extension) stored in the “sigs”<\/strong> sub-directory.<\/p>\n

4- The signatures are applied where they can be applied, and the results are visible both in the navigation bar (the light-green <\/strong>portions) and the console window. Here, many Google AdMob routines were recognized; it appears they make up for more than half of the entire DEX file.<\/p>\n

\"3\"<\/a><\/p>\n

Close examination of the navigation bar shows that it is divided into two parts:<\/p>\n