{"id":874,"date":"2018-09-10T09:10:50","date_gmt":"2018-09-10T17:10:50","guid":{"rendered":"https:\/\/www.pnfsoftware.com\/blog\/?p=874"},"modified":"2018-12-19T13:33:01","modified_gmt":"2018-12-19T21:33:01","slug":"dynamic-jni-detection-plugin","status":"publish","type":"post","link":"https:\/\/www.pnfsoftware.com\/blog\/dynamic-jni-detection-plugin\/","title":{"rendered":"Dynamic JNI Detection Plugin"},"content":{"rendered":"

Update (Nov 29): the plugin was open-sourced on our GitHub repository<\/a>. JEB 3.0.7+ is required to load and run it.<\/em><\/p>\n

Java applications can call native methods stored in dynamic libraries via the Java Native Interface<\/em> (JNI) framework. Android apps can do the same: developers can use the NDK to write their own .so<\/em> library to use and distribute.<\/p>\n

In this post, we briefly present how the binding mechanisms work, allowing a piece of bytecode to invoke native code routines.<\/p>\n

Named Convention Method<\/h2>\n

The easiest way to call native method is as such:<\/p>\n

In Java, class com.example.hellojni.HelloJni<\/strong>:<\/p>\n

<\/p>\n

In C:<\/p>\n

<\/p>\n

The native method name adheres to the standard JNI naming convention<\/a>, allowing automatic resolution and binding.<\/p>\n

The corresponding Dalvik bytecode is:<\/p>\n

<\/p>\n

<\/p>\n

and here are the the corresponding ARM\u00a0instructions:<\/p>\n

<\/p>\n

JEB automatically binds those methods together, to allow easy debugging from bytecode to native code.<\/p>\n

However, there is another way to bind native code to Java.<\/p>\n

Dynamic JNI Method<\/h2>\n

One can decide to bind any function to Java without adhering to the naming convention, by using the JNIEnv->RegisterNatives<\/a> method.<\/p>\n

For example, the following line of code dynamically binds the Java method add(II)I to the native method add():<\/p>\n

<\/p>\n

Due to its dynamic nature, statically resolving those bindings can prove difficult in practice, e.g. if names were removed or mangled, or if the code is obfuscated. Therefore, not all calls to RegisterNatives may be found and\/or successfully processed.<\/p>\n

However, JEB 3.0-beta.2<\/em>\u00a0(to\u00a0 be released this week) ships with an EnginesPlugin<\/a> to heuristically detect – some of – these methods, and perform binding – and of course, you will also be able to debug into them.<\/p>\n

\"\"<\/a>
Execute the plugin via the File, Plugins menu<\/figcaption><\/figure>\n

Once run, it will :<\/p>\n