ayrx / jnianalyzer Goto Github PK

View Code? Open in Web Editor NEW

289.0 9.0 26.0 16.13 MB

Analysis scripts for Ghidra to work with Android NDK libraries.

Java 100.00%

reverse-engineering ghidra android

jnianalyzer's Introduction

JNIAnalyzer

This Ghidra extension contains various scripts that assists in analyzing Android NDK applications.

A Binary Ninja version of this plugin is also available

How to install the extension

Clone this repository (git clone https://github.com/Ayrx/JNIAnalyzer.git)
In the cloned repository folder, use the command gradle -PGHIDRA_INSTALL_DIR=<YOUR GHIDRA INSTALLATION DIRECTORY>; specifying your Ghidra installation directory
In Ghidra, at the Projects window, click File -> Install Extensions... and chose the .zip file present in the JNIAnalyzer/dist folder
Restart Ghidra

Scripts

JNIAnalyzer.java

This script uses the JADX decompiler to extract the function signature of all native methods in an APK file and applies the signature to all matching fnuctions in the binary.

Running the JNIAnalyzer.java extension script will overwrite any function return types, parameter names and parameter types that was already in place. If you want the script to skip a specific function, annotate it with JNIAnalyzer:IGNORE in the comment.

Write-up: Ghidra Plugin: JNIAnalyzer

TraceRegisterNatives.java

This script parses the output of trace_registernatives applies the results to the Ghidra project.

Write up coming soon.

RegisterNatives.java (Experimental)

This script looks for calls to RegisterNatives within a function and sets the JNINativeMethod structure type in the appropriate locations within the binary. Ghidra's P-Code API is used to find references to RegisterNatives as the function is usually resolved at runtime.

This script is currently very much experimental / use at your own risk.

jnianalyzer's People

Contributors

Stargazers

Watchers

jnianalyzer's Issues

Instruction on how to build

Hi,

I am having issues building. I have correctly specifed the GHIDRA_INSTALL_DIR which points to a ghidra_9.0.4 directory. I then run the gradle build task from the JNIAnalyzer directory but I am not able to see any compiled plugin.

Could someone please give me direction to get this project compiled and loaded into ghidra

JNIAnalayzer.java - Uncaught Exception: java.lang.ExceptionInInitializerError

tried to load with an apk then error occurs:
this is the trace

`java.lang.ExceptionInInitializerError
at jadx.core.dex.instructions.InsnDecoder.invoke(InsnDecoder.java:678)
at jadx.core.dex.instructions.InsnDecoder.decode(InsnDecoder.java:533)
at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:77)
at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:124)
at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:249)
at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:255)
at jadx.core.ProcessClass.process(ProcessClass.java:27)
at jadx.api.JadxDecompiler.processClass(JadxDecompiler.java:311)
at jadx.api.JavaClass.decompile(JavaClass.java:62)
at jadx.api.JavaClass.getMethods(JavaClass.java:249)
at me.ayrx.jnianalyzer.ParseJNIMethods.parse(ParseJNIMethods.java:24)
at JNIAnalyzer.run(JNIAnalyzer.java:41)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:395)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:250)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:228)
at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:47)
at ghidra.util.task.Task.monitoredRun(Task.java:134)
at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1589)
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field private transient java.util.NavigableMap java.util.TreeSet.m accessible: module java.base does not "opens java.util" to unnamed module @2e6c14d2
at java.base/java.lang.reflect.AccessibleObject.throwInaccessibleObjectException(AccessibleObject.java:387)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:363)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:311)
at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:180)
at java.base/java.lang.reflect.Field.setAccessible(Field.java:174)
at com.rits.cloning.Cloner.addAll(Cloner.java:563)
at com.rits.cloning.Cloner.allFields(Cloner.java:577)
at com.rits.cloning.Cloner.registerStaticFields(Cloner.java:209)
at com.rits.cloning.Cloner.registerKnownConstants(Cloner.java:190)
at com.rits.cloning.Cloner.init(Cloner.java:85)
at com.rits.cloning.Cloner.(Cloner.java:56)
at jadx.core.dex.nodes.InsnNode.(InsnNode.java:30)
... 21 more

Build Date: 2022-Nov-01 1334 EDT
Ghidra Version: 10.2
Java Home: C:\Program Files\Java\jdk-19
JVM Version: Oracle Corporation 19.0.1
OS: Windows 11 10.0 amd64
Workstation: mm
`

please help with a fix to this exceptions

Batch import .so files failed

int org.objectweb.asm.MethodWriter.getSize()'
java.lang.NoSuchMethodError: 'int org.objectweb.asm.MethodWriter.getSize()'
	at org.objectweb.asm.AsmBridge.sizeOfMethodWriter(AsmBridge.java:28)
	at com.googlecode.d2j.dex.ExDex2Asm.convertCode(ExDex2Asm.java:55)
	at com.googlecode.d2j.dex.Dex2Asm.convertMethod(Dex2Asm.java:509)
	at com.googlecode.d2j.dex.Dex2Asm.convertClass(Dex2Asm.java:406)
	at com.googlecode.d2j.dex.Dex2Asm.convertDex(Dex2Asm.java:422)
	at ghidra.file.formats.android.dex.DexToJarFileSystem.lambda$getJarFile$1(DexToJarFileSystem.java:139)
	at ghidra.formats.gfilesystem.FileSystemService.getDerivedByteProviderPush(FileSystemService.java:487)
	at ghidra.file.formats.android.dex.DexToJarFileSystem.getJarFile(DexToJarFileSystem.java:83)
	at ghidra.file.formats.android.dex.DexToJarFileSystem.open(DexToJarFileSystem.java:156)
	at ghidra.formats.gfilesystem.factory.GFileSystemBaseFactory.create(GFileSystemBaseFactory.java:91)
	at ghidra.formats.gfilesystem.factory.GFileSystemBaseFactory.create(GFileSystemBaseFactory.java:40)
	at ghidra.formats.gfilesystem.factory.FileSystemFactoryMgr.mountUsingFactory(FileSystemFactoryMgr.java:176)
	at ghidra.formats.gfilesystem.factory.FileSystemFactoryMgr.probe(FileSystemFactoryMgr.java:337)
	at ghidra.formats.gfilesystem.FileSystemService.probeFileForFilesystem(FileSystemService.java:731)
	at ghidra.formats.gfilesystem.FileSystemService.probeFileForFilesystem(FileSystemService.java:682)
	at ghidra.plugins.importer.batch.BatchInfo.processAsFS(BatchInfo.java:303)
	at ghidra.plugins.importer.batch.BatchInfo.doAddFile(BatchInfo.java:229)
	at ghidra.plugins.importer.batch.BatchInfo.processFS(BatchInfo.java:350)
	at ghidra.plugins.importer.batch.BatchInfo.processAsFS(BatchInfo.java:318)
	at ghidra.plugins.importer.batch.BatchInfo.doAddFile(BatchInfo.java:229)
	at ghidra.plugins.importer.batch.BatchInfo.processFS(BatchInfo.java:350)
	at ghidra.plugins.importer.batch.BatchInfo.doAddFile(BatchInfo.java:225)
	at ghidra.plugins.importer.batch.BatchInfo.addFile(BatchInfo.java:197)
	at ghidra.plugins.importer.batch.BatchInfo.doAddFiles(BatchInfo.java:503)
	at ghidra.plugins.importer.batch.BatchInfo$AddFilesRunnable.monitoredRun(BatchInfo.java:542)
	at ghidra.util.task.TaskBuilder$TaskBuilderTask.run(TaskBuilder.java:306)
	at ghidra.util.task.Task.monitoredRun(Task.java:134)
	at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)

JNIAnalyzer NPE

Getting this Exception when trying to run your extension:

Successfully compiled: JNIAnalyzer.java
JNIAnalyzer.java> Running...
JNIAnalyzer.java> [+] Import jni_all.h...
> Error running script: JNIAnalyzer.java
java.lang.NullPointerException
	at JNIAnalyzer.getDataTypeManageFromArchiveFile(JNIAnalyzer.java:144)
	at JNIAnalyzer.run(JNIAnalyzer.java:53)
	at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:370)
	at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:222)
	at ghidra.app.script.GhidraScript.execute(GhidraScript.java:200)
	at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:57)
	at ghidra.util.task.Task.monitoredRun(Task.java:128)
	at ghidra.util.task.TaskLauncher.lambda$startBackgroundThread$2(TaskLauncher.java:315)
	at java.base/java.lang.Thread.run(Thread.java:835)

I copied the JNI ANalyzer folder into my Extensions folder and enabled it.

method compile() not found

FAILURE: Build failed with an exception.

* Where:
Script '/opt/ghidra/support/buildExtension.gradle' line: 51

* What went wrong:
A problem occurred evaluating script.
> Could not find method compile() for arguments [directory 'lib'] on object of type org.gradle.api.internal.artifacts.dsl.dependencies.DefaultDependencyHandler.

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 3s

JNIAnalyzer: Handle overloaded native methods and unicode names

The JNIAnalyzer script currently does not handle overloaded native methods or methods with unicode in the name.

We should rewrite that part and account for the name mangling described in https://docs.oracle.com/javase/7/docs/technotes/guides/jni/spec/design.html#wp615.

NPE After Select APK

trying to invoke the script after selecting APK it throws NPE

Cannot invoke "ghidra.program.model.listing.Program.getListing()" because "this.currentProgram" is null
java.lang.NullPointerException: Cannot invoke "ghidra.program.model.listing.Program.getListing()" because "this.currentProgram" is null
at ghidra.program.flatapi.FlatProgramAPI.getFirstFunction(FlatProgramAPI.java:1155)
at JNIAnalyzer.run(JNIAnalyzer.java:49)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:395)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:250)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:228)
at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:47)
at ghidra.util.task.Task.monitoredRun(Task.java:134)
at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

Build Date: 2023-Feb-08 1242 EST
Ghidra Version: 10.2.3
Java Home: /usr/lib/jvm/java-17-openjdk-amd64
JVM Version: Private Build 17.0.5
OS: Linux 5.15.0-60-generic amd64

class file has wrong version 58.0, should be 55.0

Got the following when running the script in ghidra 9.1.2

JNIAnalyzer.java:24: error: cannot access JNIUtils
import me.ayrx.jnianalyzer.JNIUtils;
                          ^
  bad class file: ghidra_9.1.2_PUBLIC_20200212\ghidra_9.1.2_PUBLIC\Ghidra\Extensions\JNIAnalyzer\lib\JNIAnalyzer.jar(/me/ayrx/jnianalyzer/JNIUtils.class)
    class file has wrong version 58.0, should be 55.0
    Please remove or make sure it appears in the correct subdirectory of the classpath.
JNIAnalyzer.java:25: error: cannot access MethodInformation
import me.ayrx.jnianalyzer.MethodInformation;

Attaching the built extension.

ghidra_9.1.2_PUBLIC_20200727_JNIAnalyzer.zip

NoSuchMethodError: com.google.gson.JsonParser.parseReader

At some point recently I started getting this error in ghidra when I tried to do autoanalyze. I didn't initially assume it had anything to do with this plugin, so I went ahead and upgraded Ghidra (thinking maybe that would fix things) and then after seeing things working, went to reinstall my extensions. As soon as I installed this one I started seeing this error again. It is definitely somehow tied to this extension: if I uninstall the extension the error goes away and if I reinstall it, the error comes back.

'com.google.gson.JsonElement com.google.gson.JsonParser.parseReader(java.io.Reader)'
java.lang.NoSuchMethodError: 'com.google.gson.JsonElement com.google.gson.JsonParser.parseReader(java.io.Reader)'
	at ghidra.framework.options.SaveState.readJsonFile(SaveState.java:91)
	at ghidra.framework.options.FileOptions.loadFromFile(FileOptions.java:66)
	at ghidra.framework.options.FileOptions.<init>(FileOptions.java:38)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.readSavedOptions(AnalysisPanel.java:837)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.getSavedOptionsObjects(AnalysisPanel.java:826)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.loadPossibleOptionsChoicesForComboBox(AnalysisPanel.java:792)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.buildOptionsComboBoxPanel(AnalysisPanel.java:223)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.buildControlPanel(AnalysisPanel.java:286)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.buildLeftPanel(AnalysisPanel.java:268)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.buildMainPanel(AnalysisPanel.java:209)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.build(AnalysisPanel.java:201)
	at ghidra.app.plugin.core.analysis.AnalysisPanel.<init>(AnalysisPanel.java:135)
	at ghidra.app.plugin.core.analysis.AnalysisOptionsDialog.<init>(AnalysisOptionsDialog.java:58)
	at ghidra.app.plugin.core.analysis.AnalysisOptionsDialog.<init>(AnalysisOptionsDialog.java:47)
	at ghidra.app.plugin.core.analysis.AutoAnalysisPlugin.showOptionsDialog(AutoAnalysisPlugin.java:291)
	at ghidra.app.plugin.core.analysis.AutoAnalysisPlugin.analyzeCallback(AutoAnalysisPlugin.java:183)
	at ghidra.app.plugin.core.analysis.AutoAnalysisPlugin.analyzeCallback(AutoAnalysisPlugin.java:148)
	at docking.action.builder.ActionBuilder$1.actionPerformed(ActionBuilder.java:48)
	at docking.DockingActionProxy.actionPerformed(DockingActionProxy.java:47)
	at docking.MenuBarMenuHandler.lambda$processMenuAction$0(MenuBarMenuHandler.java:64)
	at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:771)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:741)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

---------------------------------------------------
Build Date: 2023-Jun-14 1629 EDT
Ghidra Version: 10.3.1
Java Home: /opt/homebrew/Cellar/openjdk@17/17.0.7/libexec/openjdk.jdk/Contents/Home
JVM Version: Homebrew 17.0.7
OS: Mac OS X 13.3.1 aarch64

.

module java.base does not "opens java.util" to unnamed module

I met this error while running JNIAnalyzer.java. Google said I need to run java with --add-opens java.base/java.util=ALL-UNNAMED like this:

java --add-opens java.base/java.util=ALL-UNNAMED TestReflect.java

Is there a way to run with given arguments in ghidra's Script Manager? Or could you please update source codes and fix the error?

detail:

java.lang.ExceptionInInitializerError
	at jadx.core.dex.instructions.InsnDecoder.invoke(InsnDecoder.java:678)
	at jadx.core.dex.instructions.InsnDecoder.decode(InsnDecoder.java:533)
	at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:77)
	at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:124)
	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:249)
	at jadx.core.ProcessClass.process(ProcessClass.java:27)
	at jadx.api.JadxDecompiler.processClass(JadxDecompiler.java:311)
	at jadx.api.JavaClass.decompile(JavaClass.java:62)
	at jadx.api.JavaClass.getMethods(JavaClass.java:249)
	at me.ayrx.jnianalyzer.ParseJNIMethods.parse(ParseJNIMethods.java:24)
	at JNIAnalyzer.run(JNIAnalyzer.java:41)
	at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:395)
	at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:250)
	at ghidra.app.script.GhidraScript.execute(GhidraScript.java:228)
	at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:47)
	at ghidra.util.task.Task.monitoredRun(Task.java:134)
	at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:106)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1589)
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field private transient java.util.NavigableMap java.util.TreeSet.m accessible: module java.base does not "opens java.util" to unnamed module @b7d5b91
	at java.base/java.lang.reflect.AccessibleObject.throwInaccessibleObjectException(AccessibleObject.java:387)
	at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:363)
	at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:311)
	at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:180)
	at java.base/java.lang.reflect.Field.setAccessible(Field.java:174)
	at com.rits.cloning.Cloner.addAll(Cloner.java:563)
	at com.rits.cloning.Cloner.allFields(Cloner.java:577)
	at com.rits.cloning.Cloner.registerStaticFields(Cloner.java:209)
	at com.rits.cloning.Cloner.registerKnownConstants(Cloner.java:190)
	at com.rits.cloning.Cloner.init(Cloner.java:85)
	at com.rits.cloning.Cloner.<init>(Cloner.java:56)
	at jadx.core.dex.nodes.InsnNode.<clinit>(InsnNode.java:30)
	... 20 more

---------------------------------------------------
Build Date: 2022-Nov-12 2231 CET
Ghidra Version: 10.2.1
Java Home: /usr/lib/jvm/java-19-openjdk
JVM Version: N/A 19.0.1
OS: Linux 5.19.17-2-MANJARO amd64

java-17-openjdk also has this error. It is said that it will report an error in versions above java8.

java.lang.OutOfMemoryError

Java heap space
java.lang.OutOfMemoryError: Java heap space
at java.base/java.util.LinkedList.linkLast(LinkedList.java:146)
at java.base/java.util.LinkedList.add(LinkedList.java:342)
at jadx.core.dex.nodes.parser.SignatureParser.consumeMethodArgs(SignatureParser.java:277)
at jadx.core.dex.nodes.MethodNode.parseSignature(MethodNode.java:177)
at jadx.core.dex.nodes.MethodNode.initMethodTypes(MethodNode.java:164)
at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:113)
at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:249)
at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:255)
at jadx.core.ProcessClass.process(ProcessClass.java:27)
at jadx.core.ProcessClass.lambda$processDependencies$0(ProcessClass.java:49)
at jadx.core.ProcessClass$$Lambda$846/0x0000000840d6d040.accept(Unknown Source)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
at jadx.core.ProcessClass.processDependencies(ProcessClass.java:49)
at jadx.core.ProcessClass.process(ProcessClass.java:35)
at jadx.api.JadxDecompiler.processClass(JadxDecompiler.java:311)
at jadx.api.JavaClass.decompile(JavaClass.java:62)
at jadx.api.JavaClass.getMethods(JavaClass.java:249)
at me.ayrx.jnianalyzer.ParseJNIMethods.parse(ParseJNIMethods.java:24)
at JNIAnalyzer.run(JNIAnalyzer.java:41)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:379)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:234)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:212)
at ghidra.app.plugin.core.script.RunScriptTask.run(RunScriptTask.java:47)
at ghidra.util.task.Task.monitoredRun(Task.java:124)
at ghidra.util.task.TaskRunner.lambda$startTaskThread$0(TaskRunner.java:104)
at ghidra.util.task.TaskRunner$$Lambda$354/0x00000008406dc440.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)

Build Date: 2021-Apr-27 1144 EDT
Ghidra Version: 9.2.4
Java Home: /usr/lib/jvm/java-11-openjdk-amd64
JVM Version: Ubuntu 11.0.11
OS: Linux 5.11.0-22-generic amd64
Workstation: robin-VirtualBox

Install Error

I tried to install the plugin for several days in a row but kept getting a compilation error. But I managed to do it, I used the following settings

Android Studio Electric Eel | 2022.1.1 RC 3
Ghidra Version: 11.0
Java Home Version: Oracle OpenJDK 17.0.9 C:/Pram Files/Java/jdk-17
Gradle Version: 7.3
OS: Windows x64

BUILD SUCCESSFUL in 1m 9s

incompatible with ghidra

Hello, when I built the plugin and installed I got this error. How do I fix it? Thanks.

How to find functions loaded at runtime through RegisterNatives

At the end of your article, you mentioned:

As the script assumes that all JNI functions have names that begin with Java_, it will miss functions that are loaded at runtime through RegisterNatives unless you first rename those functions to fit the expected naming convention.

I am using the plugin in Ghidra (very nice by the way), and I've already imported the JNI data types from jni_all.gdt.

Unfortunately, JNIAnalyzer does not find anything in the APK Shared Object lib I'm reversing. When I run nm --dynamic on the shared object I only see T JNI_OnLoad. This binary has clearly been stripped, and is using obfuscation to thwart reversing.

My question is - How can I go about identifying the Native JNI functions in the shared object that correlate to the native functions I've identified in the APK? These functions clearly do not start with Java_, so the linker must be finding them somehow.

Thank you

Provide compiled plugin

Hi, just wanted to ask for a compiled plugin. gradle and fedora don't get along :(