r2frida icon indicating copy to clipboard operation
r2frida copied to clipboard
verified publisher icon nowsecure

[Quesion] I want to set breakpoint on export function Java_com_example_myapplication_MainActivity_stringFromJNI of libnative-lib.so

Open BurningTeng opened this issue 5 years ago • 1 comments

MainActivity as below. Export function Java_com_example_myapplication_MainActivity_stringFromJNI in libnative-lib.so. To confirm address of Java_com_example_myapplication_MainActivity_stringFromJNI, libnative-lib.so need to be loaded.

public class MainActivity extends AppCompatActivity {

    // Used to load the 'native-lib' library on application startup.
    static {
        System.loadLibrary("native-lib");
    }

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        // Example of a call to a native method
        TextView tv = findViewById(R.id.sample_text);
        tv.setText(stringFromJNI());
    }

    /**
     * A native method that is implemented by the 'native-lib' native library,
     * which is packaged with this application.
     */
    public native String stringFromJNI();
}

When I use spawn mode r2 frida://spawn/usb/BH9500C2JR/com.example.myapplication to start app. There are no libnative-lib.so as following picture. How can I set breakpoint on function Java_com_example_myapplication_MainActivity_stringFromJNI. burning

I tried use agent.js as below, I can confirm the address, how to set breakpoint of the address?

Java.perform(function (){
    var targetClass = Java.use("com.example.myapplication.MainActivity");
    targetClass.onCreate.implementation = function(p1){
    	var openPtr = Module.getExportByName('libnative-lib.so', 'Java_com_example_myapplication_MainActivity_stringFromJNI');
    	console.log("Hello world "+openPtr);
	this.onCreate(p1);
    }
  });

BurningTeng avatar Dec 08 '20 16:12 BurningTeng

Extract libnative-lib.so from apk and do

r2 -q -A -c "afl~Java_com_example_myapplication_MainActivity_stringFromJNI" libnative-lib.so

you will get addess of that required exported method in library like 0x00007330 now in r2 frida session do \dm~libnative-lib.so and choose address of section with r-x permission for example 0xcad88000 - 0xcadb6000 r-x /data/app/your.app.package/lib/x86/libnative-lib.so

add this address with exported address like 0x00007330+0xcad88000 then 0xCAD8F330 will be your required address on which you need to apply breakpoint with \db 0xCAD8F330

apkunpacker avatar May 22 '21 13:05 apkunpacker

closing as seems to work

trufae avatar Feb 04 '24 08:02 trufae