Analyzing .so in android app using qiling

[anaivebird]

Analyzing .so in app may be challenging due to mocking JNI functions behavior like FindClass(), GetMethodID(), RegisterNatives() is hard.

So any wordaround for qiling to overcome it? May be we need dynamic instrument module to parallel running with qiling. When jniEnv->RegisterNatives() is called, transfer control to real machine code and transfer back when RegisterNatives() returns.

[aquynh]

I can take a look, can you upload your binary & your code?

[anaivebird]

All android app with so native code need these methods(not specific to some app). Refers to https://blog.quarkslab.com/android-native-library-analysis-with-qbdi.html

This method solves problem of mocking complex system call or framework lib call like java jni or android framework. Without this method, it will be hard to analysis android native so code in emulator like qiling.

Will qiling consider to add support to this?

[backahasten]

Many tools have used unicorn to run the Android JNI interface. For example,unidbg or AndroidNativeEmu, merging their code and scheme is worth doing.

[xwings]

Will you be able to try the latest version of Qiling and see if you still face same issue. There is lots of rework since 2021. Feel free to open a new issue if you have any similar problem.