Make sure to install these python 3 packages:
pip install pyelftools
pip install yara-python
Created
February 8, 2018 08:16
-
-
Save Snegovikufa/6cf7738f1b4cee353b8d7002b4f341af to your computer and use it in GitHub Desktop.
Extracts dlls from libmonodroid_bundle_app.so
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from elftools.elf.elffile import ELFFile | |
| from zipfile import ZipFile | |
| import gzip, string | |
| from io import StringIO, BytesIO | |
| data = open('libmonodroid_bundle_app.so', "rb") | |
| elffile = ELFFile(data) | |
| section = elffile.get_section_by_name('.dynsym') | |
| data.seek(0) | |
| data_read = data.read() | |
| for symbol in section.iter_symbols(): | |
| if symbol['st_shndx'] != 'SHN_UNDEF' and symbol.name.startswith('assembly_data_'): | |
| print(symbol.name) | |
| dll_data = data_read[symbol['st_value']:symbol['st_value']+symbol['st_size']] | |
| dll_data = gzip.GzipFile(fileobj=BytesIO(dll_data)).read() | |
| outfile = open(symbol.name[14:].replace('_dll', '.dll'), 'wb') | |
| outfile.write(dll_data) | |
| outfile.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment