- Drozer - Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.
- Starting a session
adb forward tcp:31415 tcp:31415drozer console connectdrozer console connect --server <ip>
- List modules
lsls activity
- Retrieving package information
- Starting a session
run app.package.list -f
I looked at a JAR file protected using JNIC, version jnic.dev v3.6.0. I haven't written a full-auto deobfuscater yet, but these notes should be useful for anyone reversing it.
The first layer is a LZMA2 compressed .dat file, from which a native library is extracted into a temp dir, and then loaded using System.load.
The sample I looked at had 4 different library versions (for different platforms/architectures), and the script I wrote to extract them looks like this:
import lzma
# from JNICLoader.java