Skip to content
/ native-scanner Public

An analyzer of JNI code that matches native code information with Java code

License

UPL-1.0 license
20 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

plast-lab/native-scanner

BranchesTags

Repository files navigation

Build Status

This repository hosts the native scanner, a library that searches for strings in binary libraries, to inform static analyses. Read more about this library in paper "Identifying Java Calls in Native Code via Binary Scanning".

This library has the following modes:

  • Radare2-based analysis: this mode uses the Radare2 framework.

  • Binutils-based analysis: this mode assumes the existence of utilities such as nm, objdump, and gdb.

  • Built-in mode: this mode uses no external tools but only supports a subset of the functionality for ELF and DLL files (using the JElf parser and the Kaitai Struct PE format respectively). This mode should be used in applications where simple string detection is enough or in platforms where binutils/Radare2 may not be available.

Setup

Standalone application

Install the application locally:

./gradlew installDist

The resulting binary is in build/install/native-scanner/bin/native-scanner.

Library

Add the Bintray repository in your application build.gradle and add the library as a dependency:

repositories {
  maven { url 'https://dl.bintray.com/gfour/plast-lab' }
  ...
}

dependencies {
  implementation 'org.clyze:native-scanner:0.6.1'
}

Note: this project also supports publishing to the local Maven repository via ./gradlew publishToMavenLocal.

Radare2 mode

This mode uses the Radare2 reverse engineering framework for portability. Tested with Radare 3.5.0 and 4.5.0.

Setup:

  1. Install Radare2 so that it is available in your PATH.

  2. Install Python and r2pipe:

pip install r2pipe --user

Binutils mode

This mode uses command-line programs available in your POSIX system, such as nm, objdump, and gdb. This works for analyzing binaries on a system with the same ABI (for example, x86 binaries on a x86 system).

To analyze ARM binaries on a x86 system, appropriate toolchains should be used and the PATH should be adjusted to point to the directory containing tools nm and objdump. To generate such toolchains for Android, consult the Android NDK documentation.

Use

For the standalone application, pass --help to see the available options.

For the library, instantiate a NativeScanner object and a BinaryAnalysis object, and use method NativeScanner.scanBinaryCode() to scan a native library. To consume the results, implement interface NativeDatabaseConsumer. See the standalone entry point org.clyze.scanner.Main.main() for an actual piece of code using this library.

About

An analyzer of JNI code that matches native code information with Java code

Topics

analysis analyzing-binaries

Resources

Readme

License

UPL-1.0 license
Activity
Custom properties

Stars

20 stars

Watchers

9 watching

Forks

6 forks
Report repository

Releases

15 tags

Packages

No packages published

Languages