Results 1 to 7 of 7

Thread: Decompilation of shared libraries (.so files)

  1. #1

    Decompilation of shared libraries (.so files) Linux/Android

    Greetings sirs and madams. I wasn't sure where to post this and the newbie forum seemed the most appropriate

    So, my question is related to the Android platform, but I'm sure it'd be almost the same as for linux (and I'm sure there're plenty of linux gurus here ). My question is this: Is it possible to decompile the .so files of a program (when NOT having access to the original source code) and then modify them to change the way a program works?

    In specific terms, there's a game that I've installed on my Android. It is impervious to attempts by GameCIH, GameGuardian (memory-modification based cheating app ) to change the values it stores in the temporary memory. If this were some other game, I'd simply access it's savegame and modify the values I wanted. But see, this game encrypts its savegames as well. So, I set out on a quest to find out if I could somehow modify its mscorlib.dll file (which I believe contains the command to make the game encrypt the save file[other games that encrypt their saves have an .so file. BTW what is the difference b/w an .so and a .dll file?]) to make it create a savegame file WITHOUT encryption.

    In the end, let me say that I HAVE searched THOROUGHLY but haven't come across much relevant material. Secondly, I do NOT wish to simply cheat this game, I want to know that there's ALWAYS another way. I tried myself, but being inexperienced with programming, I turn to you guys. I ran REC on another game's file, but that returned gibberish.

    So... I guess I'll wait for someone to come along, see this, and (hopefully) help me out.
    Last edited by Flood; August 22nd, 2012 at 11:22.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Registered User
    Join Date
    Dec 2005
    Blog Entries
    You want a copy of IDA Pro. It will handle Android .so files. Btw shared libraries are native code. You cannot reliably decompile native code, but you can disassemble it (with IDA Pro).

  3. #3
    Thank you for the reply rendari! But HOTDAMN that software is expensive! 550 bucks! Damn... Well, because you didn't say anything to contradict me, I assume what I'm trying to do is possible?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Registered User
    Join Date
    Dec 2005
    Blog Entries
    Indeed, there is an entire community that specializes in what you are trying to do. You may find one of their main webpages here:


  5. #5
    And a little searching may actually produce a version of the software (IDA PRO) which would work sufficiently for your project, even if it is not the latest version. That's why we suggest people should learn how to SEARCH for what they want!!!


  6. #6
    Thanks a LOT for the link rendari. Your help is MUCH appreciated I'm surprised google didn't lead me to those boards even though I searched for over a week before coming here. Sleepless nights, here I come :P

    Thank you for the tips JMI Already procured a version and decompiled an .so and now scratching my head over it Your assistance is much appreciated
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Flood, I don't know if you need this advice or not, but I'll offer it anyway. The way that I would attack that, is to search the .so for references to the savegame name. That SHOULD lead you to where it's opened, which would give you the file handle, you can then trace where that handle is used, and find where the file is written, etc. From looking at the file writing code (probably a call to "write" of "fwrite"), you can see if the data is encrypted somewhere else, and just flushed out with the writes, or if the write routine does the encryption, and THEN the write.

    Once you know this, you can probably figure out the encryption routine, and just write yourself a decrypt/encrypt util so that you no longer care about REMOVING the encryption, you just open the file, edit it, and save it back.

    To answer a question you asked earlier. A .so is the Linux version of a .dll same basic idea.

Similar Threads

  1. some FB shared malware.
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: March 17th, 2014, 08:03
  2. find checksum code inside shared lib (linux .so)
    By mikeparadox in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: December 8th, 2012, 03:24
  3. new borland libraries format dumper?
    By _Servil_ in forum The Newbie Forum
    Replies: 0
    Last Post: December 24th, 2004, 02:39
  4. help linux shared linked library
    By celestezhu in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: August 20th, 2004, 01:13
  5. VB Decompilation...
    By Snatch in forum Mini Project Area
    Replies: 15
    Last Post: January 7th, 2002, 15:09


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts