Results 1 to 6 of 6

Thread: patch any .so android library NDK file

  1. #1
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430

    patch any .so android library NDK file

    Hi all,
    I would patch a native NDK file, those *.so files you can find in some APK packages...

    They are indeed normal elf *.so library native code libraries, but are usually signed with a 1024 RSA signature. Does anyone know how to re-sign them once patched??

    Thanks!
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  2. #2
    Most of those files can found in the wild without being signed.
    It will depend on if it was part of a "bundle" or a stand alone.

    Woodmann
    Learn Or Die.

  3. #3
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Heya Shub,

    Only the APK files are signed. I've never seen a signed .so file.

    -rendari

  4. #4
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    rendari is right. patch your file and resign the apk with the common commandline line tools with our custom key. that will work on any android where non market applications are allowed.

    regards,
    OHPen.
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  5. #5
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    Hi mate
    you are right. Generally for market apps the so files are not signed. However I asked this because I was reversing an android malware app which was apparently using a signed so file inside, and since it's supported by the format I openened the thread.
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  6. #6
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Hi Shub,

    I'm not sure if the ELF files you're patching are verifying themselves, or are being verified by the Android kernel. As far as I know, Android does not support verifying signed elf files. I might be wrong, and if I am, then there is probably a .signature section that you should 0 out to remove the signature:
    http://lwn.net/Articles/532778/

    If the ELF files are verifying themselves, then you will have to patch the file to bypass the signature verification.

    -rendari

Similar Threads

  1. Replies: 5
    Last Post: January 18th, 2011, 21:39
  2. Identifying SDK APIs without a library?
    By 5aLIVE in forum The Newbie Forum
    Replies: 12
    Last Post: January 2nd, 2009, 08:08
  3. IDA Signature: Key-lok II C++ library
    By prt in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: July 5th, 2007, 12:34
  4. loading a library
    By vmagic in forum OllyDbg Support Forums
    Replies: 4
    Last Post: January 12th, 2005, 13:42
  5. how to see the DD library name under linux
    By tapo2001 in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: October 11th, 2001, 09:16

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •