Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

patch any .so android library NDK file

Interesting low-level stuff, operating system related issues, packer/vx acrobatics, drivers and non-newbie programming in general, including win32 assembly and whatever else.
Locked
User avatar
Shub-nigurrath
Senior Member
Posts: 431
Joined: Mon May 10, 2004 2:00 pm
Location: Obscure Kadath

patch any .so android library NDK file

Post by Shub-nigurrath »

Hi all,
I would patch a native NDK file, those *.so files you can find in some APK packages...

They are indeed normal elf *.so library native code libraries, but are usually signed with a 1024 RSA signature. Does anyone know how to re-sign them once patched??

Thanks!
(¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
User avatar
Woodmann
Posts: 3605
Joined: Fri Jan 26, 2001 6:28 pm

Post by Woodmann »

Most of those files can found in the wild without being signed.
It will depend on if it was part of a "bundle" or a stand alone.

Woodmann
Learn Or Die.
rendari
Senior Member
Posts: 217
Joined: Sat Dec 10, 2005 7:08 pm

Post by rendari »

Heya Shub,

Only the APK files are signed. I've never seen a signed .so file.

-rendari
User avatar
OHPen
Posts: 399
Joined: Wed Nov 06, 2002 1:20 pm
Location: .text

Post by OHPen »

rendari is right. patch your file and resign the apk with the common commandline line tools with our custom key. that will work on any android where non market applications are allowed.

regards,
OHPen.
- Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -
User avatar
Shub-nigurrath
Senior Member
Posts: 431
Joined: Mon May 10, 2004 2:00 pm
Location: Obscure Kadath

Post by Shub-nigurrath »

Hi mate
you are right. Generally for market apps the so files are not signed. However I asked this because I was reversing an android malware app which was apparently using a signed so file inside, and since it's supported by the format I openened the thread.
(¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
rendari
Senior Member
Posts: 217
Joined: Sat Dec 10, 2005 7:08 pm

Post by rendari »

Hi Shub,

I'm not sure if the ELF files you're patching are verifying themselves, or are being verified by the Android kernel. As far as I know, Android does not support verifying signed elf files. I might be wrong, and if I am, then there is probably a .signature section that you should 0 out to remove the signature:
http://lwn.net/Articles/532778/

If the ELF files are verifying themselves, then you will have to patch the file to bypass the signature verification.

-rendari
Locked