This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#?description=Perform a global analysis on a dex unit and display decompilation events | |
#?shortcut= | |
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units.code import DecompilationOptions, DecompilationContext | |
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit, IDexDecompilerUnit | |
""" | |
Sample script for JEB Decompiler. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
letterToPrim = { | |
'Z': 'boolean', | |
'B': 'byte', | |
'C': 'char', | |
'S': 'short', | |
'I': 'int', | |
'J': 'long', | |
'F': 'float', | |
'D': 'double', | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# note: the hash is located at offset 0x14, after the int32 magic (0xDCDCF5F5), int64 size, and int64 snapshot kind fields. | |
# last update: 2023/10/16 | |
# snapshot_hash,dart_version_tag | |
19ac30c2bacca37ef7691604e75be559,2.0.0 | |
d120342d48b35fc67901acb723bb6e9f,2.0.0-dev.0.0 | |
d120342d48b35fc67901acb723bb6e9f,2.0.0-dev.0.1 | |
53db5f61774a5fbc5ee04696b38726f8,2.0.0-dev.1.0 | |
3cebf13e885ccde5bf5d36d308390ddf,2.0.0-dev.10.0 | |
4980a5a9e7247ed5f306c8c565d193cc,2.0.0-dev.11.0 | |
8ed2b9130065c72a181a9a40e17387bd,2.0.0-dev.12.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import os | |
import sys | |
from struct import unpack | |
def extract(buf, ibeg, iend): | |
name = 'sub%08X.zip' % ibeg | |
print('Dumping: %s' % name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Initially, those opcodes are converted by default to equivalent pseudo-methods: FOO -> FOO(): | |
SIGNEXTEND | |
STOP | |
ADDMOD | |
MULMOD | |
SHA3/KECCAK256 | |
ADDRESS | |
BALANCE | |
ORIGIN | |
CALLER |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#?description= | |
#?shortcut= | |
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit | |
from com.pnfsoftware.jeb.core.actions import Actions, ActionContext, ActionOverridesData | |
class PrintDexOverrides(IScript): | |
def run(self, ctx): | |
prj = ctx.getMainProject() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#?description= | |
#?shortcut= | |
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit | |
from com.pnfsoftware.jeb.core.actions import ActionContext, ActionTypeHierarchyData, Actions | |
class PrintDexHierarchy(IScript): | |
def run(self, ctx): | |
prj = ctx.getMainProject() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from com.pnfsoftware.jeb.core.units.code.android.ir import AbstractDOptimizer, IDVisitor | |
from com.pnfsoftware.jeb.core.units.code.java import JavaOperatorType | |
''' | |
This JEB's dexdec IR optimizer will attempt to resolve artificial Android library invocations added | |
by Android app protectors, designed to hamper the string auto-decryption process. | |
This Python plugin is executed during the decompilation pipeline of a method. | |
Needs JEB 4.2 or above. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units import INativeCodeUnit | |
from com.pnfsoftware.jeb.core.units.code import ICodeUnit | |
class RenameRoutines(IScript): | |
def run(self, ctx): | |
prj = ctx.getMainProject() | |
code = prj.findUnit(INativeCodeUnit) | |
code.getInternalMethod(0x401000).setName('foo') | |
# ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit | |
""" | |
Sample showing: | |
- how a script can be invoked after a cmdline-provided file has been processed by the JEB UI client | |
- currently, this script simply searches for a Dex code unit, attempts to find a disassembly fragment for it, and navigate to the cmdline-provided address | |
How to use: | |
$ jeb_startup_script --script=ScriptPath -- InputFile AddressToJumpTo |
NewerOlder