View AndroidGlobalAnalysis.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#?description=Perform a global analysis on a dex unit and display decompilation events | |
#?shortcut= | |
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units.code import DecompilationOptions, DecompilationContext | |
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit, IDexDecompilerUnit | |
""" | |
Sample script for JEB Decompiler. |
View genUserFriendlySig.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
letterToPrim = { | |
'Z': 'boolean', | |
'B': 'byte', | |
'C': 'char', | |
'S': 'short', | |
'I': 'int', | |
'J': 'long', | |
'F': 'float', | |
'D': 'double', | |
} |
View DartSnapshotHashToVersionTag.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# note: the hash is located at offset 0x14, after the int32 magic (0xDCDCF5F5), int64 size, and int64 snapshot kind fields. | |
# snapshot_hash,dart_version_tag | |
19ac30c2bacca37ef7691604e75be559,2.0.0 | |
d120342d48b35fc67901acb723bb6e9f,2.0.0-dev.0.0 | |
d120342d48b35fc67901acb723bb6e9f,2.0.0-dev.0.1 | |
53db5f61774a5fbc5ee04696b38726f8,2.0.0-dev.1.0 | |
3cebf13e885ccde5bf5d36d308390ddf,2.0.0-dev.10.0 | |
4980a5a9e7247ed5f306c8c565d193cc,2.0.0-dev.11.0 | |
8ed2b9130065c72a181a9a40e17387bd,2.0.0-dev.12.0 | |
42c99258b896ea28162a3634ab9893c3,2.0.0-dev.13.0 |
View extzips.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import os | |
import sys | |
from struct import unpack | |
def extract(buf, ibeg, iend): | |
name = 'sub%08X.zip' % ibeg | |
print('Dumping: %s' % name) |
View gist:a8723af39762db6263bae870ab4b63d6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Initially, those opcodes are converted by default to equivalent pseudo-methods: FOO -> FOO(): | |
SIGNEXTEND | |
STOP | |
ADDMOD | |
MULMOD | |
SHA3/KECCAK256 | |
ADDRESS | |
BALANCE | |
ORIGIN | |
CALLER |
View PrintDexOverrides.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#?description= | |
#?shortcut= | |
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit | |
from com.pnfsoftware.jeb.core.actions import Actions, ActionContext, ActionOverridesData | |
class PrintDexOverrides(IScript): | |
def run(self, ctx): | |
prj = ctx.getMainProject() |
View PrintDexHierarchy.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#?description= | |
#?shortcut= | |
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit | |
from com.pnfsoftware.jeb.core.actions import ActionContext, ActionTypeHierarchyData, Actions | |
class PrintDexHierarchy(IScript): | |
def run(self, ctx): | |
prj = ctx.getMainProject() |
View DGReplaceApiCalls.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from com.pnfsoftware.jeb.core.units.code.android.ir import AbstractDOptimizer, IDVisitor | |
from com.pnfsoftware.jeb.core.units.code.java import JavaOperatorType | |
''' | |
This JEB's dexdec IR optimizer will attempt to resolve artificial Android library invocations added | |
by Android app protectors, designed to hamper the string auto-decryption process. | |
This Python plugin is executed during the decompilation pipeline of a method. | |
Needs JEB 4.2 or above. |
View RenameRoutines.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units import INativeCodeUnit | |
from com.pnfsoftware.jeb.core.units.code import ICodeUnit | |
class RenameRoutines(IScript): | |
def run(self, ctx): | |
prj = ctx.getMainProject() | |
code = prj.findUnit(INativeCodeUnit) | |
code.getInternalMethod(0x401000).setName('foo') | |
# ... |
View JumpTo.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from com.pnfsoftware.jeb.client.api import IScript | |
from com.pnfsoftware.jeb.core.units.code.android import IDexUnit | |
""" | |
Sample showing: | |
- how a script can be invoked after a cmdline-provided file has been processed by the JEB UI client | |
- currently, this script simply searches for a Dex code unit, attempts to find a disassembly fragment for it, and navigate to the cmdline-provided address | |
How to use: | |
$ jeb_startup_script --script=ScriptPath -- InputFile AddressToJumpTo |
NewerOlder