React Native Decompilation (Static Analyis tooling/methodology) #2666
Closed
saulpanders
started this conversation in
Ideas
Replies: 1 comment
-
|
Captured as an issue, thanks @saulpanders ! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I've encountered a lot of apps written in react native recently, and in cases where the app was build using react native with facebook/hermes the bundle files are difficult to statically analyze (i.e. index.android.bundle and main.jsbundle)
there's a tool for unpacking these bundle files if they arent encrypted called react native decompiler
but I also want to bring up and include hermes-dec in the methodology. It can process bundles that react native decompiler wont, and will translate the packed bundle files into readable hermes bytecode.
I did this recently and found sensitive data shipped in an APK's index.android.bundle file that I otherwise may have missed due to not being able to inspect its contents. Highly recommend adding this to the methodology.
Beta Was this translation helpful? Give feedback.
All reactions