Skip to content

Instantly share code, notes, and snippets.

@strazzere
Last active May 9, 2023 16:13
Show Gist options
  • Save strazzere/506a592b44c9d228d697 to your computer and use it in GitHub Desktop.
Save strazzere/506a592b44c9d228d697 to your computer and use it in GitHub Desktop.
Attaching to fast loading JNI/native code from an Android app without debugging the Dalvik code
The original issue was that some applications (ex. packers) launch the JNI/native code too fast for a person
to attach an IDA Pro instance to the process. The original solution was wrapping the jni code with your own
"surrogate" application so you could load it slower.
New process is to launch the Android/Dalvik activity with the debugger flag;
# adb shell am start -D com.play.goo_w/com.android.netservice.MainActivity
Which will cause the "Waiting for debugger..." mode to start. This starts the process, allowing you to
attach IDA Pro to the process for the native code.
Next attach forward the jdwp process to a tcp socket so you can connect;
# adb jdwp
...
3292
This process returns all available jdwp processes, the last one should be your new pid you want to debug
(you could check this through top/ps)
# adb forward tcp:8700 jdwp:3292
After you've forwarded the port to the jdwp process, you can connect on your machine via jdb;
# jdb -attach localhost:8700
Drop the jdb conneciton and let the Android application run as it normal would.
@strazzere
Copy link
Author

What is the stack you're seeing when it crashes?

These steps are, generally speaking, correct. Yes you will need to change some things if you're running it on a different OS. However unless you're using a specialized device and/or application, the crash you're seeing is likely something correctly failing -- which is unrelated to the jdb.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment