React Native Decompilation (Static Analyis tooling/methodology) #2666
Closed
saulpanders
started this conversation in
Ideas
Replies: 1 comment
-
|
Captured as an issue, thanks @saulpanders ! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I've encountered a lot of apps written in react native recently, and in cases where the app was build using react native with facebook/hermes the bundle files are difficult to statically analyze (i.e. index.android.bundle and main.jsbundle)
there's a tool for unpacking these bundle files if they arent encrypted called react native decompiler
but I also want to bring up and include hermes-dec in the methodology. It can process bundles that react native decompiler wont, and will translate the packed bundle files into readable hermes bytecode.
I did this recently and found sensitive data shipped in an APK's index.android.bundle file that I otherwise may have missed due to not being able to inspect its contents. Highly recommend adding this to the methodology.
Beta Was this translation helpful? Give feedback.
All reactions