bongtrop / hbctool Goto Github PK

View Code? Open in Web Editor NEW

426.0 426.0 70.0 35.71 MB

Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)

License: MIT License

Python 58.22% C++ 41.78%

hermes-bytecode hermes-engine javascript-engine react-native reverse-engineering

hbctool's People

Contributors

Stargazers

Watchers

hbctool's Issues

HBC-76 examples include version 74 bytecode file

The example index.android.bundle file is version 74 and not 76

00000000: c61f bc03 c103 191f 4a00 0000 d031 0a88  ........J....1..

byte 0x9 should be 4c and not 4a

The HBC version (90) is not supported.

I tried to decompile hermes bytecode and failed.
hbctool disasm assets/index.android.bundle ../hermes_out [*] Disassemble 'assets/index.android.bundle' to '../hermes_out' path Traceback (most recent call last): File "/usr/local/bin/hbctool", line 8, in <module> sys.exit(main()) ^^^^^^ File "/usr/local/lib/python3.11/site-packages/hbctool/__init__.py", line 61, in main disasm(args['<HBC_FILE>'], args['<HASM_PATH>']) File "/usr/local/lib/python3.11/site-packages/hbctool/__init__.py", line 33, in disasm hbco = hbc.load(f) ^^^^^^^^^^^ File "/usr/local/lib/python3.11/site-packages/hbctool/hbc/__init__.py", line 29, in load assert version in HBC, f"The HBC version ({version}) is not supported." ^^^^^^^^^^^^^^ AssertionError: The HBC version (90) is not supported.

The HBC version (94) is not supported.

please！

Writing patch code to hbc

I think it is hard to write patch code to hbc, when I added some patch code to hbc in some offset of instruction segment, the offset will be reuse in afterwards, which will cause beforehand code being modified and affect code to be disassembled incorrectly. Because added bytecode changes offset of some function.

Can it be restore to JavaScript?

I can't understand the decompiled file, can I restore it to JavaScript in the future? This is very helpful to me, thanks!

How to decode UTF16 in strings?

How to decode and change utf16 values in strings.json?

example:
{ "id": 27774, "isUTF16": true, "value": "3906270645062000480627062d062f06" }

AssertionError: Overflowed string length is not supported yet.

When I " hbctool asm edited index.android.bundle"
hbc.setString(string["id"], string["value"])
\appdata\local\programs\python\python39-32\lib\site-packages\hbctool\hbc\hbc59_init_.py", line 142, in setString
assert l <= length, "Overflowed string length is not supported yet."
AssertionError: Overflowed string length is not supported yet.
I'm using Python 3.9.6, what should I fix?

Commit with Version List

I've listed commit tree url for every hermes bytecode version. So it can be easy to search for building the opcodes:

More to be added. On progress.

what is <HASM_PATH> and where to get it

~~Sorry if this is a dumb question but to use this, what is <HASM_PATH>? I assume the path to some assembler binaries or something? Could you tell me what this is and/or where to get it? Thanks~~

Never mind, that is the output disassembled file, i am a dumb-dumb...

disasm error

Hi, i got error with command "hbctool disasm index.android.bundle test_hasm". Please help:
[*] Disassemble 'index.android.bundle' to 'test_hasm' path
Traceback (most recent call last):
File "C:\Program Files\Python310\lib\runpy.py", line 196, in run_module_as_main
return run_code(code, main_globals, None,
File "C:\Program Files\Python310\lib\runpy.py", line 86, in run_code
exec(code, run_globals)
File "C:\Program Files\Python310\Scripts\hbctool.exe_main.py", line 7, in
File "C:\Program Files\Python310\lib\site-packages\hbctool_init.py", line 61, in main
disasm(args['<HBC_FILE>'], args['<HASM_PATH>'])
File "C:\Program Files\Python310\lib\site-packages\hbctool_init.py", line 33, in disasm
hbco = hbc.load(f)
File "C:\Program Files\Python310\lib\site-packages\hbctool\hbc_init_.py", line 28, in load
assert magic == MAGIC, f"The magic ({hex(magic)}) is invalid. (must be {hex(MAGIC)})"
AssertionError: The magic (0x55425f5f20726176) is invalid. (must be 0x1f1903c103bc1fc6)

Support for version 62

Hi, thanks for making this tool, I thought I wouldn't be able to analyze react native apps anymore !
Anyway, I don't know if I should create another issue, but could you also add support for version 62 please ?
Used by: com.canaltp.ametis

Thank you

i am getting the following error on the 84 version

[*] Disassemble 'index.android.bundle' to 'hbctool' path
Traceback (most recent call last):
File "/usr/local/bin/hbctool", line 8, in
sys.exit(main())
File "/usr/local/lib/python3.9/site-packages/hbctool/init.py", line 61, in main
disasm(args['<HBC_FILE>'], args['<HASM_PATH>'])
File "/usr/local/lib/python3.9/site-packages/hbctool/init.py", line 33, in disasm
hbco = hbc.load(f)
File "/usr/local/lib/python3.9/site-packages/hbctool/hbc/init.py", line 29, in load
assert version in HBC, f"The HBC version ({version}) is not supported."
AssertionError: The HBC version (84) is not supported.

Systax Error

hbctool
Traceback (most recent call last):
  File "/usr/local/bin/hbctool", line 11, in <module>
    load_entry_point('hbctool==0.1.5', 'console_scripts', 'hbctool')()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 489, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2793, in load_entry_point
    return ep.load()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2411, in load
    return self.resolve()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2417, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/lib/python2.7/dist-packages/hbctool-0.1.5-py2.7.egg/hbctool/__init__.py", line 31
    print(f"[*] Disassemble '{hbcfile}' to '{hasmpath}' path")
                                                            ^
SyntaxError: invalid syntax

Please add support for version 90, thank you.

AssertionError: The HBC version (90) is not supported.

Error with header file

Hey, on version 90, provided by a pull request, upon compiling (without changing anything just simply disasm and re-asm), upon replacing the file and looking at the logs, the app instantly crashes and gives me this error

The actual size of the file is smaller than what it says in the headers, if anyone could help me out with this it would be much appreciated!

Fix this issue

https://github.com/P1sec/hermes-dec

i dissembled index.android.bundle to instructions.hasm via p1sec
(Theres no option to reassemble hasm) so tried to reassemble it via bongtrop hbctool

Error:
assert os.path.exists(f"{path}/metadata.json"), f"metadata.json not found."
AssertionError: metadata.json not found

The HBC version (84) is not supported.

Add support for the latest Hermes.

The HBC version (84) is not supported.

C:\Users\Max\feeld\co.feeld\assets>hbctool disasm index.android.bundle test_hasm
[*] Disassemble 'index.android.bundle' to 'test_hasm' path
Traceback (most recent call last):
  File "C:\Users\Max\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "C:\Users\Max\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "C:\Users\Max\AppData\Local\Programs\Python\Python310\Scripts\hbctool.exe\__main__.py", line 7, in <module>
  File "C:\Users\Max\AppData\Local\Programs\Python\Python310\lib\site-packages\hbctool\__init__.py", line 61, in main
    disasm(args['<HBC_FILE>'], args['<HASM_PATH>'])
  File "C:\Users\Max\AppData\Local\Programs\Python\Python310\lib\site-packages\hbctool\__init__.py", line 33, in disasm
    hbco = hbc.load(f)
  File "C:\Users\Max\AppData\Local\Programs\Python\Python310\lib\site-packages\hbctool\hbc\__init__.py", line 29, in load
    assert version in HBC, f"The HBC version ({version}) is not supported."
AssertionError: The HBC version (84) is not supported.

HBC Version (84) Error

I recently tried to decompile the index.android.bundle file with hbctool
But when tried I faced with this issue

# error
(hbctool) dnoscp@arupadaiveedu:~/Desktop/data/PATCH2$ hbctool disasm apktool/assets/index.android.bundle decompiled
[*] Disassemble 'apktool/assets/index.android.bundle' to 'decompiled' path
Traceback (most recent call last):
  File "/opt/tools/hbctool/bin/hbctool", line 8, in <module>
    sys.exit(main())
  File "/opt/tools/hbctool/lib/python3.10/site-packages/hbctool/__init__.py", line 61, in main
    disasm(args['<HBC_FILE>'], args['<HASM_PATH>'])
  File "/opt/tools/hbctool/lib/python3.10/site-packages/hbctool/__init__.py", line 33, in disasm
    hbco = hbc.load(f)
  File "/opt/tools/hbctool/lib/python3.10/site-packages/hbctool/hbc/__init__.py", line 29, in load
    assert version in HBC, f"The HBC version ({version}) is not supported."
AssertionError: The HBC version (84) is not supported.

The information of the file

# file info
(hbctool) dnoscp@arupadaiveedu:~/Desktop/data/PATCH2$ file apktool/assets/index.android.bundle 
apktool/assets/index.android.bundle: Hermes JavaScript bytecode, version 84

Someone please help to solve this issue.

where is the build output of hbctool?

When execute this command poetry install，terminal says "Installing the current project: hbctool (0.1.3)", but where is the output, or where did it installed?

Requesting support for HBC version 59

Thank you for this great tool. I wonder if a support for HBC version 59 can be added. I will try it myself but i am not sure I will succeeded.

AssertionError: The HBC version (85) is not supported.

[*] Disassemble '.\index.android.bundle' to '.\output' path
Traceback (most recent call last):
File "", line 198, in run_module_as_main
File "", line 88, in run_code
File "C:\Python311\Scripts\hbctool.exe_main.py", line 7, in
File "C:\Python311\Lib\site-packages\hbctool_init.py", line 61, in main
disasm(args['<HBC_FILE>'], args['<HASM_PATH>'])
File "C:\Python311\Lib\site-packages\hbctool_init_.py", line 33, in disasm
hbco = hbc.load(f)
^^^^^^^^^^^
File "C:\Python311\Lib\site-packages\hbctool\hbc_init_.py", line 29, in load
assert version in HBC, f"The HBC version ({version}) is not supported."
^^^^^^^^^^^^^^
AssertionError: The HBC version (85) is not supported.

The HBC version (89) is not supported

Any solution for this?

The HBC version (76) is not supported.

Add support for latest hermes

AssertionError

======================================================================
FAIL: test_get_function (hbctool.hbc.hbc76.test.TestHBC76)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/media/x/all/hack_tools/android_pentest/hbctool/hbctool/hbc/hbc76/test.py", line 22, in test_get_function
    self.assertEqual(functionCount, len(target_offsets))
AssertionError: 31666 != 3946

======================================================================
FAIL: test_get_string (hbctool.hbc.hbc76.test.TestHBC76)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/media/x/all/hack_tools/android_pentest/hbctool/hbctool/hbc/hbc76/test.py", line 43, in test_get_string
    self.assertEqual(stringCount, len(target_strings))
AssertionError: 57366 != 4656

----------------------------------------------------------------------
Ran 23 tests in 43.542s

I recieved error when try to disasm hermes 76.
Please! Help me :(

FYI : updates version 84,85,89 and test corrections

Hi @bongtrop Thanks for the nice tool.

I have been working on updating few things here : https://github.com/cyfinoid/hbctool

I see 84,85 support got merged recently hence cant open a clear pull request. Following changes are available in my branch if you want to cherrypick

Version support added 84 (via niosega), 85,89,83
Test cases are now running some fixing was needed
Added a readme on how to add new versions.

Feel free to pick and choose

List index out of range: version 84

I get the following error when trying to disassemble an android bundle using hermes bytecode version 84:

[*] Disassemble 'index.android.bundle' to 'out' path
[*] Hermes Bytecode [ Source Hash: d47dd92ea0ad2ab0ad46438a7f6f4a2ee383dbf5, HBC Version: 84 ]
Traceback (most recent call last):
  File "hbctool\.venv\Scripts\\hbctool", line 6, in <module>
    sys.exit(main())
             ^^^^^^
  File "hbctool\hbctool\__init__.py", line 61, in main
    disasm(args['<HBC_FILE>'], args['<HASM_PATH>'])
  File "hbctool\hbctool\__init__.py", line 41, in disasm
    hasm.dump(hbco, hasmpath)
  File "hbctool\hbctool\hasm.py", line 67, in dump
    write_func(f, hbc.getFunction(i), i, hbc)
                  ^^^^^^^^^^^^^^^^^^
  File "hbctool\hbctool\hbc\hbc84\__init__.py", line 59, in getFunction
    insts = disassemble(bc)
            ^^^^^^^^^^^^^^^
  File "hbctool\hbctool\hbc\hbc84\translator.py", line 33, in disassemble
    opcode = opcode_mapper[bc[i]]
             ~~~~~~~~~~~~~^^^^^^^
IndexError: list index out of range

Change string

I don't quite understand how to change string.
I need to change the translation (to Russian), but in the application itself after changing only strange characters

What I write:

What i get:

Does this work on iOS?

If not, can it be supported?

Show jump offsets and object keys & values in disassembly

As it stands, it's difficult to (a) determine the object keys/values used in New*WithBuffer instructions, and (b) determine the exact location of a jump.

It would be great if this information could be displayed in the disassembly output (see below for examples).

I've done a proof-of-concept here, but it's very dodgy.

Function offsets:

0000: Function<Ie>9746(3 params, 16 registers, 2 symbols):
0000: 	CreateEnvironment   	Reg8:0
0002: 	LoadParam           	Reg8:3, UInt8:1
0005: 	LoadConstUInt8      	Reg8:7, UInt8:1
0008: 	LoadConstUndefined  	Reg8:6
0010: 	LoadConstUndefined  	Reg8:4
0012: 	GetArgumentsLength  	Reg8:5, Reg8:4
0015: 	LoadConstUInt8      	Reg8:2, UInt8:2
0018: 	Mov                 	Reg8:1, Reg8:7
0021: 	JNotGreater         	Addr8:19, Reg8:5, Reg8:2
0021:	; Oper[1]; Offset(40)

0025: 	GetArgumentsPropByVal	Reg8:5, Reg8:2, Reg8:4
0029: 	Mov                 	Reg8:1, Reg8:7
0032: 	JStrictEqual        	Addr8:8, Reg8:6, Reg8:5
0032:	; Oper[1]; Offset(40)

0036: 	GetArgumentsPropByVal	Reg8:1, Reg8:2, Reg8:4
0040: 	LoadParam           	Reg8:2, UInt8:2
0043: 	StoreToEnvironment  	Reg8:0, UInt8:1, Reg8:2
...

Object keys & values:

...
0085: 	Call4               	Reg8:9, Reg8:14, Reg8:15, Reg8:5, Reg8:9, Reg8:13
0092: 	NewObjectWithBuffer 	Reg8:9, UInt16:11, UInt16:11, UInt16:33863, UInt16:288
0092:	; Oper[3]: ObjectKey(33863, String(12426)) 'updateId'
0092:	; Oper[3]: ObjectKey(33863, String(25017)) 'releaseChannel'
0092:	; Oper[4]: ObjectVal(288, Boolean(True))
0092:	; Oper[4]: ObjectVal(288, Boolean(True))
...

Jump to an address in instruction file

Hi,

First thank you for the support of Version 59. It works well for me.

I am trying to understand the bytecode in the instruction file and have a hard time knowing the offset of the jump.

I looked at the source code of Hermes, they mentioned clearly that : "The address is relative to the offset of the instruction."

In the instruction file, I don't see the addresses of instructions.

Here is my question let's say the code says:
Line 100 JmpFalse Addr8:18, Reg8:0
my understanding is if Reg8:0 is false, then the instruction will jump to a relative address to the JumpFalse instruction by 18.
Is that means it will jump to line 118?

The number 18 in Addr8:18 is what I don't understand. How I will know where the code will jump if Reg8:0 is False? If it is True, I imagine the next instruction will be executed, but if it is false, I can't see the addresses to knows what will be the next executed instruction.

I know it is Hermes question, but I hope you can make it clear for me.

Thank you.

bongtrop / hbctool Goto Github PK

hbctool's People

Contributors

Stargazers

Watchers

Forkers

hbctool's Issues

Recommend Projects

Recommend Topics

Recommend Org