Reverse Engineering and Instrumenting React Native Apps // @Pilfer
React Native is a cross-platform mobile application framework that was created by Facebook/Meta. It has a bespoke JavaScript runtime embedded within it called “Hermes”, which also has the ability to compile JavaScript to a bespoke bytecode. Said bytecode is loaded up into the VM and executed at runtime.
The usage of Hermes’ binary format is now default for all new React Native apps. Gone are the days of simply formatting and deobfuscating JavaScript in the shipped bundle.
Obviously this has thrown a wrench into the gears of many reverse engineers and researchers out there. So, how do we hack on React Native apps now? Let’s take a look at the current tooling that we have available to us.
At the time of me writing this post, the landscape for RE/DI tooling for React Native is lacking - especially when compared to what is available for other frameworks.
The official Hermes source code repository contains a ton of very useful content. The hermes binary itself has a method to dump the bytecode of a pure .hbc file. It unfortunately rarely (if ever) works with Android/iOS bundles.
Leave a Comment
Related Posts
Ashoat Tevosyan on Twitter: "/0 One of the biggest misconceptions about React Native is that it has worse performance than native iOS / Android"
Comment
Alyssa Rosenzweig on Twitter: "Bare metal Apple M1 Debian at 4K@60. Display driver development, day #7. A million thanks to @svenpeter42 for helping me tread water in the Linux kernel driver deep end and to @marcan42 for reverse-engineering the Apple display controller.… https://t.co/afo33YfyV8"
CommentRecent Posts
/cdn.vox-cdn.com/uploads/chorus_asset/file/25658358/247300_ONE_DOLLAR_MERGER_CVirginia.jpg)
