Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Can you help check what kind of protection this Android .so file has?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 05-08-2025, 19:29
CRoot CRoot is offline
Friend
  
Join Date: Sep 2023
Posts: 5
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
CRoot Reputation: 0
Can you help check what kind of protection this Android .so file has?
This SO file has a special section called "ncc," which contains the initialization function (init). It's the only function with various root and hook detection mechanisms. The SO crashes before fully loading, likely because it detected something. I wonder if this is some kind of commercial protection?
01.png

Additionally, after this kind of control flow flattening processing, are there any mature tools or solutions available now to assist with analysis? I haven’t done Android analysis in a long time, so I came here specifically to ask—thank you very much!
02.png

I'm not sure how to upload the icon—attaching it as a file doesn't seem to work (or isn't accessible).
https://imgur.com/a/c7HY4j8
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mac OSX file integrity check anon_c General Discussion 0 08-22-2016 01:57


All times are GMT +8. The time now is 13:32.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )