Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)

Related tags

Third-party APIs Wrappersreact-nativereverse-engineeringjavascript-enginehermes-enginehermes-bytecode
Overview

hbctool

Python 3.x PyPI version Software License

A command-line interface for disassembling and assembling the Hermes Bytecode.

Since the React Native team created their own JavaScript engine (named Hermes) for running the React Native application, the JavaScript source code is often compiled to the Hermes bytecode. In the penetration test project, I found that some React Native applications have already been migrated to the Hermes engine. It is really head for me to analyze or patch those applications. Therefore, I created hbctool for helping any pentester to test the Hermes bytecode.(Now only support Hermes Bytecode version 74).

Hermes is an open-source JavaScript engine optimized for running React Native apps on Android. For many apps, enabling Hermes will result in improved start-up time, decreased memory usage, and smaller app size. At this time Hermes is an opt-in React Native feature, and this guide explains how to enable it.

Special thanks to ErbaZZ and Jusmistic for helping me research and develop this tool.

Screenshot

hbctool Example

This video with MP4 format can be found at /image/hbctool_example.mp4.

Installation

To install hbctool, simply use pip:

pip install hbctool

Usage

Please run hbctool --help to show the usage.

hbctool --help   
A command-line interface for disassembling and assembling
the Hermes Bytecode.

Usage:
    hbctool disasm <HBC_FILE> <HASM_PATH>
    hbctool asm <HASM_PATH> <HBC_FILE>
    hbctool --help
    hbctool --version

Operation:
    disasm              Disassemble Hermes Bytecode
    asm                 Assemble Hermes Bytecode

Args:
    HBC_FILE            Target HBC file
    HASM_PATH           Target HASM directory path

Options:
    --version           Show hbctool version
    --help              Show hbctool help manual

Examples:
    hbctool disasm index.android.bundle test_hasm
    hbctool asm test_hasm index.android.bundle

For Android, the HBC file normally locates at assets directory with index.android.bundle filename.

Support

hbctool currently supports only Hermes Bytecode version 74.

Contribution

Feel free to create an issue or submit the merge request. Anyway you want to contribute this project. I'm very happy about it.

However, please run the unit test before submiting the pull request.

cd hbctool
python test.py

I use poetry to build this tool. To build it yourself, simply execute:

poetry install

Next Step

  • Add the other Hermes bytecode versions
  • Create a class abstraction
  • Support overflow patching
  • Do all TODO, NOTE, FIXME in source code
Owner
Pongsakorn Sommalai
IT Security Consultant, OSCE, Pentest+
Pongsakorn Sommalai
GitHub Repository
Python wrapper for Xeno-canto API 2.0. Enables downloading bird data with one command line

Python wrapper for Xeno-canto API 2.0. Enables downloading bird data with one command line. Supports multithreading

_zza 9 Dec 10, 2022
A Python API for Connected 2

connected API for Connected 2 api for the { connected 2 } programmer : api report api follow api check username api forget password api Search api cha

2 Jun 05, 2022
Kali Kush - Account Nuker Tool

Kali Kush - Account Nuker Tool This is a discord tool made by me, and SSL :) antho#1731 How to use? pip3 install -r requirements.txt -py kalikush.py -

ryan 3 Dec 21, 2021
a small cli to generate AWS Well Architected Reports on the road

well-architected-review This repo intends to publish some scripts related to Well Architected Reviews. war.py extracts in txt & xlsx files all the WAR

4 Mar 18, 2022
A Python Library to interface with Flickr REST API, OAuth & JSON Responses

Python-Flickr Python-Flickr is A Python library to interface with Flickr REST API & OAuth Features Photo Uploading Retrieve user information Common Fl

Mike Helmick 40 Sep 25, 2021
Dados Públicos de CNPJ disponibilizados pela Receita Federal do Brasil

Dados Públicos CNPJ Fonte oficial da Receita Federal do Brasil, aqui. Layout dos arquivos, aqui. A Receita Federal do Brasil disponibiliza bases com o

Aphonso Henrique do Amaral Rafael 102 Dec 28, 2022
Status-embed - Cool open source profile embed for Discord

Current Status : Incomplete Status Embed Status Embed is an awesome open source

Ritabrata Das 2 Feb 17, 2022
Python script to extract all Humble Bundle keys and redeem them on Steam automagically.

humble-steam-key-redeemer Python script to extract all Humble keys and redeem them on Steam automagically. This is primarily designed to be a set-it-a

74 Jan 08, 2023
The Python SDK for the Rackspace Cloud

pyrax Python SDK for OpenStack/Rackspace APIs DEPRECATED: Pyrax is no longer being developed or supported. See openstacksdk and the rackspacesdk plugi

PyContribs 238 Sep 21, 2022
GitHub Usage Report

github-analytics from github_analytics import analyze pr_analysis = analyze.PRAnalyzer( "organization/repo", "organization", "team-name",

Shrivu Shankar 1 Oct 26, 2021
A python script that can send notifications to your phone via SMS text

Discord SMS Notification A python script that help you send text message to your phone one of your desire discord channel have a new message. The proj

2 Apr 25, 2022
A modular Telegram group management bot running with Python based on Pyrogram.

A modular Telegram group management bot running with Python based on Pyrogram.

Jefanya Efandchris 1 Nov 14, 2022
Python API wrapper library for Convex Value API

convex-value-python Python API wrapper library for Convex Value API. Further Links: Convex Value homepage @ConvexValue on Twitter JB on Twitter Authen

Aaron DeVera 2 May 11, 2022
WebCash is an experimental new electronic cash ("e-cash") that enables decentralized and instant payments to anyone

Webcash WebCash is an experimental new electronic cash ("e-cash") that enables decentralized and instant payments to anyone, anywhere in the world. Us

Bryan Bishop 24 Dec 11, 2022
Many discord bots serving different purposes

Discord_Botlari Farklı amaçlara hizmet eden bir çok discord botu En kapsamlı Bot Game Bottur. bir oyun botudur discord sunucularında kullanılır. (tüm

1 Dec 21, 2021
Develop and deploy applications with the Ionburst Cloud Python SDK.

Ionburst SDK for Python The Ionburst SDK for Python enables developers to easily integrate with Ionburst Cloud, building in ultra-secure and private o

Ionburst Cloud 3 Mar 06, 2022
Battle.net and PlayStation title watcher that reports updates via Discord.

Renovate Renovate is a Battle.net and PlayStation title watcher that reports updates via Discord. Usage Open config_example.json and provide the confi

Ethan 1 Nov 23, 2022
Louis Manager Bot With Python

✨ Natsuki ✨ Are You Okay Baby I'm Natsuki Unmaintained. The new repo of @TheNatsukiBot is public. ⚡ (It is no longer based on this source code. The co

Team MasterXBots 1 Nov 07, 2021
Grape - A webbrowser with its own Search Engine

Grape 🔎 A Web Browser made entirely in python. Search Engine 🔎 Installation: F

Grape 2 Sep 06, 2022
Python Wrapper for handling payment requests through the Daraja MPESA API

Python Daraja Description Python Wrapper for handling payment requests through the Daraja MPESA API Contribution Refer to the CONTRIBUTING GUIDE. Usag

William Otieno 18 Dec 14, 2022