Reversing React Native mobile application
React native allow developers to create Android and iOS application from javascript/typescript languages. In this post, we’ll see how to decompile React Native mobile application.
With latest versions, React Native uses a new javascript engine called Hermes. Applications are now optimized by compiling javascript into bytecode.
Hermes is :
- available for Android since React Native v0.60.4 (Jul 2019)
- available for iOS since React Native v0.64 (Mar 2021)
- used by default since React Native 0.70.0 (Sep 2022)
Before Hermes engine, you could retrieve javascript code. This is not possible anymore but we will see how to decompile Hermes bytecode.
Decompile Android application
Get the .apk of your application after building it with Android Studio or by pulling it from your Android device:
adb shell
pm list packages
pm path <package>
exit
adb pull <package path> <local path>
Once you have your .apk file, decompress archive with any unzipping tool.
7z x application.apk
Note that .apk is a renamed .zip archive.
Jump into the uncompressed folder, you will find a bundle file in assets folder:
l assets/index.android.bundle
-rw-r--r-- 1 user staff 6.9M Jan 1 1981 assets/index.android.bundle
This file contains the React Native application code. As I said in introduction, it’s Hermes bytecode, not a javascript readable file.
file assets/index.android.bundle
assets/index.android.bundle: Hermes JavaScript bytecode, version 90
Decompile Hermes bytecode
Now that we have Hermes bytecode, we have to disassemble it.
First, have a look to the Hermes bytecode version. You’ll have to use a decompiler that support this version.
Two decompilers are available:
At the time, only the first one support bytecode version 90, so I’ll use it.
# Install hermes-dec
pip install --upgrade git+https://github.com/P1sec/hermes-dec
Finally, we can use decompiler command to retrieve information from original source code:
# View strings and functions name
hbc-file-parser assets/index.android.bundle
# Disassemble bytecode
hbc-disassembler assets/index.android.bundle
# Decompile into pseudo-code
hbc-decompiler assets/index.android.bundle
Enjoy your analysis!