Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)

Related tags

Third-party APIs Wrappersreact-nativereverse-engineeringjavascript-enginehermes-enginehermes-bytecode
Overview

hbctool

Python 3.x PyPI version Software License

A command-line interface for disassembling and assembling the Hermes Bytecode.

Since the React Native team created their own JavaScript engine (named Hermes) for running the React Native application, the JavaScript source code is often compiled to the Hermes bytecode. In the penetration test project, I found that some React Native applications have already been migrated to the Hermes engine. It is really head for me to analyze or patch those applications. Therefore, I created hbctool for helping any pentester to test the Hermes bytecode.(Now only support Hermes Bytecode version 74).

Hermes is an open-source JavaScript engine optimized for running React Native apps on Android. For many apps, enabling Hermes will result in improved start-up time, decreased memory usage, and smaller app size. At this time Hermes is an opt-in React Native feature, and this guide explains how to enable it.

Special thanks to ErbaZZ and Jusmistic for helping me research and develop this tool.

Screenshot

hbctool Example

This video with MP4 format can be found at /image/hbctool_example.mp4.

Installation

To install hbctool, simply use pip:

pip install hbctool

Usage

Please run hbctool --help to show the usage.

hbctool --help   
A command-line interface for disassembling and assembling
the Hermes Bytecode.

Usage:
    hbctool disasm <HBC_FILE> <HASM_PATH>
    hbctool asm <HASM_PATH> <HBC_FILE>
    hbctool --help
    hbctool --version

Operation:
    disasm              Disassemble Hermes Bytecode
    asm                 Assemble Hermes Bytecode

Args:
    HBC_FILE            Target HBC file
    HASM_PATH           Target HASM directory path

Options:
    --version           Show hbctool version
    --help              Show hbctool help manual

Examples:
    hbctool disasm index.android.bundle test_hasm
    hbctool asm test_hasm index.android.bundle

For Android, the HBC file normally locates at assets directory with index.android.bundle filename.

Support

hbctool currently supports only Hermes Bytecode version 74.

Contribution

Feel free to create an issue or submit the merge request. Anyway you want to contribute this project. I'm very happy about it.

However, please run the unit test before submiting the pull request.

cd hbctool
python test.py

I use poetry to build this tool. To build it yourself, simply execute:

poetry install

Next Step

  • Add the other Hermes bytecode versions
  • Create a class abstraction
  • Support overflow patching
  • Do all TODO, NOTE, FIXME in source code
Owner
Pongsakorn Sommalai
IT Security Consultant, OSCE, Pentest+
Pongsakorn Sommalai
GitHub Repository
Most Advance Trading Bot Support Windows Linux Mac

GUI Pancakeswap 2 and Uniswap 3 SNIPER BOT πŸ† πŸ₯‡ (MOST ADVANCE TRADING BOT SUPPORT WINDOWS LINUX MAC) (AUTO BUY TOKEN ON LAUNCH AFTER ADD LIQUIDITY) S

1 Dec 26, 2021
Automatically Forward files from groups to channel & FSub

Backup & ForceSub Automatically Forward files from groups to channel & Do force sub on members Variables API_ID : Get from my.telegram.org API_HASH :

Arunkumar Shibu 7 Nov 06, 2022
This is a crypto trading bot that scans the Binance Annoucements page for new coins, and places trades on Gateio

gateio-trading-bot-binance-announcements This Gateio x Binance cryptocurrency trading bot scans the Binance Announcements page and picks up on new coi

Andrei 1.2k Jan 01, 2023
🐍 Mnemonic code for generating deterministic keys, BIP39

python-mnemonic 🐍 Mnemonic code for generating deterministic keys, BIP39 Installation To install this library and its dependencies use: pip install m

9 Dec 22, 2022
Group Management Bot

❀️ π—¦π—›π—”π——π—œπ—¬π—’ ❀️ A Powerful, Smart And Advance Group Manager ... Written with AioGram , Pyrogram and Telethon... ⭐️ Thanks to everyone who starred

Abdisamad Omar Mohamed 4 Dec 01, 2021
Estudo de como criar uma api para o gerenciamento de livros usando a django restframework

Boa parte do projeto foi beaseado nesse vΓ­deo e nesse artigo. Se assim como eu, vocΓͺ entrou agora no mundo BackEnd, recomendo fortemente tais materiai

Michel Ledig 14 Jun 28, 2022
A multi purpose discord bot for python

Sypher The best multi purpose discord bot. Add Sypher right now Invite Me | Join

Johan Naizu 1 Dec 15, 2022
An advanced crypto trading bot written in Python

Jesse Jesse is an advanced crypto trading framework which aims to simplify researching and defining trading strategies. Why Jesse? In short, Jesse is

Jesse 4.4k Jan 09, 2023
A telegram bot that sends a meme a day, from reddit's top meme of the day

MemeBot A telegram bot that sends a meme a day, from reddit's top meme of the day You can use the bot either with an external scheduler (ex: pythonany

Michele Vitulli 1 Dec 13, 2021
Twitter-bot - A Simple Twitter bot with python

twitterbot To use this bot, You will require API Key and Access Key. Signup at h

Bentil Shadrack 8 Nov 18, 2022
Telegram bot for searching videos in your PDisk account by @AbirHasan2005

PDisk-Videos-Search A Telegram bot for searching videos in your PDisk account by @AbirHasan2005. Configs API_ID - Get from @TeleORG_Bot API_HASH - Get

Abir Hasan 39 Oct 21, 2022
Project template for using aws-cdk, Chalice and React in concert, including RDS Postgresql and AWS Cognito

What is This? This repository is an opinonated project template for using aws-cdk, Chalice and React in concert. Where aws-cdk and Chalice are in Pyth

Rasmus Jones 4 Nov 07, 2022
A full-featured Python wrapper for the Onfleet API.

UPDATE: Please use Onfleet's wrapper instead. This repository is not maintained. https://github.com/onfleet/pyonfleet --- Python-Onfleet   python-onfl

Lionheart Software 11 Jan 13, 2022
Pycardano - A lightweight Cardano client in Python

PyCardano PyCardano is a standalone Cardano client written in Python. The librar

151 Dec 31, 2022
Deepl - DeepL Free API For Python

DeepL DeepL Free API Notice Since I don't want to make my AuthKey public, if you

Vincent Young 4 Apr 11, 2022
A Telegram bot that add a dynamic caption to musics

Music Channel Manager A Telegram bot that add a dynamic caption to musics Deploy to Heroku What is it ? It manage your music channel. With just adding

13 Oct 18, 2022
A robust, low-level connector for the Discord API

Bauxite Bauxite is a robust, low-level connector for the Discord API. What is Bauxite for? Bauxite is made for two main purposes: Creating higher-leve

1 Dec 04, 2021
Secure Tunnel Manager

Making life easy of those who are in need of OpenSource alternative of AWS Secure Tunnel.

Suyash Chavan 1 Sep 27, 2022
Visual Weather api. Returns beautiful pictures with the current weather.

VWapi Visual Weather api. Returns beautiful pictures with the current weather. Installation: sudo apt update -y && sudo apt upgrade -y sudo apt instal

Hotaru 33 Nov 13, 2022
An API wrapper around Discord API.

NeoCord This project is work in progress not for production use. An asynchronous API wrapper around Discord API written in Python. Features Modern API

Izhar Ahmad 14 Jan 03, 2022