Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)

Related tags

Third-party APIs Wrappersreact-nativereverse-engineeringjavascript-enginehermes-enginehermes-bytecode
Overview

hbctool

Python 3.x PyPI version Software License

A command-line interface for disassembling and assembling the Hermes Bytecode.

Since the React Native team created their own JavaScript engine (named Hermes) for running the React Native application, the JavaScript source code is often compiled to the Hermes bytecode. In the penetration test project, I found that some React Native applications have already been migrated to the Hermes engine. It is really head for me to analyze or patch those applications. Therefore, I created hbctool for helping any pentester to test the Hermes bytecode.(Now only support Hermes Bytecode version 74).

Hermes is an open-source JavaScript engine optimized for running React Native apps on Android. For many apps, enabling Hermes will result in improved start-up time, decreased memory usage, and smaller app size. At this time Hermes is an opt-in React Native feature, and this guide explains how to enable it.

Special thanks to ErbaZZ and Jusmistic for helping me research and develop this tool.

Screenshot

hbctool Example

This video with MP4 format can be found at /image/hbctool_example.mp4.

Installation

To install hbctool, simply use pip:

pip install hbctool

Usage

Please run hbctool --help to show the usage.

hbctool --help   
A command-line interface for disassembling and assembling
the Hermes Bytecode.

Usage:
    hbctool disasm <HBC_FILE> <HASM_PATH>
    hbctool asm <HASM_PATH> <HBC_FILE>
    hbctool --help
    hbctool --version

Operation:
    disasm              Disassemble Hermes Bytecode
    asm                 Assemble Hermes Bytecode

Args:
    HBC_FILE            Target HBC file
    HASM_PATH           Target HASM directory path

Options:
    --version           Show hbctool version
    --help              Show hbctool help manual

Examples:
    hbctool disasm index.android.bundle test_hasm
    hbctool asm test_hasm index.android.bundle

For Android, the HBC file normally locates at assets directory with index.android.bundle filename.

Support

hbctool currently supports only Hermes Bytecode version 74.

Contribution

Feel free to create an issue or submit the merge request. Anyway you want to contribute this project. I'm very happy about it.

However, please run the unit test before submiting the pull request.

cd hbctool
python test.py

I use poetry to build this tool. To build it yourself, simply execute:

poetry install

Next Step

  • Add the other Hermes bytecode versions
  • Create a class abstraction
  • Support overflow patching
  • Do all TODO, NOTE, FIXME in source code
Owner
Pongsakorn Sommalai
IT Security Consultant, OSCE, Pentest+
Pongsakorn Sommalai
GitHub Repository
wrapper for facebook messenger

pyfacebook pyfacebook library for python. Requirements common Help Got a question? File a GitHub issue. Contributing Bug Reports & Feature Requests Pl

Luis Mayta 3 Nov 12, 2021
A Telegram AntiChannel bot to ban users who using channel to send message in group

Anti-Channel-bot A Telegram AntiChannel bot to ban users who using channel to send message in group. BOT LINK: Features: Automatic ban Whitelist Unban

Jigar varma 36 Oct 21, 2022
A minimal open source mtg-like tcg game made in python that can be played on a terminal emulator using a keyboard.

TCG-TERM Project state: ๐Ÿ”ง ๐Ÿšง ๐Ÿšง ๐Ÿšง Incomplete, In development ๐Ÿšง ๐Ÿšง ๐Ÿšง ๐Ÿ‘ท (Keep in mind that at the moment, This project is currently undone, and wil

Amos 3 Aug 29, 2021
A Telegram bot that can stream Telegram files to users over HTTP

AK-FILE-TO-LINK-BOT A Telegram bot that can stream Telegram files to users over HTTP. Setup Install dependencies (see requirements.txt), configure env

3 Dec 29, 2021
Python based Discord Bot with a simple music player

C32 Discord Bot Discord bot that plays music Table Of Contents About the Project Built With Acknowledgements About The Project Play music using the !p

Christopher Burwell 2 Oct 17, 2021
Companion "receiver" to matrix-appservice-webhooks for [matrix].

Matrix Webhook Receiver Companion "receiver" to matrix-appservice-webhooks for [matrix]. The purpose of this app is to listen for generic webhook mess

Kim Brose 13 Sep 29, 2022
This program is an automated trading bot that uses TDAmeritrades Thinkorswim trading platform's scanners and alerts system.

Python Trading Bot w/ Thinkorswim Description This program is an automated trading bot that uses TDAmeritrades Thinkorswim trading platform's scanners

Trey Thomas 201 Jan 03, 2023
multi-purpose discord bot

virus multi-purpose discord bot โš ๏ธ WARNING This project is incomplete and may not work as expected. Download & Run Install Python =3.10 Clone the sou

miten 2 Jan 17, 2022
Debugging with Stack Overflow: Web Search Behavior in Novice and Expert Programmers

Debugging with Stack Overflow: ICSE SEET, 2022 This is the GitHub repository associated with the 2022 ICSE SEET paper, Debugging with Stack Overflow:

Madeline Endres 1 Jan 31, 2022
Versatile async-friendly library to retry failed operations with configurable backoff strategies

riprova riprova (meaning retry in Italian) is a small, general-purpose and versatile Python library that provides retry mechanisms with multiple backo

Tom 108 Apr 27, 2022
A tool for transferring server variable values from one intersect gamedata.db to another

Server Variable Transfer Tool Purpose This tool exists for use with the Intersect Engine (Ascension Game Dev GitHub). Its purpose is to UPDATE one sql

AVild 2 Oct 27, 2021
Tools to help record data from Qiskit jobs

archiver4qiskit Tools to help record data from Qiskit jobs. Install with pip install git+https://github.com/NCCR-SPIN/archiver4qiskit.git Import the

0 Dec 10, 2021
Python Tool To Get The Date That Your Account Joined Instagram

Date-Joined-Insta Python Tool To Get The Date That Your Account Joined Instagram You Dont Need To Login Just Enter The UserName If Id Did Not Work Ins

A B D U L L A H . 1 Dec 21, 2021
Stream Telegram files to web

Telegram File Stream Bot A Telegram bot to stream files to web Demo Bot ยป Report a Bug | Request Feature Table of Contents About this Bot Original Rep

Wrench 572 Jan 09, 2023
An script where it logs in your instagram account and follows people and likes their posts

InstaFollower An script where it logs in your instagram account and follows people and likes their posts (uses the tags to fetch people) Requirements:

Bless 3 Nov 29, 2022
CnCL - CnCLess it's an Easy to deploy Botnet without CnC/C2

CnCL CnCLess it's an Easy to deploy Botnet without CnC/C2, Harder to track and t

ZSendokame 2 Jan 10, 2022
This bot plays the most recent video from the Daily Silksong News Youtube Channel whenever a specific user enters voice chat once a day.

Do you have that one friend that really likes Hollow Knight. Are they waiting for Silksong to come out? Heckle them with this Discord bot.

Tommy Rousey 2 Feb 09, 2022
A Bot to Track Kernel Upstreams from kernel.org and Post it on Telegram Channel

Channel Kernel Tracker is the channel where the bot will be sending the updates in. Introduction This is a Telegram Bot to Track Kernel Upstreams kern

Kartikeya Hegde 3 Oct 05, 2021
API which returns cusswords , can be used to check cusswords in bots etc.

Anti-abuse-api-flask API which returns cusswords , can be used to check cusswords in bots etc. Run pip install -r requirements.txt py app.py API Endpo

8 Jan 03, 2023
42-event-notifier - 42 Event notifier using 42API and Github Actions

42 Event Notifier 42์„œ์šธ Agenda์— ์ƒˆ๋กœ์šด ์ด๋ฒคํŠธ๊ฐ€ ๋“ฑ๋ก๋˜๋ฉด ์•Œ๋ ค๋“œ๋ฆฝ๋‹ˆ๋‹ค! ํ˜„์žฌ๋Š” Github Issue๋กœ ๋“ฑ๋ก๋˜๋ฏ€๋กœ ์ƒ๋‹จ

6 May 16, 2022