Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)

Last update: Jan 03, 2023

Overview

hbctool

A command-line interface for disassembling and assembling the Hermes Bytecode.

Since the React Native team created their own JavaScript engine (named Hermes) for running the React Native application, the JavaScript source code is often compiled to the Hermes bytecode. In the penetration test project, I found that some React Native applications have already been migrated to the Hermes engine. It is really head for me to analyze or patch those applications. Therefore, I created hbctool for helping any pentester to test the Hermes bytecode.(Now only support Hermes Bytecode version 74).

Hermes is an open-source JavaScript engine optimized for running React Native apps on Android. For many apps, enabling Hermes will result in improved start-up time, decreased memory usage, and smaller app size. At this time Hermes is an opt-in React Native feature, and this guide explains how to enable it.

Special thanks to ErbaZZ and Jusmistic for helping me research and develop this tool.

Screenshot

This video with MP4 format can be found at /image/hbctool_example.mp4.

Installation

To install hbctool, simply use pip:

pip install hbctool

Usage

Please run hbctool --help to show the usage.

hbctool --help   
A command-line interface for disassembling and assembling
the Hermes Bytecode.

Usage:
    hbctool disasm <HBC_FILE> <HASM_PATH>
    hbctool asm <HASM_PATH> <HBC_FILE>
    hbctool --help
    hbctool --version

Operation:
    disasm              Disassemble Hermes Bytecode
    asm                 Assemble Hermes Bytecode

Args:
    HBC_FILE            Target HBC file
    HASM_PATH           Target HASM directory path

Options:
    --version           Show hbctool version
    --help              Show hbctool help manual

Examples:
    hbctool disasm index.android.bundle test_hasm
    hbctool asm test_hasm index.android.bundle

For Android, the HBC file normally locates at assets directory with index.android.bundle filename.

Support

hbctool currently supports only Hermes Bytecode version 74.

Contribution

Feel free to create an issue or submit the merge request. Anyway you want to contribute this project. I'm very happy about it.

However, please run the unit test before submiting the pull request.

cd hbctool
python test.py

I use poetry to build this tool. To build it yourself, simply execute:

poetry install

Next Step

Add the other Hermes bytecode versions
Create a class abstraction
Support overflow patching
Do all TODO, NOTE, FIXME in source code

Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)

Related tags

Overview

hbctool

Screenshot

Installation

Usage

Support

Contribution

Next Step

Owner

Pongsakorn Sommalai

A Discord bot made by QwertyIsCoding

Powerful Telegram userbot to turn your PROFILE PICTURE & LAST NAME into a real time clock & to change your BIO automatically.

Luna Rush Auto Clicker Bot

PlexAutoSkip - Automatically skip content in Plex

You can submit any PR and have SWAGS. Happy Hacktoberfest !

Some python code to make twitter bots ;)

This repository contains free labs for setting up an entire workflow and DevOps environment from a real-world perspective in AWS

A basic implementation of the Battlesnake API in Python

🐙 Share your Github stats for 2020 on Twitter

Starlink Order Status Notification

Microservice to extract structured information on EVM smart contracts.

Automatically deploy freqtrade to a remote Docker host and auto update strategies.

A powerfull SMS Bomber for Bangladesh . NO limite .Unlimited SMS Spaming

Telegram Link Wayback Bot. This bot archives a web page thrown at itself with wayback Machine (Archive.org).

A simple, multipurpose Discord bot.

Feedback-TelegramBot is a resemblance bot which can be deployed on server

Unlimited Filter Bot

Kali Kush - Account Nuker Tool

TonplaceApi - Ton.place api wrapper

Python wrapper for JeyyAPI