https://blazskufca.com/tags/ghidra/Recent content in Ghidra on Blaž ŠkufcaHugoen-usSat, 10 Jan 2026 00:00:00 +0000https://blazskufca.com/projects/bypassing-jni-security-on-android/Sat, 10 Jan 2026 00:00:00 +0000https://blazskufca.com/projects/bypassing-jni-security-on-android/<h2 id="the-challenge-moving-beyond-bytecode">The Challenge: Moving Beyond Bytecode</h2> <p>In the world of Android security, most research revolves around the <a href="https://en.wikipedia.org/wiki/Java_virtual_machine">JVM</a> layer. We’re used to patching <a href="https://source.android.com/docs/core/runtime/dex-format"><code>.dex</code></a> files using <a href="https://payatu.com/blog/an-introduction-to-smali/">Smali</a> or leveraging automated frameworks like <a href="https://github.com/revanced/revanced-patcher">ReVanced</a>.</p> <p>It’s a comfortable space, but developers are increasingly moving the &ldquo;crown jewels&rdquo; out of reach.</p> <p><em><strong>Sophisticated applications now bury their most critical logic—license verification, anti-tamper mechanisms, and complex obfuscation—inside Native Libraries (<a href="https://en.wikipedia.org/wiki/Shared_library"><code>.so</code> files</a>).</strong></em></p> <p><em><strong>By using the <a href="https://en.wikipedia.org/wiki/Java_Native_Interface">Java Native Interface (<code>JNI</code>)</a>, they move the security frontier from easily readable bytecode to compiled machine code.</strong></em></p>