MMKV
dex2jar
MMKV | dex2jar | |
---|---|---|
5 | 5 | |
16,870 | 11,875 | |
0.9% | - | |
9.4 | 5.0 | |
4 days ago | 25 days ago | |
C++ | Java | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MMKV
-
Understanding security in React Native applications
react-native-mmkv is a wrapper around MMKV that allows you to easily implement secure storage in your app. It is arguably the fastest key-value storage for React Native apps
-
TOP 6 React Native libraries with native performance ⚡️
This library uses MMKV key-value storage and JSI to communicate between the JS side and the native side very quickly and synchronously. It is a suitable replacement for slow AsyncStorage. Follow this guide to migrate from AsyncStorage and get 30x faster on read and write operations in your app.
-
MMKV Visualizer - simple visualizer for mobile forensicators
For those unfamiliar with MMKV, here's a link to their GitHub - https://github.com/Tencent/MMKV. Used in many mobile applications, such as Discord.
-
React Native SWR Persistent Cache with MMKV
SWR library works great with React Native. By default, SWR library uses global cache store, but you will lose your cache when you reload your app. Here is a super-easy way to sync SWR cache with MMKV.
-
Getting Started with React Native JSI Modules
This library aims to provide a fast & reliable solution for you data storage needs in react-native apps. It uses MMKV by Tencent under the hood on Android and iOS both that is used by their WeChat app(more than 1 Billion users). Unlike other storage solutions for React Native, this library lets you store any kind of data type, in any number of database instances, with or without encryption in a very fast and efficient way. Read about it on this blog post I wrote on dev.to
dex2jar
-
Understanding security in React Native applications
App tampering and repackaging can be performed by using reverse engineering or tampering tools, such as Apktool, dex2jar, etc.
-
What Happens When Your Phone Is Spying on You
A week ago I purchased a bluetooth device that takes some measurements. You require an Android or iOS application. The first thing the iOS app did was request permission for your location. Immediate fired up MITMproxy [1] running in transparent `--mode wireguard` and installed it's certificate in the iOS trust store. It was sending a whole bunch of data to China and HK. Since I don't have a jailbroken iPhone, it's off to Android.
For BLE scanning, Android does require permissions for location, but this application is using a Chinese branded tracking SDK and sending encrypted (within already encrypted TLS). So it's time to start reversing and instrumenting the runtime.
Well - not so easy, they used a commercial packer that encrypts their compiled bytecode and decrypts and runs it within a C++ library. I managed to bull the Dalvik out of memory using Frida[2], covert it to java bytecode with dex2jar[3] then into decompiled java with jadx [3].
Since the developer relied on the packer to hide/obfuscate their software, it's quite easy to follow. The libraries that do the location tracking on the otherhand are obfuscated so now I'm at the stage of identifying where to hook before the encrypted blobs are sent to servers in China.
I've sunk about 8 hours into this so far. The message here is that to understand what some applications on your phone does you need to really invest time and effort. The developers increase the cost to the consumer to know what their application is doing by obfuscation, encryption and packing. It's asymmetric.
[1] https://mitmproxy.org/posts/wireguard-mode/
[2] https://frida.re/docs/android/
[3] https://github.com/skylot/jadx
[3] https://github.com/pxb1988/dex2jar
-
Reverse Engineering Tools in 2022
I think they forgot to google translate the disadvantages of JEB Decompiler
I haven't used JEB to comment, but I've gotten a lot of mileage out of https://github.com/pxb1988/dex2jar#readme and then feed the normal Java jars it produces into https://github.com/mstrobel/procyon#readme and (of course) one shouldn't overlook picking your favorite tool for dealing with AndroidManifest.xml which often has fun things hiding in it
While digging up those links, I was reminded that some folks enjoy https://github.com/Konloch/bytecode-viewer#is-there-a-demo because it can be easier to "try out" a few of the decompilation engines, but I don't use it because it's hard to do batch things with it, versus dex2jar into procyon is automation friendly
- The Code the FBI Used to Wiretap the World
-
Decompilers for android
Take a look at apktool: https://ibotpeaches.github.io/Apktool/ and dex2jar: https://github.com/pxb1988/dex2jar
What are some alternatives?
Realm - Realm is a mobile database: a replacement for Core Data & SQLite
Apktool - A tool for reverse engineering Android apk files
SQLite.swift - A type-safe, Swift-language layer over SQLite3.
comm - Comm is the working name of this open source messaging project.
ObjectBox embedded database - Swift database - fast, simple and lightweight (iOS, macOS)
vineflower - Modern Java decompiler aiming to be as accurate as possible, with an emphasis on output quality. Fork of the Fernflower decompiler.
SQLite - A stand-alone Swift wrapper around the SQLite 3 client library.
ricochet - Anonymous peer-to-peer instant messaging
WCDB - WCDB is a cross-platform database framework developed by WeChat.
Recaf - The modern Java bytecode editor
UserDefaults - Simple, Strongly Typed UserDefaults for iOS, macOS and tvOS
procyon - Procyon java decompiler - Procyon is a binary star system in Canis Minor