Skip to content

Commit

Permalink
[TOOL] Adding hermes-dec as a general tool for React Native static an…
Browse files Browse the repository at this point in the history 
…alysis (#2798)

* Closes issue  #2794

adding writeup for hermes-dec tool, closes issue  #2794

I just picked 42 as the tool number because I wasn't sure how the number scheme works, feel free to change.

* Update and rename MASTG-TOOL-0042.md to MASTG-TOOL-0104.md

incorporating feedback from reviewers, thanks for the input!

* Apply markdown lint fixes

* Apply suggestions from code review

thanks for the review, should be all set now

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>

* Update tools/generic/MASTG-TOOL-0104.md

Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be>

---------

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be>
  • Loading branch information
@saulpanders @cpholguera @TheDauntless
3 people committed Jul 16, 2024
1 parent 7fb0069 commit 9232de2
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions tools/generic/MASTG-TOOL-0104.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
title: hermes-dec
platform: generic
source: https://github.com/P1sec/hermes-dec/
---

[Hermes-dec](https://github.com/P1sec/hermes-dec/) is a tool for reverse-engineering compiled [hermes](https://reactnative.dev/docs/hermes) bytecode for both Android and iOS apps. It supports decompilation and disassembly of [Hermes VM bytecode (HBC)](https://lucasbaizer2.github.io/hasmer/hasm/instruction-docs/hbc86.html) format, typically seen in apps developed in [React Native](https://reactnative.dev/).

If you encounter either of the following files during static analysis, hermes-dec provides a way to recover a legible version of the file's contents:

- index.android.bundle
- main.jsbundle

Use `file` to check the type and confirm you are dealing with actual Hermes bytecode:

```bash
$ file main.jsbundle
main.jsbundle: Hermes JavaScript bytecode, version 90
```
If instead you see that it's a plain text file, it can be opened with any text editor and hermes-dec isn't needed:

```bash
$ file main.jsbundle
main.jsbundle: Unicode text, UTF-8 text
```

You can try using hermes-dec in situations where you are doing static analysis on a React Native mobile app, and [react-native-decompiler](https://github.com/numandev1/react-native-decompiler) fails.


0 comments on commit 9232de2

Please sign in to comment.