Jump to content
Sign in to follow this  

Connect Android With IDA for LIB Debugging & Dynamic analysis

Recommended Posts

While lib files on android can be analysed statically very easily but dynamic lib debugging is also another option to get to know what is happening during runtime.

When static analysis may take up alot of time dynamic analysis is always a better option!

So how to debug libs?

lib files are not independent they need a running process to be debugged.

Let's Start:




Rooted Device

USB cable

Note: Enable usb debugging

And don't select Filetransfer mode select PTP mode otherwise device won't be listed by ADB

Google if you don't Know how to Connect  to PC using ADB


Load lib in IDA PRO first which is to be analysed.

Now connect your device to PC over ADB 

Go to IDA PRO installation directory and from folder dbgsrv copy file android_server to adb folder

And execute following commands:

adb devices  [To make sure device is connected ]

adb push android_server /local/data/tmp

adb shell


cd /data/local/tmp

ll [To Get list of files incurrent  directory]

chmod 755 android_server 


Minimizethe windows where android_server is running and open a new command prompt window and run following command:

adb forward tcp:23946 tcp:23946


select the "Remote ARM Linux/Android debugger", go into "ProcessOptions" in the debugger menu, and set the hostname to localhost.And port : 23946

Now Run the apk on your device from which this lib was extracted!

And In IDA go to:

Debugger menu Choose attach to process and from list of processes select the process of your apk.


Any correction and suggetion would be welcomed!


Edited by Un_Known

Share this post

Link to post
Share on other sites

Please post a guide on how to identify anticheat codes of libs.. And how to bypass them. Thanks 😉

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • By RevealedSoulEven
      local memFrom, memTo, lib, num, lim, results, src, ok = 0, -1, nil, 0, 32, {}, nil, false function name(n) if lib ~= n then lib = n local ranges = gg.getRangesList(lib) if #ranges == 0 then print("USE FREE FIRE BRO") gg.toast("USE FREE FIRE BRO") os.exit() else memFrom = ranges[1].start memTo = ranges[#ranges]["end"] end end end function hex2tbl(hex) local ret = {} hex:gsub("%S%S", function (ch) ret[#ret + 1] = ch return "" end) return ret end function original(orig) local tbl = hex2tbl(orig) local len = #tbl if len == 0 then return end local used = len if len > lim then used = lim end local s = '' for i = 1, used do if i ~= 1 then s = s..";" end local v = tbl[i] if v == "??" or v == "**" then v = "0~~0" end s = s..v.."r" end s = s.."::"..used gg.searchNumber(s, gg.TYPE_BYTE, false, gg.SIGN_EQUAL, memFrom, memTo) if len > used then for i = used + 1, len do local v = tbl[i] if v == "??" or v == "**" then v = 256 else v = ("0x"..v) + 0 if v > 127 then v = v - 256 end end tbl[i] = v end end local found = gg.getResultCount(); results = {} local count = 0 local checked = 0 while true do if checked >= found then break end local all = gg.getResults(8) local total = #all local start = checked if checked + used > total then break end for i, v in ipairs(all) do v.address = v.address + myoffset end gg.loadResults(all) while start < total do local good = true local offset = all[1 + start].address - 1 if used < len then local get = {} for i = lim + 1, len do get[i - lim] = {address = offset + i, flags = gg.TYPE_BYTE, value = 0} end get = gg.getValues(get) for i = lim + 1, len do local ch = tbl[i] if ch ~= 256 and get[i - lim].value ~= ch then good = false break end end end if good then count = count + 1 results[count] = offset checked = checked + used else local del = {} for i = 1, used do del[i] = all[i + start] end gg.removeResults(del) end start = start + used end end end function replaced(repl) num = num + 1 local tbl = hex2tbl(repl) if src ~= nil then local source = hex2tbl(src) for i, v in ipairs(tbl) do if v ~= "??" and v ~= "**" and v == source[i] then tbl[i] = "**" end end src = nil end local cnt = #tbl local set = {} local s = 0 for _, addr in ipairs(results) do for i, v in ipairs(tbl) do if v ~= "??" and v ~= "**" then s = s + 1 set[s] = { ["address"] = addr + i, ["value"] = v.."r", ["flags"] = gg.TYPE_BYTE, } end end end if s ~= 0 then gg.setValues(set) end ok = true end gg.clearResults() t = gg.getListItems() gg.removeListItems(t) function SE( libil2cpp = "13073.3740234375;9.219563e-41;3.6734241e-39;1.4012985e-45;4.8808683e-39::25" libunity = "13073.3740234375;9.219563e-41;3.6734241e-39;1.4012985e-45;7.286752e-44;2.7887936e-38::33"  
      This is a code usually Free Fire hackers(me too) use in their scripts.
      We use these functions to hack LIBIL2CPP.SO offsets.
      For example if we want to hack free fire gold then we take "get_userCoins();" offset from dump.cs using il2cppdumper.exe by Prefare and then use it like this
      gg.setRanges(gg.REGION_CODE_APP | gg.REGION_C_DATA) name("libil2cpp.so") myoffset = 0x.... --lib offset of original("7F 45 4C 46 01 01 01 00") replaced("68 00 A0 E3 1E FF 2F E1") gg.clearResults()  
      This way we hack it! The replaced hex will return 68 values of coins(maybe it's for client side and fake).
      @Enyby and @d2dyno please help me on finding these offsets from game guardian. Many of the hackers use GG to get offsets from libil2cpp.so
      Can anyone please tell me how to find hacks from this lib and find offsets from GG ?
    • By lwlo
      yesterday i was trying to test an script from a friend of the game duel links but everytimwe when try to link my account into the parallel cloned duel links it opens in the net the konami id login and when i put the page redirect to the original duel links instead to the cloned and for that i cant link my account into the cloned. rooting may be the way to go bcause i woul doesnt need to clone, pls someone help me
  • Create New...