Question on Dalvik Execution

[GanbaruTobi]

Hi,

the readme states:

"radius2 can execute Dalvik bytecode only involving static methods and variables."

Is this also given for a PCode representation? And what about odex elf binaries?

As r2frida is working on debugging capabilities, could this be used to have a concrete state for the symbolic execution to start and might help radius on execution of dalvik code? See nowsecure/r2frida#284

[aemmitt-ns]

radius2 can execute a limited subset of dalvik instructions. basically if it involves any object creation or non-static method then it wont work. also there is no ESIL translation of the CPOOLREF pcode instruction so dalvik will not fully work there either. However you can create a state with r2frida using Radius::frida_state in rust or using radius2 -p frida://... -a 0xcafebabe this will place a frida hook at the address 0xcafebabe and start symbolic execution once this hook is hit, reading the real register and memory values from the program. an example is in examples/frida . So it i possible to hook the odex code and symbolically execute those native instructions.

[aemmitt-ns]

sorry i didn't see this sooner

[aemmitt-ns]

I am gonna close this issue since it is a subset of what is discussed in your other issue