Find entry point android Application

[dragongt501]

Hi, bro. Can you tell me?
How to find entrypoint Android application?

[hacksysteam]

Hi @dragongt501 entrypoint is the name of the function which will be executed after injecting the shared object.

You can use readelf, nm, or objdump to list the symbols and figure out which function you want to call after loading the shared object.

$ readelf -s ./libagent-x86_64.so                                 

Symbol table '.dynsym' contains 6 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __cxa_atexit@LIBC (2)
     2: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __cxa_finalize@LIBC (2)
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __register_atfork@LIBC (2)
     4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND puts@LIBC (2)
     5: 00000000000016d0    12 FUNC    GLOBAL DEFAULT   13 entrypoint

$ objdump -TC ./libagent-x86_64.so                                              

./libagent-x86_64.so:     file format elf64-x86-64

DYNAMIC SYMBOL TABLE:
0000000000000000      DF *UND*	0000000000000000  LIBC        __cxa_atexit
0000000000000000      DF *UND*	0000000000000000  LIBC        __cxa_finalize
0000000000000000      DF *UND*	0000000000000000  LIBC        __register_atfork
0000000000000000      DF *UND*	0000000000000000  LIBC        puts
00000000000016d0 g    DF .text	000000000000000c  Base        entrypoint

$ nm -gD ./libagent-x86_64.so  
                 U __cxa_atexit
                 U __cxa_finalize
00000000000016d0 T entrypoint
                 U puts
                 U __register_atfork

For this case, entrypoint is the function we want to call after loading the shared object.