Releasing hermes-dec, an open-source disassembler and decompiler for the React Native Hermes bytecode
Mobile operators are distributing more and more Android and iOS applications in order to interface with their APIs and provide enhanced services to their subscribers. The need for P1 Security to reverse engineer mobile platform-targeted applications in the context of black-box security audits, as well as the global lack of effective tools regarding reverse engineering React Native-based applications, led us to develop hermes-dec.
P1 Security is publishing the initial release of hermes-dec, a new tool for reverse engineering React Native mobile applications for Android and iOS embedding a JS bundle compiled within the bytecode language of the Hermes virtual machine.
Hermes bytecode files can be recognized by the libmagic library on Linux, which means that the type of the corresponding files can be identified using the “file” command-line utility:
The hermes-dec tool released by P1 Security allows to disassemble the Hermes bytecode, with the intent to be compatible will all public version of the Hermes virtual machines (from 0.1.0 to the current 0.12.0, or bytecode version 89, at the time of writing, end of 2022). Other tools such as the hbctool utility support a more restricted set of versions of the Hermes bytecode, and the hbcdump tool present in the Hermes source tree supports the exact version of the Hermes virtual machine it was built for.
It was developed considering the need for P1 Security to often reverse engineer mobile platform-targeted applications in the context of black-box security audits, as well as the global lack of effective tools regarding reverse engineering React Native-based applications.
Currently, hermes-dec should be able to decode the whole Hermes VM instruction set and to produce a single decompiled bundle file with nested closures (as the pre-binary compilation code step is).
- It outputs jump instructions and