{"id":22942501,"url":"https://github.com/justfoxing/jfx_bridge_jeb","last_synced_at":"2025-08-21T03:15:05.121Z","repository":{"id":62572349,"uuid":"263152255","full_name":"justfoxing/jfx_bridge_jeb","owner":"justfoxing","description":"Python 3 bridge to the JEB reverse engineering tool's Python environment","archived":false,"fork":false,"pushed_at":"2020-05-12T08:06:04.000Z","size":9,"stargazers_count":12,"open_issues_count":1,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-08-12T21:41:44.949Z","etag":null,"topics":["android","jeb","jeb-python","python3","reverse-engineering"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/justfoxing.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-11T20:34:39.000Z","updated_at":"2025-03-23T18:10:31.000Z","dependencies_parsed_at":"2022-11-03T18:27:07.734Z","dependency_job_id":null,"html_url":"https://github.com/justfoxing/jfx_bridge_jeb","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/justfoxing/jfx_bridge_jeb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/justfoxing%2Fjfx_bridge_jeb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/justfoxing%2Fjfx_bridge_jeb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/justfoxing%2Fjfx_bridge_jeb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/justfoxing%2Fjfx_bridge_jeb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/justfoxing","download_url":"https://codeload.github.com/justfoxing/jfx_bridge_jeb/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/justfoxing%2Fjfx_bridge_jeb/sbom","scorecard":{"id":543747,"data":{"date":"2025-08-11","repo":{"name":"github.com/justfoxing/jfx_bridge_jeb","commit":"aea7b6726976741027cfb209e5135169ecd5fd4b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.7,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/2 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.0.2 not signed: https://api.github.com/repos/justfoxing/jfx_bridge_jeb/releases/26412650","Warn: release artifact 0.0.2 does not have provenance: https://api.github.com/repos/justfoxing/jfx_bridge_jeb/releases/26412650"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-20T08:53:19.789Z","repository_id":62572349,"created_at":"2025-08-20T08:53:19.789Z","updated_at":"2025-08-20T08:53:19.789Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271420153,"owners_count":24756490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","jeb","jeb-python","python3","reverse-engineering"],"created_at":"2024-12-14T13:47:59.633Z","updated_at":"2025-08-21T03:15:05.084Z","avatar_url":"https://github.com/justfoxing.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"JFX Bridge for JEB (JEBBridge)\n=====================\nI like scripting my RE as much as possible, and JEB is pretty handy for Android reverse-engineering. But JEB's Python scripting is based on Jython, which isn't in a great state these days. Installing new packages is a hassle, if they can even run in a Jython environment, and it's only going to get worse as Python 2 slowly gets turned off.\n\nLike [Ghidra Bridge](https://github.com/justfoxing/ghidra_bridge/) and [IDABridge](https://github.com/justfoxing/jfx_bridge_ida/), JEBBridge is a Python RPC bridge that aims to break you out of the JEB Python environment, so you can more easily integrate with up-to-date Python with all the packages you need to do your work as well as tools like IPython and Jupyter, while being as transparent as possible so you don't have to rewrite too much of your scripts.\n\nHow to use for JEB\n======================\n\n## Install the jfx_bridge_jeb package and server scripts\n1. Install the jfx_bridge_jeb package (packaged at https://pypi.org/project/jfx-bridge-jeb/):\n```\npip install jfx_bridge_jeb\n```\n\n2. Install the server scripts to a directory you'll run scripts from in JEB.\n```\npython -m jfx_bridge_jeb.install_server ~/jeb_scripts\n```\n\n## Start Server\n### JEB Context\n\n1. File-\u003eScripts-\u003eRun Script\n2. Navigate to where you installed the server scripts\n3. Run jfx_bridge_jeb_server.py\n\n\n## Setup Client\nFrom the client python environment:\n```python\nimport jfx_bridge_jeb\n\nb = jfx_bridge_jeb.JEBBridge() \n\nctx = b.get_ctx()\njeb_api = b.get_jeb_api()\n\nprj = ctx.getMainProject()\nfor dex in prj.findUnits(jeb_api.core.units.code.android.IDexUnit):\n    last_string_idx = dex.getStringCount()-1\n    last_string = dex.getString(last_string_idx)\n    print(last_string.value)\n```\n\nSecurity warning\n=====================\nBe aware that when running, an JEBBridge server effectively provides code execution as a service. If an attacker is able to talk to the port the bridge server is running on, they can trivially gain execution with the privileges JEB is run with. \n\nAlso be aware that the protocol used for sending and receiving bridge messages is unencrypted and unverified - a person-in-the-middle attack would allow complete control of the commands and responses, again providing trivial code execution on the server (and with a little more work, on the client). \n\nBy default, the server only listens on localhost to slightly reduce the attack surface. Only listen on external network addresses if you're confident you're on a network where it is safe to do so. Additionally, it is still possible for attackers to send messages to localhost (e.g., via malicious javascript in the browser, or by exploiting a different process and attacking the bridge to elevate privileges). You can mitigate this risk by running the bridge server from a JEB process with reduced permissions (a non-admin user, or inside a container), by only running it when needed, or by running on non-network connected systems.\n\nRemote eval\n=====================\nJEBBridge is designed to be transparent, to allow easy porting of non-bridged scripts without too many changes. However, if you're happy to make changes, and you run into slowdowns caused by running lots of remote queries (e.g., something like `for c in dex.getClasses(): doSomething()` can be quite slow with a large number of classes as each class will result in a message across the bridge), you can make use of the bridge.remote_eval() function to ask for the result to be evaluated on the bridge server all at once, which will require only a single message roundtrip.\n\nIf your evaluation is going to take some time, you might need to use the timeout_override argument to increase how long the bridge will wait before deciding things have gone wrong.\n\nIf you need to supply an argument for the remote evaluation, you can provide arbitrary keyword arguments to the remote_eval function which will be passed into the evaluation context as local variables. The following example demonstrates getting a list of all the names of all the classes in a binary, passing in the dex unit for a remote_eval:\n```python\nimport jfx_bridge_jeb\nb = jfx_bridge_jeb.JEBBridge()\n\nctx = b.get_ctx()\njeb_api = b.get_jeb_api()\n\nprj = ctx.getMainProject()\nname_list = []\nfor dex in prj.findUnits(jeb_api.core.units.code.android.IDexUnit):\n    name_list.extend(b.bridge.remote_eval(\"[ c.getName() for c in dex.getClasses()]\", dex=dex))\n```\n\nHow it works\n=====================\nThe actual bridge RPC code is implemented in [jfx-bridge](https://github.com/justfoxing/jfx_bridge/). Check it out there and file non-JEB specific issues related to the bridge there.\n\nTested\n=====================\nPython 3.6.9-\u003eJEB 3.19.1 (Jython 2.7.2)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjustfoxing%2Fjfx_bridge_jeb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjustfoxing%2Fjfx_bridge_jeb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjustfoxing%2Fjfx_bridge_jeb/lists"}