diff --git a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md
index 53346c022e5..91bec660dbf 100644
--- a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md
+++ b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md
@@ -63,6 +63,29 @@ Java.perform(function () {
 ```
 Frida will work out of the box on PAC/BTI-enabled devices (Pixel 8/Android 14+) as long as you use frida-server 16.2 or later – earlier versions failed to locate padding for inline hooks.  
 
+### Dumping runtime-decrypted native libraries from memory (Frida soSaver)
+
+When a protected APK keeps native code encrypted or only maps it at runtime (packers, downloaded payloads, generated libs), attach Frida and dump the mapped ELF directly from process memory.
+
+**soSaver workflow (Python host + TS/JS Frida agent):**
+- Hooks `dlopen` and `android_dlopen_ext` to detect load-time library mapping and performs an initial sweep of already loaded modules.
+- Periodically scans the process memory mappings for ELF headers to catch modules loaded through non-standard mappers that never hit the loader APIs.
+- Reads each module in blocks from memory and streams the bytes through Frida messages to the host; if a region cannot be read, it falls back to reading from the on-disk path when available.
+- Saves the reconstructed `.so` files and prints per-module extraction stats, providing artifacts for static RE.
+
+**Run (root + frida-server, Python ≥3.8, uv):**
+```bash
+git clone https://github.com/TheQmaks/sosaver.git
+cd sosaver && uv sync
+source .venv/bin/activate    # .venv\Scripts\activate on Windows
+
+# target by package or PID; choose output/verbosity
+sosaver com.example.app
+sosaver 1234 -o /tmp/so-dumps --debug
+```
+
+This approach bypasses “only decrypted in RAM” protections by recovering the live mapped image, allowing offline analysis in IDA/Ghidra even if the filesystem copy is obfuscated or absent.
+
 ### Process-local JNI telemetry via preloaded .so (SoTap)
 
 When full-featured instrumentation is overkill or blocked, you can still gain native-level visibility by preloading a small logger inside the target process. SoTap is a lightweight Android native (.so) library that logs the runtime behavior of other JNI (.so) libraries within the same app process (no root required).
@@ -297,5 +320,7 @@ make
 - [Patching Android ARM64 library initializers for easy Frida instrumentation and debugging](https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/)
 - [LIEF Project](https://github.com/lief-project/LIEF)
 - [JNIInvocation](https://github.com/Ch0pin/JNIInvocation)
+- soSaver — Frida-based live memory dumper for Android `.so` libraries – [github.com/TheQmaks/sosaver](https://github.com/TheQmaks/sosaver)
+- soSaver Frida agent (TypeScript/JS) – [github.com/TheQmaks/soSaver-frida](https://github.com/TheQmaks/soSaver-frida)
 
 {{#include ../../banners/hacktricks-training.md}}