Closed ghost closed 6 years ago
enovella
commented
6 years ago Hi there!
Regarding the Dexguard unpacking, I'm afraid you will have to merge the original DEX and the unpacked DEX file into a new DEX file. Otherwise, the unreflection & string decryption methods will fail. Normally, there are calls between classes from one DEX and another.
Next week, I'll keep digging into this issue.
Cheers
pat-ford
commented
6 years ago Hi Caleb; Great work on this! I have an unpacked dexguarded sample 8c5ef693ae781cdcf1a5710be7f98a7eb0052248 com.parental.control.v4-dexguarded.apk
$ java -jar simplify/build/libs/simplify.jar -it o simplify/smali
Simplification complete:
total classes = 0
total methods = 0
optimized methods = 0
failed methods = 0
run time = 235 ms
Total optimizations:
Writing output to smali_simple.dex
pat@pat-HP-Compaq-Elite-8300-SFF:~/tools/simplify$ java -jar simplify/build/libs/simplify.jar -v 2 simplify/smali
11:36:28.753 INFO Main - Options:
Input file: simplify/smali
Output file: smali_simple.dex
Include filter: null
Exclude filter: null
Max execution time: 300
Max address visits: 10000
Max call depth: 50
Max method visits: 1000000
Max optimization passes: 100
Output API level: 15
Include support library: false
11:36:28.909 DEBUG SmaliFileFactory - Cached 21088 framework classes in 0 seconds.
Simplification complete:
total classes = 0
total methods = 0
optimized methods = 0
failed methods = 0
run time = 246 ms
Total optimizations:
Writing output to smali_simple.dexI think I just missed working with you at Lookout by a few months. Pat
CalebFenton
commented
6 years ago Hey Pat, it looks like in both cases the input directory doesn't contain smali files. When I run it, using latest build from master, it seems to find input classes:
$ java -jar build/libs/simplify.jar -it o ~/Downloads/smali
[1 / 33] Processing top level class Lo/ˎ$ʽ;
(1 / 6) Executing top level method: Lo/ˎ$ʽ;->doInBackground([Ljava/lang/Object;)Ljava/lang/Object;Digging around a bit deeper, trying on some specific methods, it looks like I'm getting a lot of failures. If this is just the dumped dex file, it may need to be merged with the original for better execution. May also need to fix a few bugs. If you encounter any specific bugs, please open a specific ticket. This one will be closed since I'll personally never support unpacking in simplify; there are other tools for that.
If you can't get work done with simplify, look into dex-oracle. It's "simpler" in that it looks for patterns in the code and tries to execute the actual dex file in a real VM.
Ahh, Lookout. Good times, man! I wonder if y'all are still using anything I worked on (inquisitor, dex-characteristics, some wiki documentation). Feel free to join our RedNaga slack (slack.rednaga.io).
This issue needs to be split up. DexGuard uses packing IIRC, and simplify isn't an unpacker. If you have unpacked DexGuard samples (which are valid dex files), then simplify should work on them. If it doesn't, please post specific hashes and what you were trying.
ProGuard isn't really an obfuscator. If you mean to support proguard by adding a feature to detect and attempt to recreate meaningful names for stripped identifiers, which is about all the obfuscation proguard does, then that should be a separate issue from DexGuard.