search

ClaudiuGeorgiu / Obfuscapk

An automatic obfuscation tool for Android apps that works in a black-box fashion, supports advanced obfuscation features and has a modular architecture easily extensible with new techniques
MIT License
1.09k stars 285 forks source link

Command in linux to obfuscate .apk FileNotFoundError #127

Closed gieuci0x closed 2 years ago

gieuci0x commented 2 years ago

Which are proper command to obfuscate my .apk on linux I tried many options but got error everytime:

Command: docker run obfuscapk -w /home/myusername/Tools/apk/original.apk -o ConstStringEncryption -d /home/user/Desktop/obfuscated.apk Error:>> python3 -m obfuscapk.cli: error: the following arguments are required:

Other commands show me error: FileNotFoundError: Unable to find application file "/home/myusername/Tools/apk/original.apk"

Tried about 50 commands, each of them show me one of that two errors.

Would be so grateful if someone write me an correct command.

Dado1513 commented 2 years ago

Did you tried also the command explained in the usage section? $ docker run --rm -it -u $(id -u):$(id -g) -v "${PWD}":"/workdir" obfuscapk [params...] ?

ClaudiuGeorgiu commented 2 years ago

FileNotFoundError: Unable to find application file "/home/myusername/Tools/apk/original.apk"

Hi, you can't use the paths on your filesystem when using docker, since docker is using its own filesystem and won't be able to see your local files (unless you mount them to the container with the -v parameter, as suggested in the readme). This command should work: docker run -v "/home/myusername/Tools/apk/":"/workdir" obfuscapk -w /workdir/obfuscation_dir/ -o ConstStringEncryption -o Rebuild -o NewAlignment -o NewSignature -d /workdir/obfuscated.apk /workdir/input.apk. For futher information, please check the official docker documentation.

gieuci0x commented 2 years ago

Thanks for answer unfournetly this commands does not work, I tried 4x combinations, have same error with each of them: Error: python3 -m obfuscapk.cli: error: the following arguments are required:

Here are exactly 4x commands which I use:

docker run -v "/home/stephan/Tools/temp/backup/":"/workdir" obfuscapk -w /home/stephan/Tools/temp/backup/rosbundle.apk -o ConstStringEncryption -d /home/obfuscated.apk

docker run -v "/home/stephan/Tools/temp/backup/":"/workdir" obfuscapk -w /home/stephan/Tools/temp/backup/rosbundle.apk -o ConstStringEncryption -d /home/obfuscated.apk

docker run -v "/home/stephan/Tools/temp/backup/":"/workdir" obfuscapk -w /workdir/rosbundle.apk -o ConstStringEncryption -d /workdir/obfuscated.apk

docker run -v "/home/stephan/Tools/":"/workdir" obfuscapk -w "/home/stephan/Tools/rosbundle.apk" -o ConstStringEncryption -d /workdir/obfuscated.apk

ClaudiuGeorgiu commented 2 years ago

Hi @gieuci0x, sorry but the command I suggested in the previous comment was incomplete (now I edited the message and the command is correct). There are a few problems with your commands:

This command should work: docker run -v "/home/stephan/Tools/temp/backup/":"/workdir" obfuscapk -w /workdir/obfuscation_dir/ -o ConstStringEncryption -o Rebuild -o NewAlignment -o NewSignature -d /workdir/obfuscated.apk /workdir/input.apk, your apk file to be obfuscated has to be located at /home/stephan/Tools/temp/backup/input.apk and you will find the output apk at /home/stephan/Tools/temp/backup/obfuscated.apk.

gieuci0x commented 2 years ago

It's work now, I mean command:-) I tried payload from metasploit then obfuscate it by various options, then scan it online on virus jotti, have all the time Scan results 9/13 detect as malware. File is for sure changed as size is different, but it's still detecable as original output from msvenom. Could you suggest any combo which I should use to get lesser detection radio?

Thank you my friend

ClaudiuGeorgiu commented 2 years ago

Could you suggest any combo which I should use to get lesser detection radio?

Please check this entry in the FAQ for some suggestions.

gieuci0x commented 2 years ago

I read this PDF. Have a question, it's possible to make it FUD even if don't know any programing lang? I can look at code as I learn a little Html and C++ about 10 years ago. :) As I can see for now it's necessary to change the code string/class and add some junk code. Or there are maybe some generator of class/strings/junk code which I could just implement in the code. I am happy to pay you if you learn me trick to make apk FUD :-)

Thanks!