Add rule for unknown Chinese native obfuscator

rednaga / APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Other

1.98k stars 290 forks source link

Add rule for unknown Chinese native obfuscator #113

Open enovella opened 5 years ago

enovella commented 5 years ago

I've not reversed much but there's dynamic code loading by using encryption. Decrypted payload is mapped with mprotect and mmap through syscalls with inline assembly. There's a bit of CFG flattened too. The code starts with .init_proc. The product seems to/could be Secneo-like.

Samples libcmb-encrypt-jni.zip libmmm.zip

enovella commented 5 years ago

@P0r0 Are you interested on them?

P0r0 commented 5 years ago

yes sure!

I will have a look

enovella commented 5 years ago

Any news?