search

rednaga / APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Other
2.01k stars 293 forks source link

Add rule for Java obfuscator `O0OOO00.O000000o(arg6)` #179

Open enovella opened 4 years ago

enovella commented 4 years ago

Sample

https://koodous.com/apks/929aac4f3752851833e794da64d6cdc76db19aad7eb5590c7953561ae7a49d6d

apkid 929aac4f3752851833e794da64d6cdc76db19aad7eb5590c7953561ae7a49d6d.apk
[+] APKiD 2.1.0 :: from RedNaga :: rednaga.io
[*] 929aac4f3752851833e794da64d6cdc76db19aad7eb5590c7953561ae7a49d6d.apk!classes.dex
 |-> anti_vm : Build.FINGERPRINT check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, network operator name check, possible Build.SERIAL check, possible VM check, ro.kernel.qemu check, subscriber ID check
 |-> compiler : dx
 |-> obfuscator : unreadable field names, unreadable method names
[*] 929aac4f3752851833e794da64d6cdc76db19aad7eb5590c7953561ae7a49d6d.apk!classes2.dex
 |-> anti_debug : Debug.isDebuggerConnected() check
 |-> anti_vm : Build.BOARD check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, Build.TAGS check, SIM operator check, network operator name check, possible Build.SERIAL check, possible VM check
 |-> compiler : dx

Captcha SDK protected with 0, o, O,...

package com.geetest.sdk;

import android.content.Context;

public class O0000o extends O000O0OO {
    private static final String O00000oO = "O0000o";

    static {
    }

    private void O000000o(String arg5, String arg6, String arg7) {
        O0OOO00.O000000o(arg6);
        O00O000o v6 = new O00O000o();
        v6.O00000Oo(arg7);
        v6.O000000o(arg5);
        v6.O000000o(System.currentTimeMillis() - this.O00000Oo.O0000OOo());
        v6.O00000o0(this.O00000Oo.O0000O0o().O00000o());
        this.O00000Oo.O000000o(v6);
        this.O00000o(this.O00000Oo);
        O0000o.O00000o0(this.O00000Oo);
    }

    @Override  // com.geetest.sdk.O000O0o0
    public final int O000000o() {
        return 15;
    }

    @Override  // com.geetest.sdk.O000O0o0
    public final void O000000o(O0O0o00 arg4) {
        Context v0 = arg4.O00000o();
        O00O00Oo v4 = arg4.O0000O0o();
        O00oOooO v1 = new O00oOooO(this);
        O00OOo.O000000o().O000000o(O00OoO0o.O000000o(v0, v4), O00Oo0OO.O000000o(v1));
    }
}
CalebFenton commented 4 years ago

Any idea what this one might be called? It could just be a proguard configuration, and a few other tools might do this also.

enovella commented 4 years ago

No idea to be honest. Thought initially Allatori. I think that ProGuard doesn't change strings, does it? 

private static final String O00000oO = "O0000o";