search

rednaga / APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Other
2.08k stars 296 forks source link

[DETECTION] Missed Ollvm Detection #251

Open apkunpacker opened 3 years ago

apkunpacker commented 3 years ago

DetectFrida.apk.zip

$ apkid DetectFrida.apk.zip
[+] APKiD 2.1.1 :: from RedNaga :: rednaga.io
[*] DetectFrida.apk.zip!classes.dex                      
    |-> compiler : r8
[*] DetectFrida.apk.zip!lib/arm64-v8a/libnative-lib.so
  |-> obfuscator : Obfuscator-LLVM version 4.0
[*] DetectFrida.apk.zip!lib/armeabi-v7a/libnative-lib.so
 |-> obfuscator : Obfuscator-LLVM version 4.0

After Stripping (slightly updated version of apk )

DetectFrida2.apk.zip

$ apkid DetectFrida2.apk.zip
[+] APKiD 2.1.1 :: from RedNaga :: rednaga.io              
[*] DetectFrida2.apk.zip!classes.dex
 |-> anti_vm : Build.FINGERPRINT check, Build.MANUFACTURER check                                                       |-> compiler : r8
enovella commented 2 years ago

@apkunpacker Could you explain me what's the problem here? The obfuscator banner was removed and the rule doesn't match, right? In this case, I am afraid we'll need to tackle a opcode-based rule for each arch. This might take a bit of work. Not sure if I will have this time.