search

rednaga / APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Other
1.96k stars 286 forks source link

[DETECTION] Missed UPX #256

Open apkunpacker opened 3 years ago

apkunpacker commented 3 years ago

File : MyApp.apk.zip

Hash : b18f45d16b1751a8cb6d3f901c48c1d9 f7773faeba75ff16a26c4cdec382f2bc0bfd0048

Issue : UPX should be detected for other architecture also . It Only detected for armeabi

APKiD Scan Result :

[+] APKiD 2.1.1 :: from RedNaga :: rednaga.io
[*] Myapp.apk.zip
 |-> packer : Ijiami
[*] Myapp.apk.zip!assets/ijm_lib/armeabi/libexec.so
 |-> packer : UPX (unknown, modified)
[*] Myapp.apk.zip!classes.dex
 |-> compiler : dexlib 2.x

Additional Info : For assets/ijm_lib/x86/libexec.so

[0x0002d5e6]> izz ~UPX 4462 0x0002d5e6 0x0002897e 11 12 ascii c=5{"e}UPX0

strazzere commented 3 years ago

If you'd like, just profile the stub for arm64, and x86 like it was done for arm32 and add them to the rules;

https://github.com/rednaga/APKiD/blob/master/apkid/rules/elf/packers.yara#L32

It shouldnt be difficult to do, I likely have rules for it around I just didn't need them at the time since it was all 32 bit binaries using it at the time.