search

rednaga / APKiD

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Other
2.07k stars 296 forks source link

[DETECTION] New Version Of Hikari #264

Open apkunpacker opened 3 years ago

apkunpacker commented 3 years ago

Ultima_07_37_45_Sign.apk.zip

Current Master Branch APKiD Scan :

$ apkid 'Ultima_07_37_45_Sign.apk.zip'
[+] APKiD 2.1.1 :: from RedNaga :: rednaga.io
[*] Ultima_07_37_45_Sign.apk.zip!lib/armeabi-v7a/libarm_classes.so
 |-> obfuscator : Obfuscator-LLVM version unknown
[*] Ultima_07_37_45_Sign.apk.zip!classes.dex
 |-> compiler : unknown (please file detection issue!)
[*] Ultima_07_37_45_Sign.apk.zip!lib/x86/libarm_classes.so
 |-> obfuscator : Obfuscator-LLVM version unknown
[*] Ultima_07_37_45_Sign.apk.zip!classes2.dex
 |-> compiler : dexlib 2.x

After Merging https://github.com/rednaga/APKiD/pull/189 

$ apkid Ultima_07_37_45_Sign.apk 
[+] APKiD 2.1.0 :: from RedNaga :: rednaga.io
[*] Ultima_07_37_45_Sign.apk!lib/armeabi-v7a/libarm_classes.so
 |-> obfuscator : Obfuscator-LLVM version 9.x (string encryption)
[*] Ultima_07_37_45_Sign.apk!lib/x86/libarm_classes.so
 |-> obfuscator : Obfuscator-LLVM version 9.x (string encryption)
[*] Ultima_07_37_45_Sign.apk!classes2.dex

while it should be detected as Hikari as these are samples related to https://github.com/rednaga/APKiD/issues/241

More Samples : NewHikariSamples.zip

CalebFenton commented 3 years ago

PR #189 needs some work before it can be merged and the original author doesn't want to push it forward any more.

And correct me if I'm wrong but you're asking that we add rules for the new Hikari obfuscation?

apkunpacker commented 3 years ago

And correct me if I'm wrong but you're asking that we add rules for the new Hikari obfuscation?

the PR https://github.com/rednaga/APKiD/pull/252 detected Hikari obfuscator fine but in update developer either erased hikari tag or done something by which apkid only able to detect ollvm 9.x string encryption not hikari itself

enovella commented 2 years ago

Can you try now from master?

enovella commented 11 months ago

hikari-sample.apk.zip

enovella commented 11 months ago

Ultima_07_37_45_Sign.apk.zip

Current Master Branch APKiD Scan :

$ apkid 'Ultima_07_37_45_Sign.apk.zip'
[+] APKiD 2.1.1 :: from RedNaga :: rednaga.io
[*] Ultima_07_37_45_Sign.apk.zip!lib/armeabi-v7a/libarm_classes.so
 |-> obfuscator : Obfuscator-LLVM version unknown
[*] Ultima_07_37_45_Sign.apk.zip!classes.dex
 |-> compiler : unknown (please file detection issue!)
[*] Ultima_07_37_45_Sign.apk.zip!lib/x86/libarm_classes.so
 |-> obfuscator : Obfuscator-LLVM version unknown
[*] Ultima_07_37_45_Sign.apk.zip!classes2.dex
 |-> compiler : dexlib 2.x

After Merging #189

$ apkid Ultima_07_37_45_Sign.apk 
[+] APKiD 2.1.0 :: from RedNaga :: rednaga.io
[*] Ultima_07_37_45_Sign.apk!lib/armeabi-v7a/libarm_classes.so
 |-> obfuscator : Obfuscator-LLVM version 9.x (string encryption)
[*] Ultima_07_37_45_Sign.apk!lib/x86/libarm_classes.so
 |-> obfuscator : Obfuscator-LLVM version 9.x (string encryption)
[*] Ultima_07_37_45_Sign.apk!classes2.dex

while it should be detected as Hikari as these are samples related to #241

More Samples : NewHikariSamples.zip

Do you have more samples or info to share?