Open ghost opened 3 months ago
Hi @AndroidMaster24,
thanks a lot for the detailed ticket. Appreciate it.
Do you know if this bshield belongs to this website?
Hi @AndroidMaster24,
thanks a lot for the detailed ticket. Appreciate it.
Do you know if this bshield belongs to this website?
Could be possible. Sadly, I could not find other samples with bshield yet
whats up with the spam? can't you block them @rednaga ?
whats up with the spam? can't you block them @rednaga ?
Sadly this is a github problem with spam bots trying to spread malware using compromised accounts. Nothing we can do really outside of just deleting the comments.
Describe the protection I discovered a really interesting "String2C" protection, all the strings from the smali gets converted and encrypted to C++ (the liblzuvfr.so file). Possibly custom VNGGames protection
All string gets replaced with
C0585.m5678([id])
which is the call to the native.In the lib, all symbols are stripped from the lib and obfuscated, I barely find interesting strings, however I found the following strings that indicates that the protection might be nicknamed
bshield
and it was generated and compiled under Linux serverSample Võ Hồn Đại Lục VNG 1.2.2: https://apkcombo.com/vo-hon-dai-luc-vng/vnggames.soulland.daula.reloaded/
1.1.7 did not have any protections
APKiD current results... Please provide current output from APKiD on this file. Include the APKiD header which provides the version, e.g. -