Closed strazzere closed 5 years ago
hi dev , unpacker not detecting tencent bugly packer
This app is protected by
Package name : com.minhui.networkcapture
com.tencent.StubShell.TxAppEntry
Playstore link : Networkcapture
Pro version of this app has 1: libshellx-2.9.0.2.so 2: libshella-2.9.0.2.so
Hope there is support for tencent bugly . Thanks
@strazzere please have look at it
Pull requests are welcome, this packer isn't too hard to defeat if you just modify the code a bit
you are great programmer sir not we are . don't know where to make change and what need to change . please explain a little
@GSharma789 this might help you: https://www.fortinet.com/blog/threat-research/unmasking-android-malware-a-deep-dive-into-a-new-rootnik-variant-part-i.html
Oh interesting! Can you share your frida hook? That's another way to do it indeed.
On Mon, Jul 22, 2019 at 10:32 AM Govind Sharma notifications@github.com wrote:
@cryptax https://github.com/cryptax thank you . But i already unpack it with frida by hook dexfileopenmemory . I asked here because this awesome unpacker not worked properly
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/strazzere/android-unpacker/issues/10?email_source=notifications&email_token=AATAZ6RIL6TWM4EPPPDHMHLQAVWB7A5CNFSM4A4Z6OK2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2PF5LA#issuecomment-513695404, or mute the thread https://github.com/notifications/unsubscribe-auth/AATAZ6S2QNQVP35QS4P3NW3QAVWB7ANCNFSM4A4Z6OKQ .
hi @cryptax have a look here https://github.com/dstmath/frida-unpack
Going to close this - ijiami is pretty simple to unpack and the above links can help :)
Easily identified by the class;
com/tencent/StubShell/ProxyShell
Also usually included libmain.so libshell.so
Lots of references to tx_shell.
Appears to support ART as well as Dalvik.