search

strazzere / android-unpacker

Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0
Apache License 2.0
1.12k stars 331 forks source link

Should support tencent unpacker #10

Closed strazzere closed 5 years ago

strazzere commented 9 years ago

Easily identified by the class;

com/tencent/StubShell/ProxyShell

Also usually included libmain.so libshell.so

Lots of references to tx_shell.

Appears to support ART as well as Dalvik.

apkunpacker commented 5 years ago

hi dev , unpacker not detecting tencent bugly packer

srimodi commented 5 years ago

This app is protected by

Package name : com.minhui.networkcapture

com.tencent.StubShell.TxAppEntry

Playstore link : Networkcapture

apkunpacker commented 5 years ago

Pro version of this app has 1: libshellx-2.9.0.2.so 2: libshella-2.9.0.2.so

  1. libBugly.so
  2. mixz.dex
  3. mix.dex And Hash Of Apk Is MD5 = B4E5C6AA974026291C04FCE95687F2BF SHA1= 8424B792F2BBEE13EBE59F6083D9FD4AE0B755D5

Hope there is support for tencent bugly . Thanks

apkunpacker commented 5 years ago

@strazzere please have look at it

strazzere commented 5 years ago

Pull requests are welcome, this packer isn't too hard to defeat if you just modify the code a bit

apkunpacker commented 5 years ago

you are great programmer sir not we are . don't know where to make change and what need to change . please explain a little

cryptax commented 5 years ago

@GSharma789 this might help you: https://www.fortinet.com/blog/threat-research/unmasking-android-malware-a-deep-dive-into-a-new-rootnik-variant-part-i.html

cryptax commented 5 years ago

Oh interesting! Can you share your frida hook? That's another way to do it indeed.

On Mon, Jul 22, 2019 at 10:32 AM Govind Sharma notifications@github.com wrote:

@cryptax https://github.com/cryptax thank you . But i already unpack it with frida by hook dexfileopenmemory . I asked here because this awesome unpacker not worked properly

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/strazzere/android-unpacker/issues/10?email_source=notifications&email_token=AATAZ6RIL6TWM4EPPPDHMHLQAVWB7A5CNFSM4A4Z6OK2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2PF5LA#issuecomment-513695404, or mute the thread https://github.com/notifications/unsubscribe-auth/AATAZ6S2QNQVP35QS4P3NW3QAVWB7ANCNFSM4A4Z6OKQ .

apkunpacker commented 5 years ago

hi @cryptax have a look here https://github.com/dstmath/frida-unpack

strazzere commented 5 years ago

Going to close this - ijiami is pretty simple to unpack and the above links can help :)