Closed vossim closed 6 years ago
strazzere
commented
6 years ago Can you confirm a few things?
You're running kisskiss as root.
Your device has selinux disable.
What the device version you're running is. (a getprop of the buildprop would be perfect)
vossim
commented
6 years ago strazzere
commented
6 years ago Perfect, archiving here as well;
ro.build.id=KTU84M
ro.build.display.id=aosp_arm-eng 4.4.3 KTU84M eng.zyq.20150512.145026 test-keys
ro.build.version.incremental=eng.zyq.20150512.145026
ro.build.version.sdk=19
ro.build.version.codename=REL
ro.build.version.release=4.4.3
ro.build.date=Tue May 12 14:51:48 HKT 2015
ro.build.date.utc=1431413508
ro.build.type=eng
ro.build.user=zyq
ro.build.host=zyq-All-Series
ro.build.tags=test-keys
ro.product.model=AOSP on ARM Emulator
ro.product.brand=Android
ro.product.name=aosp_arm
ro.product.device=generic
ro.product.board=
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=unknown
ro.product.locale.language=en
ro.product.locale.region=USHash;
39171edd86abf4731b5aab68e7208709d5362066 /Users/tstrazzere/reverse/targets/android/jiagu/com.beikang_2017-08-04.apk
Unsure when I'll be able to get to this, but thank you for providing all this info. Makes it much easier to reproduce.
vossim
commented
6 years ago Thanks for looking into this, I'm in no hurry ;-).
Just for the record, this is the image in https://github.com/zyq8709/DexHunter running in an emulator.
strazzere
commented
6 years ago So to clarify, DexHunter is not unpacking this either?
vossim
commented
6 years ago Correct, but I haven't been able to figure out why exactly. The application (the APK) crashes when I launch it with DexHunter setup to unpack it.
strazzere
commented
6 years ago Cool -- good to know, likely being detected or stopping over the memory. Honestly, this doesn't look /too/ difficult... Famous last words ™️
strazzere
commented
6 years ago If you have IDA and you're interested in unpacking this yourself, this is a pretty good hint/start to understand the whole program. They're just wrapping every call to make it "hard", unsure if that is intentional or not.
https://github.com/strazzere/android-scripts/blob/master/IDA/jaigu_assist.py
strazzere
commented
6 years ago They're trapping and killing the ptrace calls;
Which easily explains why this project can't snag that memory. Should be easy to evade.
vossim
commented
6 years ago I'm afraid this isn't my area of expertise, if you have some starting points, it does look interesting!
strazzere
commented
6 years ago Ok, so the "error" you're running into, is fixed. This was since I had still been using pread vs pread64. However that likely doesn't fix the actual unpacking of this packer. It does however dump a odex file now.
strazzere
commented
6 years ago This is all done in the latest round of fixes.
vossim
commented
6 years ago The fix worked indeed, was able to fetch the odex. Thanks!
matrixboot
commented
3 years ago @strazzere I've tried using the native-unpacker on the following apk: APK packer : Jiagu
Please help me
strazzere
commented
3 years ago This is an old closed issue, stop trying to revive it please.
On Fri, Dec 25, 2020, 20:52 matrixboot notifications@github.com wrote:
@strazzere https://github.com/strazzere I've tried using the native-unpacker on the following apk: APK http://www.brasil-tv.net/download packer : Jiagu
[image: fail] https://user-images.githubusercontent.com/76606593/103145675-cda91a00-471c-11eb-83fd-6f1093f21a63.png
Please help me
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/strazzere/android-unpacker/issues/38#issuecomment-751318097, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEYIRWVCNP3PFG5ELE4U3DSWVTZPANCNFSM4EMH4EQQ .
Hi,
I've tried using the native-unpacker on the following APK: https://www.apkmonk.com/app/com.beikang/
As far as I can tell this is using qihoo360 (contains libjiagu_art.so, the com.quhoo.util.* classes)
Output from APKiD:
Output from kisskiss: