Closed vossim closed 6 years ago
Can you confirm a few things?
You're running kisskiss
as root.
Your device has selinux disable.
What the device version you're running is. (a getprop of the buildprop would be perfect)
Perfect, archiving here as well;
ro.build.id=KTU84M
ro.build.display.id=aosp_arm-eng 4.4.3 KTU84M eng.zyq.20150512.145026 test-keys
ro.build.version.incremental=eng.zyq.20150512.145026
ro.build.version.sdk=19
ro.build.version.codename=REL
ro.build.version.release=4.4.3
ro.build.date=Tue May 12 14:51:48 HKT 2015
ro.build.date.utc=1431413508
ro.build.type=eng
ro.build.user=zyq
ro.build.host=zyq-All-Series
ro.build.tags=test-keys
ro.product.model=AOSP on ARM Emulator
ro.product.brand=Android
ro.product.name=aosp_arm
ro.product.device=generic
ro.product.board=
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=unknown
ro.product.locale.language=en
ro.product.locale.region=US
Hash;
39171edd86abf4731b5aab68e7208709d5362066 /Users/tstrazzere/reverse/targets/android/jiagu/com.beikang_2017-08-04.apk
Unsure when I'll be able to get to this, but thank you for providing all this info. Makes it much easier to reproduce.
Thanks for looking into this, I'm in no hurry ;-).
Just for the record, this is the image in https://github.com/zyq8709/DexHunter running in an emulator.
So to clarify, DexHunter is not unpacking this either?
Correct, but I haven't been able to figure out why exactly. The application (the APK) crashes when I launch it with DexHunter setup to unpack it.
Cool -- good to know, likely being detected or stopping over the memory. Honestly, this doesn't look /too/ difficult... Famous last words ™️
If you have IDA and you're interested in unpacking this yourself, this is a pretty good hint/start to understand the whole program. They're just wrapping every call to make it "hard", unsure if that is intentional or not.
https://github.com/strazzere/android-scripts/blob/master/IDA/jaigu_assist.py
They're trapping and killing the ptrace calls; Which easily explains why this project can't snag that memory. Should be easy to evade.
I'm afraid this isn't my area of expertise, if you have some starting points, it does look interesting!
Ok, so the "error" you're running into, is fixed. This was since I had still been using pread
vs pread64
. However that likely doesn't fix the actual unpacking of this packer. It does however dump a odex file now.
This is all done in the latest round of fixes.
The fix worked indeed, was able to fetch the odex. Thanks!
@strazzere I've tried using the native-unpacker on the following apk: APK packer : Jiagu
Please help me
This is an old closed issue, stop trying to revive it please.
On Fri, Dec 25, 2020, 20:52 matrixboot notifications@github.com wrote:
@strazzere https://github.com/strazzere I've tried using the native-unpacker on the following apk: APK http://www.brasil-tv.net/download packer : Jiagu
[image: fail] https://user-images.githubusercontent.com/76606593/103145675-cda91a00-471c-11eb-83fd-6f1093f21a63.png
Please help me
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/strazzere/android-unpacker/issues/38#issuecomment-751318097, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEYIRWVCNP3PFG5ELE4U3DSWVTZPANCNFSM4EMH4EQQ .
Hi,
I've tried using the native-unpacker on the following APK: https://www.apkmonk.com/app/com.beikang/
As far as I can tell this is using qihoo360 (contains libjiagu_art.so, the com.quhoo.util.* classes)
Output from APKiD:
Output from kisskiss: