nothing found! i need some help pleas

[ItalianApkDownloader]

every time i use this i got this error

[*] Android Dalvik Unpacker/Unprotector - <strazz@gmail.com>
 [+] Hunting for com.package.name
 [+] 21270 is service pid
 [+] 21313 is clone pid
 [+] Attempting to detect packer/protector...
  [*] Nothing special found, hunting for all dex and odex magic bytes...
  [*] No packer found on clone_pid 21313, falling back to service_pid 21270
 [+] Attempting to detect packer/protector...
  [*] Nothing special found, hunting for all dex and odex magic bytes...
 [!] pread seems to have failed : I/O error
 [!] Error peeking at memory : I/O error
 [!] Something unexpected happened, new version of packer/protectors? Or it wasn't packed/protected!

Maybe is my phone with android 8.0 i dont know

i have tried with an android emulator and i got this

` [+] 4351 is service pid
 [+] 15838 is clone pid
 [+] Attempting to detect packer/protector...
  [*] Nothing special found, hunting for all dex and odex magic bytes...
  [*] No packer found on clone_pid 15838, falling back to service_pid 4351
 [+] Attempting to detect packer/protector...
  [*] Nothing special found, hunting for all dex and odex magic bytes...
 [+] Found 1 potentially interesting memory locations...
 [+] Attempting to search inside memory region 0x95ecd000 to 0x9630f000
  [-] Likely a system file found, ignoring..

i'm using this on jiagu app I dont know why but if i use apktool to decompile the apk i found qihoo360 but if i go to /data/data/com.example is see a file called classes.dex (is crypted) in a folder called .jiagu also in assests folder of the apk there is a file called .appkey

another problem is makefile compile the kisskiss file in all except amerabi so when i use the command make install it give me error

[strazzere]

There is a few reasons this may be occurring. The first case seems to be that pread is restricted - maybe this is the selinux context or it could be the app defending itself.

The second one, if is the same app, seems like it just isn't finding anything useful.

Since you're restricted your paste to not include the package name, I have no idea what all this is. Can you share the file here or email me it directly? Without it, there is no meaningful troubleshooting we can do.

[ItalianApkDownloader]

This is the apk: https://www.mediafire.com/download/ycp5w5g8i25nxa5 And this is the file i found in .jiagu folder in /data/data/apppackage https://www.mediafire.com/download/vlyk2yuft1sfkye I think its a combination of jiagu and qihoo

[strazzere]

Definitely Jiagu;

[+] APKiD 1.0.0 :: from RedNaga :: rednaga.io
[*] app.apk
 |-> packer : Jiagu
[*] app.apk!classes.dex
 |-> compiler : dexlib 2.x

I may have time to look at this sometime this week, though I believe their was a past jiagu comment on a closed issue where someone posted a work around.

My suggestion would be to try it on a pre ART emulator.

[ItalianApkDownloader]

What is a pre ART emulator Sorry but i cant find nothing about this

[hardcoder80]

I have the same issue here. "They're trapping and killing the ptrace calls" how can we evade that.

[strazzere]

@ItalianApkDownloader ART the VM which dalvik bytecode is executed in. It used to be done inside the DVM, which this project was originally based around. The project still works against ART VMs, but it might not be optimal.

[strazzere]

@hardcoder80 You'll need to do reverse engineering and manually unpack it vs using this tool.

The previous issue I was mentioning is here; https://github.com/strazzere/android-unpacker/issues/38

[hardcoder80]

@strazzere should we patch the so library using ida pro to disable the anti debugging or what? Btw I have used dexhunter dvm but the app still crash, any hint or guidlines would be very helpful.

[strazzere]

@hardcoder80 You should reverse the protection mechanism and find out for yourself - sadly I cannot reverse every protection for every person who files an issue. When I post a solution, the vendors read it and change their challenge. Thus reading the previous solution might give you hints.

As I do this project for free, sadly, one cannot expect me to just post solutions for them whenever there is a change in the products.

If I get bored and somehow have free time, I might come back to this issue and solve it.

Otherwise, I suggest you start reversing it - blog your findings and maybe come back and submit a fix for the protector. Best of luck!

[strazzere]

Going to close this issue and keep only #42 open - which appears to be the same instance of jiagu.