search

strazzere / android-unpacker

Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0
Apache License 2.0
1.13k stars 331 forks source link

jiagu unpacking error #48

Closed srimodi closed 5 years ago

srimodi commented 5 years ago

Package Name: livetvstream.thoptv.com.thoptv

Download link

apkunpacker commented 5 years ago

package name is livetvstream.thoptv.com.thoptv but in that dumped odex there is none of this structure is present . and unpacker does not detect jiagu to . hope for any fix. thanks

apkunpacker commented 5 years ago

frida also shows that all classes are still in memory but this unpacker only dumping less than 50% classes

strazzere commented 5 years ago

You'll need to post more details than that. What do you mean it only dumps 50%?

As in it missed entire classes? If this is the case, it sounds like there is a 2nd dex file loaded.

Does it have empty classes? If this is the case, it sounds like they're replacing methods during execution and leaving the memory empty.

Regardless - if you have frida hooked in there enough to detect either of the above, just dump it using frida. -Tim Strazzere

On Sat, Jun 8, 2019 at 6:58 AM Govind Sharma notifications@github.com wrote:

frida also shows that all classes are still in memory but this unpacker only dumping less than 50% classes

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/strazzere/android-unpacker/issues/48?email_source=notifications&email_token=AAEYIRSFRXONXVNDOLKPCC3PZO3JPA5CNFSM4HLXQ7M2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXHVEWY#issuecomment-500126299, or mute the thread https://github.com/notifications/unsubscribe-auth/AAEYIRXJ3TPGORLUAMRBZSTPZO3JPANCNFSM4HLXQ7MQ .

apkunpacker commented 5 years ago

dumping through other tool show there are 10-11 root directory in dex (of cource total 2 dex) like androix , android , a, b , c , com, livenettv and some more etc . but dumping through this unpacker only give 3-4root directory in dex( i converted dumped.odex to dex) and main livenettv package is totally missing there .

apkunpacker commented 5 years ago

*livetvstream not livenettv

strazzere commented 5 years ago

I'm going to be real here. You're providing next to no information, which likely doesn't want to make anyone, including myself, look deeper into this issue.

What is the other tool?

Can you post the files you're talking about?

Have you confirmed that these are true positives?

Have you look as to how it's dumping these dex files vs how this project is dumping the files? Is it simply multiple part of memory?

While I appreciate you trying to revive old issues - you're not adding actionable context to /what/, if anything, is wrong - other than it's not working in this one case for you.

apkunpacker commented 5 years ago

Ok . My friend will upload unpacked files and a xposed based apk (used to dump dex) here . Yes i can confirm that unpacked apk should have same structure as i can see in those dex because i check old version of apk when packer is not used. Thanks

CalebFenton commented 5 years ago

keeping it real

apkunpacker commented 5 years ago

https://github.com/WrBug/dumpDex/releases was used as dumping dex

strazzere commented 5 years ago

Closing due to inactivity.