strazzere
commented
5 years ago Is this actually packed? Have you run APKiD against it?
Closed igortiraspol closed 5 years ago
strazzere
commented
5 years ago Is this actually packed? Have you run APKiD against it?
igortiraspol
commented
5 years ago I didn't run APKiD (will do tomorrow) but there is package com.secneo
strazzere
commented
5 years ago diff@milo:~/repo/APKiD$ ./docker/apkid.sh ~/com.autel.maxiap200.ht200_2019-07-05.apk
[+] APKiD 2.1.0 :: from RedNaga :: rednaga.io
[*] /input/com.autel.maxiap200.ht200_2019-07-05.apk
|-> packer : SecNeo.B
[*] /input/com.autel.maxiap200.ht200_2019-07-05.apk!classes.dex
|-> anti_vm : possible ro.secure check
|-> compiler : dexlib 2.xDid it for you when I had a moment. Yea - definitely secneo, one of the newer variants which decrypts classes on demand. This is out of scope for this project. AFAIK, there are no public tools which will dump/decrypt this for you.
Though there are definitely private groups/contractors who do this. Feel free to comment here if you find a solution or have other questions -- however this isn't the place to find someone to unpack it for you sadly.
Hello. This APK https://play.google.com/store/apps/details?id=com.autel.maxiap200.ht200
root@Tab2A7-10F:/data/local/tmp # ./kisskiss com.autel.maxiap200.ht200 [] Android Dalvik Unpacker/Unprotector - strazz@gmail.com [+] Hunting for com.autel.maxiap200.ht200 [+] 11094 is service pid [+] 11148 is clone pid [+] Attempting to detect packer/protector... [] Nothing special found, hunting for all dex and odex magic bytes... [] No packer found on clone_pid 11148, falling back to service_pid 11094 [+] Attempting to detect packer/protector... [] Nothing special found, hunting for all dex and odex magic bytes... [!] Something unexpected happened, new version of packer/protectors? Or it wasn't packed/protected!