Closed strazzere closed 5 years ago
I got more of them, the problem is that NQShield employs online DRM as well, so some packages can only be unpacked if you log into Baidu or some other chinese online network. There are of course offline packages as well with a classesdex.jar inside the /assets folder.
Yes, I've run into a few of those. I have most of the container (3 versions) fully reversed. Hopefully I'll have time to put some extra work into this later next week.
As per the online version, it should be possible to spoof and then repackage after downloading the files.
Closing as this seems to be done - someone post new hashes of things not correctly dumped by this.
Finally got a malicious sample ITW -- will assess shortly