APKiD
APKiD copied to clipboard
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Windows 7 x64, c:\Prg\Dev\Java\APKiD>python prep-release.py Traceback (most recent call last): File "prep-release.py", line 33, in from apkid.output import colorize_tag File "c:\Prg\Dev\Java\APKiD\apkid\output.py", line 73, in class OutputFormatter(object): File "c:\Prg\Dev\Java\APKiD\apkid\output.py", line 82,...
## Samples https://twitter.com/0xabc0/status/1541758420424048640 ## Info https://twitter.com/0xabc0/status/1541858325188468736?t=JhRtm9qnRi_tKqRGd5JbCQ&s=03 ## Protector https://github.com/CodingGay/BlackObfuscator ```java package com.plus.currencyconverter; import android.content.Context; import android.content.res.Configuration; import android.text.TextUtils; import android.util.Log; import androidx.lifecycle.Lifecycle; import androidx.lifecycle.j; import androidx.lifecycle.r; import androidx.lifecycle.s; import com.akexorcist.localizationactivity.ui.LocalizationApplication;...
```sh [12:41 edu@xps ar.tvplayer.tv.apk.unpack] > egrep -iRn dexprotector META-INF/MANIFEST.MF:5:Protected-By: 12.3.19 DexProtector (20211214) ```
APK: https://www.pgsharp.com/ ```sh [edu@xps arm64-v8a] > r2 libadventuresync.so Warning: run r2 with -e bin.cache=true to fix relocations in disassembly -- Safety third [0x00141bf0]> izzq~+advobfuscator 0x9b506 364 363 _ZN8andrivet13ADVobfuscator11MetaString4ILi2ELi86ENS0_7IndexesIJLi0ELi1ELi2ELi3ELi4ELi5ELi6ELi7ELi8ELi9ELi10ELi11ELi12ELi13ELi14ELi15ELi16ELi17ELi18ELi19ELi20ELi21ELi22ELi23ELi24ELi25ELi26ELi27ELi28ELi29ELi30ELi31ELi32ELi33ELi34ELi35ELi36ELi37ELi38ELi39ELi40ELi41ELi42ELi43ELi44ELi45ELi46ELi47ELi48ELi49ELi50ELi51ELi52ELi53ELi54ELi55ELi56ELi57ELi58EEEEE7decryptEv 0xb4090 359...
```sh docker/apkid.sh /tmp/split_config.armeabi_v7a.apk [+] APKiD 2.1.3 :: from RedNaga :: rednaga.io [*] /input/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libdexprotector.so |-> obfuscator : DexProtector [*] /input/split_config.armeabi_v7a.apk!lib/armeabi-v7a/libdexprotector_h.so |-> obfuscator : DexProtector ``` ```sh > docker/apkid.sh /tmp/com.napsternetlabs.napsternetv.apk [+] APKiD...
For issue https://github.com/rednaga/APKiD/issues/297 Some point to noticed - ```sh $code = "Code Stage" $code2 = "Anti-Cheat Toolkit" ``` is always present . Choosed any 1 of them only . why...
@apkunpacker has proposed adding rules for detecting anti-cheat systems and anti-frida techniques. I'm generally in favor of supporting this in apkid since it falls in line with the general purpose...
There are various forms of cert pinning in android applications. Either introduced by the OS itself, feature of the connection library like okhttp and unity or be something entirely proprietary...
[Samples.zip](https://github.com/rednaga/APKiD/files/8401634/Samples.zip) From https://github.com/obpo-project/samples libcompatible.so in all 4 arch supposed to be packed with https://appguard.nprotect.com/ but apkid detect it as ```sh [*] libcompatible.so |-> obfuscator : Obfuscator-LLVM version 4.0 ``` libdexvmp.so...
Sample Apk - https://virustotal.com/gui/file/44558c6c758b1ecf42ecda9981240d50c32f42e0d2be4693e37e39f8eb3a3488 APKiD Scan - ```sh $ apkid 'GUNSHIP BATTLE_2.8.21.apk' [+] APKiD 2.1.3 :: from RedNaga :: rednaga.io [*] GUNSHIP BATTLE_2.8.21.apk!assets/audience_network.dex |-> anti_vm : possible Build.SERIAL check |->...