APKiD
APKiD copied to clipboard
rednaga
New version of AppSolid
TODO.- Add rule
[xxxxx] > apkid libmappsolid.so
[+] APKiD 1.0.0 :: from RedNaga :: rednaga.io
[*] libmappsolid.so
|-> obfuscator : Obfuscator-LLVM version 3.6.1
Samples;
331d7ae468e94a4cf87e592087c3e5413d221a8991c7593e52372b6f8b547ed9
77cfd81e9c3fe5f8bf6ff5f286ef9cf358e189960ff2c7721eb1ec763eb976ce
the sample 331d7ae468e94a4cf87e592087c3e5413d221a8991c7593e52372b6f8b547ed9 is obfuscated with a LLVM-based obfuscator. Possibly OLLVM 3.6.1.
However, they hide the string or used different fork which is not detected by our rules. Hopefully we can fingerprint the state machine as shown below:
do
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( 1 )
{
while ( v8 <= -2065758101 )
{
if ( v8 == -2138332621 )
{
v8 = v3;
if ( v135 )
v8 = -1214003794;
}
}
if ( v8 > -1974879329 )
break;
if ( v8 == -2065758100 )
Making a Yara rule with the following ARM assembly:
.text:0004E50C 4A F6 F9 11 C7 F6 CF 11 MOV R1, #0x79CFA9F9
.text:0004E514 88 42 CMP R0, R1
.text:0004E516 00 F3 9E 81 BGT.W loc_4E856
.text:0004E51A 4D F2 76 21 C7 F6 33 11 MOV R1, #0x7933D276
.text:0004E522 88 42 CMP R0, R1
.text:0004E524 00 F3 CF 81 BGT.W loc_4E8C6
.text:0004E528 4D F2 3C 71 C7 F6 FA 01 MOV R1, #0x78FAD73C
.text:0004E530 88 42 CMP R0, R1
.text:0004E532 00 F3 D9 81 BGT.W loc_4E8E8
.text:0004E536 44 F6 3F 71 C7 F2 47 41 MOV R1, #0x74474F3F
.text:0004E53E 88 42 CMP R0, R1
.text:0004E540 00 F3 DF 81 BGT.W loc_4E902
.text:0004E544 4A F2 9F 21 C7 F2 B2 21 MOV R1, #0x72B2A29F
.text:0004E54C 88 42 CMP R0, R1
.text:0004E54E 00 F3 09 82 BGT.W loc_4E964
.text:0004E552 46 F6 8F 51 C7 F2 36 11 MOV R1, #0x71366D8F
.text:0004E55A 88 42 CMP R0, R1
.text:0004E55C 00 F3 16 82 BGT.W loc_4E98C
.text:0004E560 40 F2 0A 61 C6 F2 25 71 MOV R1, #0x6725060A
.text:0004E568 88 42 CMP R0, R1
.text:0004E56A 00 F3 48 82 BGT.W loc_4E9FE
.text:0004E56E 47 F6 CD 41 C6 F2 81 21 MOV R1, #0x62817CCD
.text:0004E576 88 42 CMP R0, R1
.text:0004E578 00 F3 54 82 BGT.W loc_4EA24
.text:0004E57C 42 F6 62 51 C5 F6 4A 41 MOV R1, #0x5C4A2D62
.text:0004E584 88 42 CMP R0, R1
.text:0004E586 00 F3 7E 82 BGT.W loc_4EA86
.text:0004E58A 4C F2 28 51 C5 F6 7A 11 MOV R1, #0x597AC528
.text:0004E592 88 42 CMP R0, R1
.text:0004E594 00 F3 C5 82 BGT.W loc_4EB22
.text:0004E598 4F F2 8A 01 C5 F2 E0 01 MOV R1, #0x50E0F08A
.text:0004E5A0 88 42 CMP R0, R1
.text:0004E5A2 00 F3 EF 82 BGT.W loc_4EB84
.text:0004E5A6 44 F2 F5 71 C4 F6 DB 21 MOV R1, #0x4ADB47F5
.text:0004E5AE 88 42 CMP R0, R1
.text:0004E5B0 00 F3 F5 82 BGT.W loc_4EB9E
.text:0004E5B4 47 F6 F5 51 C4 F6 C5 21 MOV R1, #0x4AC57DF5
.text:0004E5BC 88 42 CMP R0, R1
.text:0004E5BE 00 F3 40 83 BGT.W loc_4EC42
.text:0004E5C2 46 F2 CF 11 C4 F2 A6 41 MOV R1, #0x44A661CF
.text:0004E5CA 88 42 CMP R0, R1
.text:0004E5CC 00 F3 4B 83 BGT.W loc_4EC66
.text:0004E5D0 46 F2 F3 11 C4 F2 F5 01 MOV R1, #0x40F561F3
.text:0004E5D8 88 42 CMP R0, R1
.text:0004E5DA 00 F3 76 83 BGT.W loc_4ECCA
.text:0004E5DE 4C F2 C4 51 C3 F6 F0 51 MOV R1, #0x3DF0C5C4
.text:0004E5E6 88 42 CMP R0, R1
.text:0004E5E8 00 F3 A1 83 BGT.W loc_4ED2E
.text:0004E5EC 46 F6 CF 31 C3 F2 0C 61 MOV R1, #0x360C6BCF
.text:0004E5F4 88 42 CMP R0, R1
.text:0004E5F6 00 F3 D4 83 BGT.W loc_4EDA2
.text:0004E5FA 4D F6 EE 71 C3 F2 37 51 MOV R1, #0x3537DFEE
.text:0004E602 88 42 CMP R0, R1
.text:0004E604 00 F3 FB 83 BGT.W loc_4EDFE
.text:0004E608 4A F6 80 71 C2 F2 FE 71 MOV R1, #0x27FEAF80
.text:0004E610 88 42 CMP R0, R1
.text:0004E612 00 F3 2A 84 BGT.W loc_4EE6A
.text:0004E616 49 F6 7A 31 C2 F2 68 51 MOV R1, #0x25689B7A
.text:0004E61E 88 42 CMP R0, R1
.text:0004E620 00 F3 2C 84 BGT.W loc_4EE7C
.text:0004E624 4F F2 DB 71 C2 F2 81 31 MOV R1, #0x2381F7DB
.text:0004E62C 88 42 CMP R0, R1
.text:0004E62E 00 F3 2E 84 BGT.W loc_4EE8E
.text:0004E632 44 F6 C6 01 MOVW R1, #0x48C6
.text:0004E636 77 46 MOV R7, LR
.text:0004E638 C2 F2 F5 11 MOVT.W R1, #0x21F5
.text:0004E63C 88 42 CMP R0, R1
.text:0004E63E 00 F3 7F 84 BGT.W loc_4EF40
.text:0004E642 42 F2 9F 41 C1 F6 D4 01 MOV R1, #0x18D4249F
.text:0004E64A 88 42 CMP R0, R1
.text:0004E64C 00 F3 D7 84 BGT.W loc_4EFFE
.text:0004E650 44 F2 F2 31 C1 F2 61 71 MOV R1, #0x176143F2
.text:0004E658 88 42 CMP R0, R1
.text:0004E65A 00 F3 13 85 BGT.W loc_4F084
.text:0004E65E 46 F6 3F 11 C1 F2 CD 61 MOV R1, #0x16CD693F
.text:0004E666 88 42 CMP R0, R1
.text:0004E668 00 F3 4B 85 BGT.W loc_4F102
.text:0004E66C 4A F6 D2 01 C1 F2 5F 61 MOV R1, #0x165FA8D2
.text:0004E674 88 42 CMP R0, R1
.text:0004E676 00 F3 68 85 BGT.W loc_4F14A
.text:0004E67A 45 F6 74 21 C1 F2 0A 41 MOV R1, #0x140A5A74
.text:0004E682 88 42 CMP R0, R1
.text:0004E684 00 F3 85 85 BGT.W loc_4F192
.text:0004E688 45 F2 48 61 C0 F6 61 61 MOV R1, #0xE615648
.text:0004E690 88 42 CMP R0, R1
.text:0004E692 00 F3 B6 85 BGT.W loc_4F202
.text:0004E696 45 F2 DC 61 C0 F6 65 51 MOV R1, #0xD6556DC
.text:0004E69E 88 42 CMP R0, R1
.text:0004E6A0 00 F3 2A 86 BGT.W loc_4F2F8
.text:0004E6A4 4E F2 F8 11 C0 F6 A9 21 MOV R1, #0xAA9E1F8
.text:0004E6AC 88 42 CMP R0, R1
.text:0004E6AE 00 F3 62 86 BGT.W loc_4F376
.text:0004E6B2 49 F6 D6 01 C0 F2 7E 61 MOV R1, #0x67E98D6
.text:0004E6BA 88 42 CMP R0, R1
.text:0004E6BC 00 F3 97 86 BGT.W loc_4F3EE
.text:0004E6C0 4B F2 B5 11 CF F6 E3 11 MOV R1, #0xF9E3B1B5
.text:0004E6C8 88 42 CMP R0, R1
.text:0004E6CA 00 F3 B3 86 BGT.W loc_4F434
.text:0004E6CE 49 F6 36 41 CF F6 55 11 MOV R1, #0xF9559C36
.text:0004E6D6 88 42 CMP R0, R1
.text:0004E6D8 00 F3 EE 86 BGT.W loc_4F4B8
.text:0004E6DC 48 F6 8A 21 CF F2 51 71 MOV R1, #0xF7518A8A
.text:0004E6E4 88 42 CMP R0, R1
.text:0004E6E6 00 F3 2D 87 BGT.W loc_4F544
.text:0004E6EA 45 F2 1A 01 CF F2 14 31 MOV R1, #0xF314501A
.text:0004E6F2 88 42 CMP R0, R1
.text:0004E6F4 00 F3 84 87 BGT.W loc_4F600
.text:0004E6F8 4F F2 25 01 CE F6 C0 11 MOV R1, #0xE9C0F025
.text:0004E700 88 42 CMP R0, R1
.text:0004E702 00 F3 B9 87 BGT.W loc_4F678
.text:0004E706 4F F6 80 41 CE F2 23 21 MOV R1, #0xE223FC80
.text:0004E70E 88 42 CMP R0, R1
.text:0004E710 00 F3 F3 87 BGT.W loc_4F6FA
.text:0004E714 48 F2 E3 21 CE F2 D2 01 MOV R1, #0xE0D282E3
.text:0004E71C 88 42 CMP R0, R1
.text:0004E71E 01 F3 2B 80 BGT.W loc_4F778
.text:0004E722 41 F6 0A 11 CD F6 27 71 MOV R1, #0xDF27190A
.text:0004E72A 88 42 CMP R0, R1
.text:0004E72C 01 F3 48 80 BGT.W loc_4F7C0
.text:0004E730 43 F2 10 31 CD F6 C8 51 MOV R1, #0xDDC83310
.text:0004E738 88 42 CMP R0, R1
.text:0004E73A 01 F3 80 80 BGT.W loc_4F83E
.text:0004E73E 4C F6 FF 11 CD F2 96 51 MOV R1, #0xD596C9FF
.text:0004E746 88 42 CMP R0, R1
.text:0004E748 01 F3 B2 80 BGT.W loc_4F8B0
.text:0004E74C 4F F2 32 31 CD F2 4C 41 MOV R1, #0xD44CF332
.text:0004E754 88 42 CMP R0, R1
.text:0004E756 01 F3 E6 80 BGT.W loc_4F926
.text:0004E75A 4F F6 B6 41 CD F2 2D 21 MOV R1, #0xD22DFCB6
.text:0004E762 88 42 CMP R0, R1
.text:0004E764 01 F3 00 81 BGT.W loc_4F968
.text:0004E768 4A F6 71 01 CC F6 8A 71 MOV R1, #0xCF8AA871
.text:0004E770 88 42 CMP R0, R1
.text:0004E772 01 F3 40 81 BGT.W loc_4F9F6
.text:0004E776 45 F2 8B 51 CC F6 6C 11 MOV R1, #0xC96C558B
.text:0004E77E 88 42 CMP R0, R1
.text:0004E780 01 F3 4F 81 BGT.W loc_4FA22
.text:0004E784 4A F6 3B 11 CC F6 3A 01 MOV R1, #0xC83AA93B
.text:0004E78C 88 42 CMP R0, R1
.text:0004E78E 01 F3 64 81 BGT.W loc_4FA5A
.text:0004E792 4A F2 C3 61 CC F2 30 71 MOV R1, #0xC730A6C3
.text:0004E79A 88 42 CMP R0, R1
.text:0004E79C 01 F3 A1 81 BGT.W loc_4FAE2
.text:0004E7A0 47 F2 DC 41 CB F6 3E 71 MOV R1, #0xBF3E74DC
.text:0004E7A8 88 42 CMP R0, R1
.text:0004E7AA 01 F3 D3 81 BGT.W loc_4FB54
.text:0004E7AE 4C F2 AD 51 CB F2 A3 71 MOV R1, #0xB7A3C5AD
.text:0004E7B6 88 42 CMP R0, R1
.text:0004E7B8 01 F3 FF 81 BGT.W loc_4FBBA
.text:0004E7BC 48 F6 8F 41 CB F2 CD 61 MOV R1, #0xB6CD8C8F
.text:0004E7C4 88 42 CMP R0, R1
.text:0004E7C6 01 F3 32 82 BGT.W loc_4FC2E
.text:0004E7CA 4E F2 DE 31 CB F2 E8 51 MOV R1, #0xB5E8E3DE
.text:0004E7D2 88 42 CMP R0, R1
.text:0004E7D4 01 F3 4A 82 BGT.W loc_4FC6C
.text:0004E7D8 41 F2 3E 31 CB F2 3A 41 MOV R1, #0xB43A133E
.text:0004E7E0 88 42 CMP R0, R1
.text:0004E7E2 01 F3 87 82 BGT.W loc_4FCF4
.text:0004E7E6 42 F2 19 01 CA F6 97 71 MOV R1, #0xAF972019
.text:0004E7EE 88 42 CMP R0, R1
.text:0004E7F0 01 F3 C0 82 BGT.W loc_4FD74
.text:0004E7F4 42 F6 E8 01 CA F6 15 71 MOV R1, #0xAF1528E8
.text:0004E7FC 88 42 CMP R0, R1
.text:0004E7FE 01 F3 FD 82 BGT.W loc_4FDFC
.text:0004E802 4B F6 A7 41 CA F2 4F 51 MOV R1, #0xA54FBCA7
.text:0004E80A 88 42 CMP R0, R1
.text:0004E80C 01 F3 11 83 BGT.W loc_4FE32
.text:0004E810 48 F2 A8 41 CA F2 8F 21 MOV R1, #0xA28F84A8
.text:0004E818 88 42 CMP R0, R1
.text:0004E81A 01 F3 31 83 BGT.W loc_4FE80
.text:0004E81E 43 F2 F1 61 C9 F2 EF 61 MOV R1, #0x96EF36F1
.text:0004E826 88 42 CMP R0, R1
.text:0004E828 01 F3 40 83 BGT.W loc_4FEAC
.text:0004E82C 49 F2 81 71 C8 F6 BC 31 MOV R1, #0x8BBC9781
.text:0004E834 88 42 CMP R0, R1
.text:0004E836 01 F0 60 83 BEQ.W loc_4FEFA
.text:0004E83A 42 F6 AF 51 C8 F6 CE 31 MOV R1, #0x8BCE2DAF
.text:0004E842 88 42 CMP R0, R1
.text:0004E844 41 F0 7B 83 BNE.W loc_4FF3E
.text:0004E848 1C 99 LDR R1, [SP,#0xB8+var_48]
.text:0004E84A 44 F2 F6 70 C4 F6 DB 20 MOV R0, #0x4ADB47F6
.text:0004E852 01 F0 65 BB B.W loc_4FF20
Thats not flattening the control flow, thats just how I write my code because why not! :D :D :D
I've created a different thread to deal with this issue (https://github.com/rednaga/APKiD/issues/82). Lets discuss here only the new version of AppSolid.
Interesting sample of it with maybe some packing feature.
https://koodous.com/apks/c03e180f5dc55d51eff276b73f15f62c3fd8b9de46c88e0a5e23441f2b2a15c1
[*] c03e180f5dc55d51eff276b73f15f62c3fd8b9de46c88e0a5e23441f2b2a15c1!lib/armeabi-v7a/lib6b667d2a6a0e35e7c9253eb659e502911.so
|-> anti_debug : /proc/self/maps, /proc/self/status, TracerPid, ptrace
|-> anti_hook : Substrate, Xposed
[*] c03e180f5dc55d51eff276b73f15f62c3fd8b9de46c88e0a5e23441f2b2a15c1!lib/armeabi/libmappsolid.so
|-> anti_debug : /proc/self/status, TracerPid, ptrace
|-> anti_hook : Xposed
|-> anti_root : daemonsu
|-> obfuscator : LLVM-based (CFG flattened)
|-> protector : AppSolid
[*] c03e180f5dc55d51eff276b73f15f62c3fd8b9de46c88e0a5e23441f2b2a15c1!lib/armeabi-v7a/lib6b667d2a6a0e35e7c9253eb659e502911.so
Code for unpacking possibly......
int __fastcall sub_7BF0(JNIEnv *env, jobject a2, int a3)
{
int v3; // ST14_4
jobject v4; // r6
int v6; // r0
int v7; // r0
int v8; // r0
int v9; // r5
int v10; // r0
int v11; // r0
int v12; // ST10_4
int v13; // r0
int v14; // r0
int v15; // r0
int v16; // r0
int v17; // r0
int v18; // r0
int v19; // r6
int v20; // r0
int v21; // r7
int v22; // r6
int v23; // r7
int v24; // r3
int v26; // [sp+4h] [bp-444h]
int v27; // [sp+Ch] [bp-43Ch]
signed int v28; // [sp+14h] [bp-434h]
int v29; // [sp+1Ch] [bp-42Ch]
char v30; // [sp+20h] [bp-428h]
int v31; // [sp+24h] [bp-424h]
int v32; // [sp+28h] [bp-420h]
char v33; // [sp+2Ch] [bp-41Ch]
char v34; // [sp+30h] [bp-418h]
v3 = a3;
v4 = a2;
sub_666C(env);
v6 = ((int (__fastcall *)(JNIEnv *, jobject))(*env)->GetObjectClass)(env, v4);
v7 = ((int (__fastcall *)(JNIEnv *, int, const char *, const char *))(*env)->GetMethodID)(
env,
v6,
"getFilesDir",
"()Ljava/io/File;");
v8 = sub_7BAC(env, v4, v7);
v9 = v8;
v10 = ((int (__fastcall *)(JNIEnv *, int))(*env)->GetObjectClass)(env, v8);
v11 = ((int (__fastcall *)(JNIEnv *, int, const char *, const char *))(*env)->GetMethodID)(
env,
v10,
"getAbsolutePath",
"()Ljava/lang/String;");
v12 = sub_7BAC(env, v9, v11);
dword_64788 = ((int (__fastcall *)(JNIEnv *))(*env)->GetStringUTFChars)(env);
v13 = sub_7BAC(env, v4, dword_646E4);
v14 = ((int (__fastcall *)(JNIEnv *, int, int))(*env)->GetObjectField)(env, v13, dword_64710);
dword_64798 = ((int (__fastcall *)(JNIEnv *, int, _DWORD))(*env)->GetStringUTFChars)(env, v14, 0);
v15 = sub_7BAC(env, v4, dword_646F0);
((void (__fastcall *)(JNIEnv *, int, _DWORD))(*env)->GetStringUTFChars)(env, v15, 0);
v16 = sub_7BAC(env, v3, dword_646E0);
v17 = ((int (__fastcall *)(JNIEnv *, int, _DWORD))(*env)->GetStringUTFChars)(env, v16, 0);
dword_64784 = v17;
dword_64794 = v17;
v27 = sub_7BAC(env, v3, dword_646E8);
v18 = sub_95A0(env, v12);
v19 = v18;
dword_64790 = v18;
j___aeabi_memclr4(&v34, 1024);
j_sprintf(&v34, "%s/%s", v19, "code");
v20 = sub_7998(env, v3, &v34);
if ( v20 >= 1 )
{
v28 = v20;
v21 = ((int (__fastcall *)(JNIEnv *, const char *))(*env)->FindClass)(env, "dalvik/system/DexFile");
sub_9C24(&v32, env);
((void (__fastcall *)(JNIEnv *, int, const char *, int))(*env)->GetFieldID)(env, v21, "mCookie", v32);
sub_9880(&v30, env, "dalvik.system.DexFile", "loadDex");
v22 = dword_6477C;
v23 = ((int (__fastcall *)(JNIEnv *, int, const char *, int))(*env)->GetStaticMethodID)(env, v21, "loadDex", v31);
if ( v22 )
{
dword_647A8 = sub_8C00();
}
else
{
sub_89B8();
sub_8B8C(0);
}
sub_6C00((int)env, v23, dword_64790, v24, v28, v26, v27);
sub_25D8C(v31 - 12, &v33);
sub_25D8C(v32 - 12, &v30);
}
return _stack_chk_guard - v29;
}
public native int qwertys(ApplicationInfo appinfo, String arg2) {}
int __fastcall Java_web_apache_sax_app_qwertys(JNIEnv *env, jobject a2, jstring applicationInfo, jstring str)
{
int v6; // r0
int v7; // r0
const char *v8; // r4
char *v9; // r5
int v10; // r0
int v11; // ST1C_4
int v12; // r7
int v13; // r7
signed int v14; // r4
int v15; // r5
int v16; // r1
int v17; // r4
int v18; // ST38_4
int v19; // r4
int v20; // r6
int result; // r0
char *v22; // [sp+14h] [bp-664h]
int v23; // [sp+18h] [bp-660h]
int v24; // [sp+1Ch] [bp-65Ch]
JNIEnv *v25; // [sp+20h] [bp-658h]
const char *v26; // [sp+2Ch] [bp-64Ch]
int v28; // [sp+3Ch] [bp-63Ch]
int v29; // [sp+40h] [bp-638h]
int v30; // [sp+44h] [bp-634h]
int v31; // [sp+48h] [bp-630h]
int v32; // [sp+4Ch] [bp-62Ch]
int v33; // [sp+50h] [bp-628h]
int v34; // [sp+54h] [bp-624h]
int v35; // [sp+58h] [bp-620h]
int v36; // [sp+5Ch] [bp-61Ch]
char v37; // [sp+60h] [bp-618h]
char v38; // [sp+260h] [bp-418h]
int v39; // [sp+460h] [bp-218h]
v6 = ((int (__fastcall *)(JNIEnv *, jstring))(*env)->GetObjectClass)(env, applicationInfo);
v7 = ((int (__fastcall *)(JNIEnv *, int, const char *, const char *))(*env)->GetFieldID)(
env,
v6,
"nativeLibraryDir",
"Ljava/lang/String;");
v23 = ((int (__fastcall *)(JNIEnv *, jstring, int))(*env)->GetObjectField)(env, applicationInfo, v7);
v8 = (const char *)((int (__fastcall *)(JNIEnv *))(*env)->GetStringUTFChars)(env);
v26 = v8;
v9 = (char *)j_strdup();
j_strcpy(v9, v8);
v22 = v9;
j_strtok(v9, &off_21300);
j_strtok(0, &off_21300);
v10 = j_strtok(0, &off_21300);
v11 = j_strtok(v10, &off_21304);
j___aeabi_memclr4(&v39, 512);
j___aeabi_memclr4(&v38, 512);
j___aeabi_memclr4(&v37, 512);
v25 = env;
v12 = ((int (__fastcall *)(JNIEnv *, jstring, _DWORD))(*env)->GetStringUTFChars)(env, str, 0);
j_sprintf(&v39, "/data/data/%s/", v11);
j_sprintf(&v38, "%s/%s", v8, v12);
j_sprintf(&v37, "/data/data/%s/cruetxy/", v11);
j_chmod(&v39, 511);
j_mkdir(&v37, 511);
j_chmod(&v37, 511);
v24 = v12;
j_sprintf(&v37, "%s%s", &v37, v12);
v13 = j_fopen(&v38, "r");
v14 = -1;
if ( v13 )
{
j_fseek(v13, 0, 2);
v15 = j_ftell(v13);
if ( v15 >= 1 )
{
j_fseek(v13, 0, 0);
v17 = j_malloc(v15 + 1, v16);
v18 = v17;
j___aeabi_memclr(v17, v15 + 1);
j_fread(v17, 1, v15, v13);
j_fclose(v13);
v33 = -1890589816;
v34 = -243722488;
v35 = 932508649;
v36 = 0x8905D40A;
v32 = 0;
v31 = 0;
v30 = 0;
v29 = 0;
v19 = j_malloc(v15 + 1, &v37);
j___aeabi_memclr(v19, v15);
sub_EA78(&v33, &v29, v18, v15, v19);
v20 = j_fopen(&v37, &dword_21358);
j_fwrite(v19, 1, v15, v20);
j_fclose(v20);
j_free(v19);
j_free(v18);
j_free(v22);
((void (__fastcall *)(JNIEnv *, jstring, int))(*v25)->ReleaseStringUTFChars)(v25, str, v24);
((void (__fastcall *)(JNIEnv *, int, const char *))(*v25)->ReleaseStringUTFChars)(v25, v23, v26);
v14 = 1;
}
}
result = _stack_chk_guard - v28;
if ( _stack_chk_guard == v28 )
result = v14;
return result;
}
int __fastcall sub_71AC(JNIEnv *env, int a2, int a3, int a4)
{
int v4; // r5
const char *v6; // r6
int v7; // r0
int v8; // r7
int v9; // r0
int v10; // r6
int v11; // r0
int v12; // r7
JNIEnv v13; // r0
int v14; // r0
int v15; // r5
int v16; // r0
int v17; // r6
int v18; // r0
int v19; // r0
int v20; // r6
int v21; // r5
int v22; // r7
int v23; // r0
JNIEnv v24; // r0
int v25; // r0
int v26; // r0
int v27; // r5
signed int v28; // ST14_4
int v29; // r6
int v30; // r1
int v31; // r5
int v32; // r0
int v33; // r0
signed int v34; // r2
JNIEnv v35; // r0
signed int v36; // r6
int v37; // r0
int v38; // r1
int v39; // r5
int v40; // r6
int v41; // r7
signed int v43; // [sp+10h] [bp-4Ch]
int v44; // [sp+14h] [bp-48h]
int v45; // [sp+18h] [bp-44h]
int v46; // [sp+1Ch] [bp-40h]
int v47; // [sp+20h] [bp-3Ch]
int v48; // [sp+20h] [bp-3Ch]
int v49; // [sp+24h] [bp-38h]
int v50; // [sp+28h] [bp-34h]
int v51; // [sp+2Ch] [bp-30h]
int v52; // [sp+30h] [bp-2Ch]
int v53; // [sp+34h] [bp-28h]
int v54; // [sp+38h] [bp-24h]
int v55; // [sp+3Ch] [bp-20h]
int v56; // [sp+3Ch] [bp-20h]
int v57; // [sp+3Ch] [bp-20h]
int v58; // [sp+40h] [bp-1Ch]
v47 = a4;
v55 = a3;
v4 = a2;
v6 = "dalvik/system/PathClassLoader";
v7 = ((int (*)(void))(*env)->FindClass)();
v45 = ((int (__fastcall *)(JNIEnv *, int, int))(*env)->IsInstanceOf)(env, v4, v7);
if ( v45 )
{
v8 = sub_A234(env, v4, "dalvik/system/PathClassLoader", "mDexs", "[Ldalvik/system/DexFile;");
v9 = sub_A234(env, v4, "dalvik/system/PathClassLoader", "mPaths", "[Ljava/lang/String;");
}
else
{
v6 = "dalvik/system/DexClassLoader";
v8 = sub_A234(env, v4, "dalvik/system/DexClassLoader", "mDexs", "[Ldalvik/system/DexFile;");
v9 = 0;
}
v50 = v9;
v54 = sub_A234(env, v4, v6, "mFiles", "[Ljava/io/File;");
v44 = v4;
v53 = sub_A234(env, v4, v6, "mZips", "[Ljava/util/zip/ZipFile;");
v51 = v8;
v10 = ((int (__fastcall *)(JNIEnv *, int))(*env)->GetArrayLength)(env, v8);
v11 = ((int (__fastcall *)(JNIEnv *, const char *))(*env)->FindClass)(env, "dalvik/system/DexFile");
v12 = 0;
v58 = ((int (__fastcall *)(JNIEnv *, int, int, _DWORD))(*env)->NewObjectArray)(env, v10 + 1, v11, 0);
v13 = *env;
if ( v10 >= 1 )
{
do
{
v14 = ((int (__fastcall *)(JNIEnv *, int, int))v13->GetObjectArrayElement)(env, v51, v12);
((void (__fastcall *)(JNIEnv *, int, int, int))(*env)->SetObjectArrayElement)(env, v58, v12++, v14);
v13 = *env;
}
while ( v10 != v12 );
}
((void (__fastcall *)(JNIEnv *, int, int, int))v13->SetObjectArrayElement)(env, v58, v10, v55);
if ( v45 )
{
v15 = ((int (__fastcall *)(JNIEnv *, int))(*env)->GetArrayLength)(env, v50);
v16 = ((int (__fastcall *)(JNIEnv *, const char *))(*env)->FindClass)(env, "java/lang/String");
v17 = 0;
v49 = ((int (__fastcall *)(JNIEnv *, int, int, _DWORD))(*env)->NewObjectArray)(env, v15 + 1, v16, 0);
if ( v15 >= 1 )
{
v56 = v15;
do
{
v18 = ((int (__fastcall *)(JNIEnv *, int, int))(*env)->GetObjectArrayElement)(env, v50, v17);
((void (__fastcall *)(JNIEnv *, int, int, int))(*env)->SetObjectArrayElement)(env, v49, v17, v18);
v15 = v56;
++v17;
}
while ( v56 != v17 );
}
((void (__fastcall *)(JNIEnv *, int, int, int))(*env)->SetObjectArrayElement)(env, v49, v15, v47);
}
else
{
v49 = 0;
}
v19 = ((int (__fastcall *)(JNIEnv *, int))(*env)->GetArrayLength)(env, v54);
v20 = v19;
v43 = v19;
v21 = ((int (__fastcall *)(JNIEnv *, const char *))(*env)->FindClass)(env, "java/io/File");
v22 = 0;
v57 = ((int (__fastcall *)(JNIEnv *, int, int, _DWORD))(*env)->NewObjectArray)(env, v20 + 1, v21, 0);
v23 = ((int (__fastcall *)(JNIEnv *, int, const char *, const char *))(*env)->GetMethodID)(
env,
v21,
"<init>",
"(Ljava/lang/String;)V");
v48 = sub_770C(env, v21, v23, v47);
v24 = *env;
if ( v43 >= 1 )
{
do
{
v25 = ((int (__fastcall *)(JNIEnv *, int, int))v24->GetObjectArrayElement)(env, v54, v22);
((void (__fastcall *)(JNIEnv *, int, int, int))(*env)->SetObjectArrayElement)(env, v57, v22++, v25);
v24 = *env;
}
while ( v43 != v22 );
}
((void (__fastcall *)(JNIEnv *, int, signed int, int))v24->SetObjectArrayElement)(env, v57, v43, v48);
v26 = ((int (__fastcall *)(JNIEnv *, int))(*env)->GetArrayLength)(env, v53);
v27 = v26;
v28 = v26;
v29 = ((int (__fastcall *)(JNIEnv *, const char *))(*env)->FindClass)(env, "java/util/zip/ZipFile");
v30 = v27 + 1;
v31 = 0;
v52 = ((int (__fastcall *)(JNIEnv *, int, int, _DWORD))(*env)->NewObjectArray)(env, v30, v29, 0);
v32 = ((int (__fastcall *)(JNIEnv *, int, const char *, const char *))(*env)->GetMethodID)(
env,
v29,
"<init>",
"(Ljava/io/File;)V");
v33 = sub_770C(env, v29, v32, v48);
v34 = v28;
v46 = v33;
v35 = *env;
if ( v28 >= 1 )
{
do
{
v36 = v34;
v37 = ((int (__fastcall *)(JNIEnv *, int, int))v35->GetObjectArrayElement)(env, v53, v31);
((void (__fastcall *)(JNIEnv *, int, int, int))(*env)->SetObjectArrayElement)(env, v52, v31, v37);
v34 = v36;
++v31;
v35 = *env;
}
while ( v36 != v31 );
}
((void (__fastcall *)(JNIEnv *, int))v35->SetObjectArrayElement)(env, v52);
if ( v45 )
{
sub_A448(env, v44, "dalvik/system/PathClassLoader", "mDexs", "[Ldalvik/system/DexFile;", v58);
sub_A448(env, v44, "dalvik/system/PathClassLoader", "mPaths", "[Ljava/lang/String;", v49);
sub_A448(env, v44, "dalvik/system/PathClassLoader", "mFiles", "[Ljava/io/File;", v57);
v41 = v49;
sub_A448(env, v44, "dalvik/system/PathClassLoader", "mZips", "[Ljava/util/zip/ZipFile;", v52);
v38 = v51;
v39 = v50;
v40 = v54;
}
else
{
sub_A448(env, v44, "dalvik/system/DexClassLoader", "mDexs", "[Ldalvik/system/DexFile;", v58);
sub_A448(env, v44, "dalvik/system/DexClassLoader", "mFiles", "[Ljava/io/File;", v57);
sub_A448(env, v44, "dalvik/system/DexClassLoader", "mZips", "[Ljava/util/zip/ZipFile;", v52);
v38 = v51;
v39 = v50;
v40 = v54;
v41 = v49;
}
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v38);
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v39);
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v40);
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v53);
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v58);
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v41);
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v57);
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v52);
((void (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v48);
return ((int (__fastcall *)(JNIEnv *, int))(*env)->DeleteLocalRef)(env, v46);
}
