APKiD
APKiD copied to clipboard
rednaga
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
This obfuscation tool was published on Github. I don't have any sample that use it. https://github.com/ClaudiuGeorgiu/Obfuscapk
**Provide the file** `2314ec0053d829d424a82f702188fcb525cefce4feeef096f0855339b897a5d1.apk` **Describe the detection issue** I've stumped upon this sample. `libprotect.so` seems interesting  **APKiD current results...** ``` apkid 2314ec0053d829d424a82f702188fcb525cefce4feeef096f0855339b897a5d1.apk [+] APKiD 2.1.0 ::...
### Sample https://koodous.com/apks/929aac4f3752851833e794da64d6cdc76db19aad7eb5590c7953561ae7a49d6d ```sh apkid 929aac4f3752851833e794da64d6cdc76db19aad7eb5590c7953561ae7a49d6d.apk [+] APKiD 2.1.0 :: from RedNaga :: rednaga.io [*] 929aac4f3752851833e794da64d6cdc76db19aad7eb5590c7953561ae7a49d6d.apk!classes.dex |-> anti_vm : Build.FINGERPRINT check, Build.MANUFACTURER check, Build.MODEL check, Build.PRODUCT check, network operator name...
### Discussion by @strazzere diff 6:54 PM anyone have access to or can seem to scrape up https://play.google.com/store/apps/details?id=squaltech.com.CELE ? diff 6:54 PM it, apparently, has a heavily protected shared lib...
### Samples ```java -rw-rw-r-- 1 edu edu 20M Mar 3 23:32 3bcb66444b43d1a225ac2dd59387b8aa2ce921b0595708d65753eef6b0ef2165 -rw-rw-r-- 1 edu edu 46M Mar 3 23:32 1077027e5cbacecc2c9c958284eb53d0ab693b5b9e2f65756b89ba63da4949d8 ``` ### Packing ```java package btworks.codeguard.entity; import android.content.Context; import...
### Information http://tigress.cs.arizona.edu/ ### Android sample > A simple Android app that I used for a reverse engineering challenge in an Android security lab. Contains native code obfuscated using Tigress...
This will require a little research to see if the techniques work in Android and if they're used anywhere. First, the `vmstat` command seems to be a command on the...
Link: https://github.com/thebabush/dumb-obfuscator Binary: https://github.com/thebabush/dumb-obfuscator/releases
The idea is to massively extract the compiler fingerprints in shared objects and create rules for it. The main idea is to differentiate between `gcc` and `clang` (LLVM) compilers. If...
I've not reversed much but there's dynamic code loading by using encryption. Decrypted payload is mapped with `mprotect` and `mmap` through syscalls with inline assembly. There's a bit of CFG...