• Stars
    star
    1,112
  • Rank 41,754 (Top 0.9 %)
  • Language
    C
  • License
    Apache License 2.0
  • Created over 10 years ago
  • Updated almost 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0

android-unpacker

Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0

Contents

  • AHPL0 - Android Hacker Protection Level 0 + some blackphone stuff slides
  • gdb-scripts/ - Bash script for unpacking bangcle/secshell; requires gdb/adb
  • native-unpacker/ - Unpacker for APKProtect/Bangcle/LIAPP/Qihoo Packer that runs natively, no dependency on gdb
  • hide-qemu/ - Small hacks for hiding the qemu/debuggers, specifically from APKProtect
  • corellium-android-unpacking/ - A more realistic approach to unpacking things, dynamically and with automation around it

Disclaimer

This presentation and code are meant for education and research purposes only. Do as you please with it, but accept any and all responsibility for your actions. The tools were created specifically to assist in malware reversing and analysis - be careful.

License

Copyright 2014-2020 Tim 'diff' Strazzere <[email protected]>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

More Repositories

1

anti-emulator

Android Anti-Emulator
Java
787
star
2

golang_loader_assist

Making GO reversing easier in IDA Pro
Python
626
star
3

android-scripts

Collection of Android reverse engineering scripts
C++
409
star
4

010Editor-stuff

A collection of 010 Editor specific stuff
Roff
401
star
5

APKfuscator

A generic DEX file obfuscator and munger
Ruby
259
star
6

android-lkms

Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators
C
205
star
7

dehoser

Unpacker for the HoseDex2Jar APK Protection which packs the original file inside the dex header
Java
70
star
8

elf-dump-fix

Utils use to dump android ELF from memory and do some fix including the ELF section header rebuilding
C
54
star
9

IDAnt-wanna

ELF header abuse
Python
46
star
10

Emacs-Smali

Smali/Baksmali mode for Emacs
Smali
33
star
11

dalvik-header-plugin

Dalvik Header Plugin for IDA Pro
C++
21
star
12

usb-accessory-gadget

Frida gadget for dumping traffic between an apk and usb device
TypeScript
18
star
13

LeNa-Decryption-Script

Legacy Native IDA Decryption Script
12
star
14

android-iptables

C
11
star
15

duml-packet

Parsing, modifying and using DUML packets
TypeScript
10
star
16

alpine-android-ndk

Slim dockerized Android ndk
Dockerfile
10
star
17

VirusTotalCommand

VirusTotalCommand -- Alternative VirusTotal API
Ruby
9
star
18

eglinfo-android

like glxinfo but for egl, like eglinfo but specifically for Android
C
8
star
19

praxis

a transparent proxy micro-service written in golang
Go
7
star
20

ewmami

A gem will allow you to query the Google Play APK Verification (AntiMalware) service
Ruby
7
star
21

distil-solver

Distil Anti-bot solver
Go
6
star
22

goguard

Golang obfuscator
5
star
23

recipes

CSS
4
star
24

no-go-scammers

Quick 'n dirty golang twilio bot for calling and annoying scammers
Go
4
star
25

analysis-scripts

A random assortment of analysis scripts
Python
3
star
26

Noref

No Referrer Chrome Extension
JavaScript
3
star
27

rapidshare

wrapper for RapidShare API
Ruby
3
star
28

regex-speed-test

Testing some fundamental concepts on Golang regex structures
Go
3
star
29

go-shc

go variant of shc
Go
3
star
30

microengine-eicar

Go
2
star
31

droidsuggest

Wrapper for the Android Market/Google Play Search suggestions
Ruby
2
star
32

neuterref

Kill referrers that might be leaked from gmail or other 'trusted' domains
JavaScript
2
star
33

test

HTML
1
star
34

blog

1
star
35

openSprinkl

open source version of a sprinkl controller
JavaScript
1
star
36

aoc

advent of code typescript
TypeScript
1
star
37

location-tests

HTML
1
star
38

docker-node-libusb

Dockerfile
1
star
39

duml-beagle-parse

Cut and parse DJI DUML packets out of an exported USB Beagle stream
TypeScript
1
star
40

nginx-cac-ocsp

A small project designed to encapsulate a full end-to-end test of CAC/PIV cards for testing purposes
Python
1
star