• Stars
    star
    157
  • Rank 238,399 (Top 5 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 1 year ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions, even if they have been renamed as part of obfuscation. It compares two versions of an APK and generates a mapping text file and an interactive HTML file as outputs!

🤖 Obfu[DE]scate: A De-obfuscation and Comparison tool for Android APKs. 📱

GitHub contributors GitHub Repo stars GitHub watchers GitHub last commit
ko-fi

Obfu[DE]scate is a Python tool designed to simplify the process of de-obfuscating and comparing two versions of an Android APK - even if the functions have been renamed as part of obfuscation. With fuzzy comparison logic, Obfu[DE]scate can identify similarities between functions and help you uncover changes between APK versions.

➡️ Getting Started

Installation

Getting started with Obfu[DE]scate is easy! Follow these steps:

  1. Clone the repository to your local machine.
  2. Install the dependencies manually or via the included requirements file using the following command:
pip install -r REQUIREMENTS.txt
  1. Download APKTool for your system from their website. and make sure it's installed and available in your PATH.

Obfu[DE]scate has been tested on Windows 11, but should work on other systems as well.

Running

Obfu[DE]scate provides several command-line options to customize its behavior:

Shorthand Parameter Description Required
-a1 apk_file_path_1 The path to the original APK. This is the APK that the second APK will be compared against (i.e. an older version of the APK) True
-a2 apk_file_path_2 The path to the newer APK. The output will show changes between APK 1 and this APK. True
-cp class_path A reverse domain notation path that will be used to filter reviewed functions (i.e. provide com.example.class to only compare functions on this path). False
-o output_dir A directory to save the output mapping, html, and dissasembled APKs to. False
-apktool apk_tool_path If APKTool is not on your path use this parameter to tell ObfuDeScate where APKTool is located. False

To compare two APK files, simply run Obfu[DE]scate with the following command:

python ObfuDeScate.py -a1 "old_example.apk" -a2 "new_example.apk" -cp "com.example.path"

In the above example, Obfu[DE]scate will review all functions in the old_example.apk APK at the class path com.example.path and compare them against all functions found at the same class path in new_example.apk.

🔎 Outputs

Obfu[DE]scate generates two output files: a mapping file in newline-separated list format, and an interactive HTML file. These output files include:

  • mapping.txt - A newline seperated text file with each line relating to an identified match between a method in APK1 and APK2. The format for these lines are such as: com.chess.play.ObserveGameHelperImpl.d -> com.chess.play.ObserveGameHelperImpl.a .
  • output.html - A HTML file that when opened in a web browser lists all functions in APK1. These are dropdowns that when clicked show the matched method in APK2 (if any), the confidence of them being a match, and the codeblock in SMALI for that method from APK1 and APK2.

🙏 Contributions

Obfu[DE]scate is an open-source project and welcomes contributions from the community. If you would like to contribute to Obfu[DE]scate, please follow these guidelines:

  • Fork the repository to your own GitHub account.
  • Create a new branch with a descriptive name for your contribution.
  • Make your changes and test them thoroughly.
  • Submit a pull request to the main repository, including a detailed description of your changes and any relevant documentation.
  • Wait for feedback from the maintainers and address any comments or suggestions (if any).
  • Once your changes have been reviewed and approved, they will be merged into the main repository.

⚖️ Code of Conduct

Obfu[DE]scate follows the Contributor Covenant Code of Conduct. Please make sure to review. and adhere to this code of conduct when contributing to Obfu[DE]scate.

🐛 Bug Reports and Feature Requests

If you encounter a bug or have a suggestion for a new feature, please open an issue in the GitHub repository. Please provide as much detail as possible, including steps to reproduce the issue or a clear description of the proposed feature. Your feedback is valuable and will help improve Obfu[DE]scate for everyone.

💛 Thanks

This tool wouldn't work without APKTool! Secondly, many of the examples in this README use the Chess.com app as a base, check it out here.

📜 License

GNU General Public License v3.0

More Repositories

1

Awesome-Android-Reverse-Engineering

A curated list of awesome Android Reverse Engineering training, resources, and tools.
705
star
2

AutoDroid

A tool for automating interactions with Android devices - including ADB, AndroGuard, and Frida interactivity.
Python
134
star
3

Monocle

Tooling backed by an LLM for performing natural language searches against compiled target binaries. Search for encryption logic, password strings, vulnerabilities, etc.
Python
128
star
4

DroidDetective

A machine learning malware analysis framework for Android apps.
Python
112
star
5

PocketSmali

A modular and extendable Python tool for emulating simple SMALI code.
Python
83
star
6

DISintegrity

A tool for analysing Android APKs and extracting root, integrity, and tamper detection checks.
Python
57
star
7

Tweezer

A binary analysis tool for identifying unknown function names, using a word-2-vec model
Python
50
star
8

AutoCorpus

AutoCorpus is a tool backed by a large language model (LLM) for automatically generating corpus files for fuzzing.
Python
47
star
9

Broken-Droid-Factory

BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for training when it comes to vulnerability research, ethical hacking, and pen testing on Android apps.
Python
38
star
10

ThingFinder

ThingFinder is a tool designed to facilitate searching and analysing code, whether it's source code or compiled binary executables. It provides a modular interface for adding new parsers for identifying new 'things'.
Python
33
star
11

Awesome-Binary-Analysis-Automation

A curated list of awesome binary analysis automation training, resources, and tools.
19
star
12

Tamper

An Android application, designed as a reference point, that implements an array of tamper and root detection methods - inspired by Google Play Safety Net.
Java
13
star
13

RUNIC

📱 RUNIC tamper detection demo - designed to serve as a parallel for understanding more complex tamper detection and integrity systems such as Google Play SafetyNet and Huawei Safety Detect.
Java
12
star
14

CyberTruck-2019-Android-CTF-Writeup

This is a write-up for the Now Secure Android reverse engineering CTF based on analysing a car key-less application. ... It has nothing to do with the Tesla CyberTruck.
JavaScript
11
star
15

GhidraBridge

A Python interface for automating Ghidra tasks.
Python
8
star
16

Hunch

A Predictive Policing and Threat Aggregation toolset. This modular toolset, powered by Natural Language Processing and Open Source Intelligence, is designed to provide the user with actionable data including: signals, pivots, and risk levels.
Python
6
star
17

user1342

5
star
18

Just-Another-Differ

🔎 Function Change Differ | A diffing tool for binary files when comparing obfuscated and changed function contents between versions 🛠️
Python
3
star
19

Secure-App-Demo

An Android application designed to demonstrate insecure application security issues.
Java
2
star
20

Storage

A simple file explorer app for viewing and sharing files on android external storage.
Java
1
star
21

Android-Messenger-App-CTF-Writeup

A write-up and guide on the Android CTF challenge created by Mason CC.
Smali
1
star
22

WargamesAI

Professional Wargaming LLM Toolbox
Python
1
star
23

SFC

Simple Folder Comparison
Python
1
star
24

One_List

A basic list making application written for Android. Saves list items to external storage as filenames and makes use of run time permissions.
Java
1
star
25

OWASP-MSTG-Android-CrackMe-Walkthrough

The OWASP MSTG Android CrackMe is a series of Android applications with hidden flags designed to develop Java and Native reverse engineering skills.
Smali
1
star
26

conjecture

Evaluating the likelihood of data points in a LLM's training set
Python
1
star