necst / aamo Goto Github PK
View Code? Open in Web Editor NEWAAMO: Another Android Malware Obfuscator
License: MIT License
AAMO: Another Android Malware Obfuscator
License: MIT License
Hi! Do not change java class name of service when using native code (jni)?
i give the apk as the argument. The program just exits. It happens when i dont give any argument to it.
python obfuscators/obfuscators.py just exits.
I have the code running and I am testing it to evaluate the quality of obfuscation produced.
Currently as a first attempt i tried using the list of ['Fields', 'Renaming', 'StringEncrypt', 'Manifest']
. The resulting obfuscators.log
reports success but upon analysis of the output apk
all the methods and classes have their original names. I am suspecting I am doing something wrong!
obfuscators.log
DEBUG:root:[erevos]:Obfuscators Initialize: /home/er/Desktop/tools/aamo_erev0s/obfuscators /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos/app
DEBUG:root:[erevos]:Obfuscate Request: /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos.apk - ['Fields', 'Renaming', 'StringEncrypt', 'Manifest'] - /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos
DEBUG:root:[erevos]:Directory cleaned: /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos
DEBUG:root:[erevos]:
DEBUG:root:[erevos]:
DEBUG:root:[erevos]:Backsmali: /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos.apk into /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos
DEBUG:root:[erevos]:I: Using Apktool 2.4.0 on erevos.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/er/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Baksmaling classes2.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
DEBUG:root:[erevos]:
DEBUG:root:[erevos]:Obfuscate Start: 2019-06-17 12:35:13.761913
DEBUG:root:[erevos]:Obfuscator Field
DEBUG:root:[erevos]:Python Obfuscator!
DEBUG:root:[erevos]:Obfuscator Renaming
DEBUG:root:[erevos]:Python Obfuscator!
DEBUG:root:[erevos]:Obfuscator String
DEBUG:root:[erevos]:Python Obfuscator!
DEBUG:root:[erevos]:Obfuscator Manifest
DEBUG:root:[erevos]:Python Obfuscator!
DEBUG:root:[erevos]:Obfuscate Stop: 2019-06-17 12:35:51.097055
DEBUG:root:[erevos]:Obfuscate Time: 0:00:37.335142
DEBUG:root:[erevos]:Smali: /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos.apk from /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos
DEBUG:root:[erevos]:I: Using Apktool 2.4.0
I: Smaling smali folder into classes.dex...
DEBUG:root:[erevos]:dir_with_apks_to_obfuscate/erevos/app/smali/ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali[19,4] Error for input '.parameter': Invalid directive
dir_with_apks_to_obfuscate/erevos/app/smali/ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali[19,15] mismatched input '"str"' expecting END_METHOD_DIRECTIVE
dir_with_apks_to_obfuscate/erevos/app/smali/ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali[74,4] Error for input '.parameter': Invalid directive
dir_with_apks_to_obfuscate/erevos/app/smali/ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali[74,15] mismatched input '"s"' expecting END_METHOD_DIRECTIVE
dir_with_apks_to_obfuscate/erevos/app/smali/ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali[186,4] Error for input '.parameter': Invalid directive
dir_with_apks_to_obfuscate/erevos/app/smali/ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali[187,4] Error for input '.parameter': Invalid directive
dir_with_apks_to_obfuscate/erevos/app/smali/ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali[186,15] mismatched input '"mode"' expecting END_METHOD_DIRECTIVE
dir_with_apks_to_obfuscate/erevos/app/smali/ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali[198,4] missing EOF at '.prologue'
Could not smali file: ac31b3236/a9a0364b9/a9b207167/ada38cd10.smali
DEBUG:root:[erevos]:Sign: /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos.apk
DEBUG:root:[erevos]:jar signed.
Warning:
The MD5withRSA algorithm specified for the -sigalg option is considered a security risk.
DEBUG:root:[erevos]:
DEBUG:root:[erevos]:Directory cleaned: /home/er/Desktop/tools/aamo_erev0s/dir_with_apks_to_obfuscate/erevos
DEBUG:root:[erevos]:
DEBUG:root:[erevos]:
DEBUG:root:[erevos]:### SUCCESS ### {0:00:37.335142}
SECOND ATTEMPT
This time i tried to run ['Manifest', 'Renaming']
only, and to my surprise the output was indeed obfuscated, the names of the methods and classes are random this time. I tried to run this apk but no matter if i run in on emulator or not the result is that it keeps crashing with a message from Android Name_of_the_app keeps stopping
.
THIRD ATTEMPT
Using only ['Renaming']
, nothing happens again, like the first attempt
P.S The paths are wrong in the obfuscators/obfuscators.py and i have fixed them in order for this to work -- plus i have made the appropriate changes in smali and backsmali to work with apktool 2.4.0
I am able to execute the code but the output files are not in correct format. I'm getting the following error: jarsigner: unable to open jar file
I think the error is due to the code:
popen('jarsigner -sigalg MD5withRSA -digestalg SHA1 -keystore ' + obfuscator_resource_dir + '/resignKey.keystore -storepass resignKey ' + sample_file_name + ' resignKey')
Also, do I need to update any packages/dependencies for SHA256 instead of SHA1?
Thanks
I have this code running - and I set my list of obfuscation tasks - and it runs. I am doing Reflection, Reordering, Renaming, and Indirection. So, some fairly sizable changes to the bytecode.
When it completes it goes, signs the jar file, and I have a new APK. But ... when I open up the APK the classes.dex file is the same size as the original. When I open and view both dex in a tool like JADX they are identical.
Am I missing something? Should not classes.dex be different? If so, why would it not update the file w/in the APK.
Very frustrating :(
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.