吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 19909|回复: 10
收起左侧

[Android Tools] dex-oracle - Android 反混淆工具

[复制链接]
风吹屁屁凉 发表于 2016-1-5 12:22
https://github.com/CalebFenton/dex-oracle


Oracle
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify.

Before


After


Bitcoin: 133bmAUshC5VxntCcusWJdT8Sq3BFsaGce

Installation

Step 1. Install Smali / Baksmali

I'm sure since you're an elite Android reverser you already have smali and baksmali on your path.

Step 2. Install Android SDK / ADB

Make sure adb is on your path.

Step 3. Install the Gem

gem install dex-oracle
Or, if you prefer to build from source:

git clone https://github.com/CalebFenton/dex-oracle.git
cd dex-oracle
gem install bundler
bundle install
Step 4. Connect a Device or Emulator

You must have either an emulator running or a device plugged in for Oracle to work.

Oracle needs to execute methods on an live Android system. This can either be on a device or an emulator (preferred). If it's a device, make sure you don't mind running potentially hostile code on it.

If you'd like to use an emulator, and already have the Android SDK installed, you can create and start emulator images with:

android avd
Usage

Usage: dex-oracle [opts] <APK / DEX / Smali Directory>
    -h, --help                       Display this screen
    -s ANDROID_SERIAL,               Device ID for driver execution, default=""
        --specific-device
    -t, --timeout N                  ADB command execution timeout in seconds, default="120"
    -i, --include PATTERN            Only optimize methods and classes matching the pattern, e.g. Ldune;->melange\(\)V
    -e, --exclude PATTERN            Exclude these types from optimization; including overrides
        --disable-plugins STRING[,STRING]*
                                     Disable plugins, e.g. stringdecryptor,unreflector
        --list-plugins               List available plugins
    -v, --verbose                    Be verbose
    -V, --vverbose                   Be very verbose
For example, to only deobfuscate methods in a class called Lcom/android/system/admin/CCOIoll; inside of an APK called obad.apk:

dex-oracle -i com/android/system/admin/CCOIoll obad.apk
How it Works

Oracle takes Android apps (APK), Dalvik executables (DEX), and Smali files as inputs. First, if the input is an APK or DEX, it is disassembled into Smali files. Then, the Smali files are passed to various plugins which perform analysis and modifications. Plugins search for patterns which can be transformed into something easier to read. In order to understand what the code is doing, some Dalvik methods are actually executed with and the output is collected. This way, some method calls can be replaced with constants. After that, all of the Smali files are updated. Finally, if the input was an APK or a DEX file, the modified Smali files are recompiled and an updated APK or DEX is created.

Method execution is performed by the Driver. The input APK, DEX, or Smali is combined with the Driver into a single DEX using dexmerge and pushed onto a device or emulator. Oracle then sends method execution information to Driver whenever a plugin requests it. Driver uses Java reflection to execute methods within its own DEX with the arguments provided by Oracle and returns any output or exceptions. This is especially useful for many string decryption methods, which usually take an encrypted string or some One limitation is that execution is limited to static methods.

Hacking

Creating Your Own Plugin

There are three plugins which come with Oracle:

Undexguard - removes certain types of Dexguard obfuscations
Unreflector - removes some Java reflection
String Decryptor - simple plugin which removes a common type of string encryption
If you encounter a new type of obfuscation, it may be possible to deobfuscate with Oracle. Look at the Smali and figure out if the code can either be:

rearranged
understood by executing some static methods
If either of these two are the case, you should try and write your own plugin. There are four steps to building your own plugin:

identify Smali patterns
figure out how to simplify the patterns
figure out how to interact with driver and invoke methods
figure out how to apply modifications directly
The included plugins should be a good guide for understanding steps #3 and #4. Driver is designed to help with step #2.

Of course, you're always welcome to share whatever obfuscation you come across and someone may eventually get to it.

Updating Driver

First, ensure dx is on your path. This is part of the Android SDK, but it's probably not on your path unless you're hardcore.

The driver folder is a Java project managed by Gradle. Import it into Eclipse, IntelliJ, etc. and make any changes you like. To finish updating the driver, run ./update_driver. This will rebuild the driver and convert the output JAR into a DEX.

免费评分

参与人数 2吾爱币 +1 热心值 +2 收起 理由
rainsnow + 1 + 1 我很赞同!
Monitor + 1 我很赞同!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

Monitor 发表于 2016-1-5 12:25
又一个辅助利器,感谢分享了。回头试一下效果
xiawan 发表于 2016-1-5 15:27
net的混淆工具啊。我现在还不会弄,学习之后再看
sunyilong 发表于 2016-1-7 08:52
et的混淆工具啊。我现在还不会弄,学习之后再看
airdear 发表于 2016-1-21 16:19
正需要这类反混淆工具!!!!
skytws 发表于 2016-1-26 16:25
感谢分享!有时间测试一下
coody 发表于 2016-2-22 15:10
本帖最后由 coody 于 2016-2-22 16:55 编辑

谁编译出来测试一下!

K:\dex-oracle>bundle install
Resolving dependencies...
Using ast 2.2.0
Using rubyzip 1.2.0
Using diff-lcs 1.2.5
Using powerpack 0.1.1
Using rainbow 2.1.0
Using rspec-support 3.4.1
Using ruby-progressbar 1.7.5
Using unicode-display_width 0.3.1
Using bundler 1.11.2
Using parser 2.3.0.6
Using dex-oracle 1.0.3 from source at `.`
Using rspec-core 3.4.3
Using rspec-expectations 3.4.0
Using rspec-mocks 3.4.1
Using rubocop 0.37.2
Using rspec-its 1.2.0
Using rspec 3.4.0
Bundle complete! 5 Gemfile dependencies, 17 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

K:\dex-oracle>gem install dex-oracle
Fetching: dex-oracle-1.0.2.gem (100%)
Successfully installed dex-oracle-1.0.2
Parsing documentation for dex-oracle-1.0.2
Installing ri documentation for dex-oracle-1.0.2
Done installing documentation for dex-oracle after 1 seconds
1 gem installed

直接可以安装好!不用编译源代码!
但是最终还是不太会使用!

迷路的椰果 发表于 2016-3-15 11:45

正需要这类反混淆工具!!!!
functionxu 发表于 2017-4-26 00:40 来自手机
感谢,正需要这类工具
藤原拓海. 发表于 2018-2-11 01:01
支持一下
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 19:34

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表