dex-oracle 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +6 -1
- data/Gemfile.lock +36 -27
- data/LICENSE.txt +1 -1
- data/README.md +43 -8
- data/bin/dex-oracle +1 -1
- data/dex-oracle.gemspec +1 -1
- data/driver/src/main/java/org/cf/oracle/Driver.java +2 -3
- data/lib/dex-oracle/driver.rb +119 -78
- data/lib/dex-oracle/plugin.rb +7 -7
- data/lib/dex-oracle/plugins/bitwise_antiskid.rb +61 -0
- data/lib/dex-oracle/plugins/string_decryptor.rb +6 -6
- data/lib/dex-oracle/plugins/undexguard.rb +28 -23
- data/lib/dex-oracle/plugins/unreflector.rb +25 -28
- data/lib/dex-oracle/resources.rb +4 -2
- data/lib/dex-oracle/smali_file.rb +30 -8
- data/lib/dex-oracle/smali_input.rb +27 -21
- data/lib/dex-oracle/version.rb +1 -1
- data/lib/oracle.rb +21 -4
- data/res/driver.dex +0 -0
- data/res/dx.jar +0 -0
- data/spec/data/plugins/clinit.smali +14 -0
- data/spec/dex-oracle/driver_spec.rb +1 -2
- data/spec/dex-oracle/plugins/string_decryptor_spec.rb +11 -0
- data/spec/dex-oracle/plugins/unreflector_spec.rb +1 -1
- data/spec/dex-oracle/smali_file_spec.rb +2 -1
- data/spec/dex-oracle/smali_input_spec.rb +12 -3
- data/spec/spec_helper.rb +3 -0
- data/update_driver +7 -1
- metadata +9 -4
data/lib/dex-oracle/version.rb
CHANGED
data/lib/oracle.rb
CHANGED
@@ -18,7 +18,8 @@ class Oracle
|
|
18
18
|
made_changes = process_plugins
|
19
19
|
@smali_files.each(&:update) if made_changes
|
20
20
|
optimizations = {}
|
21
|
-
Plugin.plugins.
|
21
|
+
optimizations = Plugin.plugins.collect { |plugin| plugin.optimizations }
|
22
|
+
optimizations = optimizations.inject(Hash.new(0)) { |memo, subhash| subhash.each { |prod, value| memo[prod] += value } ; memo }
|
22
23
|
opt_str = optimizations.collect { |k, v| "#{k}=#{v}" } * ', '
|
23
24
|
puts "Optimizations: #{opt_str}"
|
24
25
|
end
|
@@ -53,9 +54,25 @@ class Oracle
|
|
53
54
|
methods
|
54
55
|
end
|
55
56
|
|
57
|
+
def self.enumerate_files(dir, ext)
|
58
|
+
# On Windows, filenames with unicode characters do not show up with Dir#glob or Dir#[]
|
59
|
+
# They do, however, show up with Dir.entries, which is fine because it seems to be
|
60
|
+
# the only Dir method that let's me set UTF-8 encoding. I must be missing something.
|
61
|
+
# OH WELL. Do it the hard way.
|
62
|
+
opts = { encoding: 'UTF-8' }
|
63
|
+
Dir.entries(dir, opts).collect do |entry|
|
64
|
+
next if entry == '.' or entry == '..'
|
65
|
+
full_path = "#{dir}/#{entry}"
|
66
|
+
if File.directory?(full_path)
|
67
|
+
Oracle.enumerate_files(full_path, ext)
|
68
|
+
else
|
69
|
+
full_path if entry.downcase.end_with?(ext)
|
70
|
+
end
|
71
|
+
end.flatten.compact
|
72
|
+
end
|
73
|
+
|
56
74
|
def self.parse_smali(smali_dir)
|
57
|
-
|
58
|
-
|
59
|
-
smali_files
|
75
|
+
file_paths = Oracle.enumerate_files(smali_dir, '.smali')
|
76
|
+
smali_files = file_paths.collect { |path| SmaliFile.new(path) }
|
60
77
|
end
|
61
78
|
end
|
data/res/driver.dex
CHANGED
Binary file
|
data/res/dx.jar
CHANGED
Binary file
|
@@ -0,0 +1,14 @@
|
|
1
|
+
.class public Lorg/cf/CLInit;
|
2
|
+
.super Ljava/lang/Object;
|
3
|
+
|
4
|
+
.method static constructor <clinit>()V
|
5
|
+
.locals 1
|
6
|
+
|
7
|
+
const-string v0, "encrypted"
|
8
|
+
|
9
|
+
invoke-static {v0}, Lorg/cf/CLInit;->decrypt(Ljava/lang/String;)Ljava/lang/String;
|
10
|
+
|
11
|
+
move-result-object v0
|
12
|
+
|
13
|
+
return-void
|
14
|
+
.end method
|
@@ -17,6 +17,7 @@ describe Driver do
|
|
17
17
|
allow(File).to receive(:open).and_yield(temp_file)
|
18
18
|
allow(File).to receive(:read)
|
19
19
|
allow(JSON).to receive(:parse)
|
20
|
+
allow_any_instance_of(Driver).to receive(:get_driver_dir).and_return('/data/local')
|
20
21
|
Driver.new(device_id)
|
21
22
|
end
|
22
23
|
let(:driver_stub) { 'export CLASSPATH=/data/local/od.zip; app_process /system/bin org.cf.oracle.Driver' }
|
@@ -53,7 +54,6 @@ describe Driver do
|
|
53
54
|
context 'with integer arguments' do
|
54
55
|
subject { driver.run(class_name, method_signature, *args) }
|
55
56
|
it do
|
56
|
-
allow(driver).to receive(:drive)
|
57
57
|
expect(driver).to receive(:drive).with("#{driver_stub} 'some.Klazz' 'run' I:1 I:2 I:3")
|
58
58
|
subject
|
59
59
|
end
|
@@ -70,7 +70,6 @@ describe Driver do
|
|
70
70
|
|
71
71
|
subject { driver.run(class_name, method_signature, args) }
|
72
72
|
it do
|
73
|
-
allow(driver).to receive(:drive)
|
74
73
|
expect(driver).to receive(:drive).with(
|
75
74
|
"#{driver_stub} 'string.Klazz' 'run' java.lang.String:[104,101,108,108,111,32,115,116,114,105,110,103]"
|
76
75
|
)
|
@@ -21,5 +21,16 @@ describe StringDecryptor do
|
|
21
21
|
subject
|
22
22
|
end
|
23
23
|
end
|
24
|
+
|
25
|
+
context 'with clinit.smali' do
|
26
|
+
let(:file_path) { "#{data_path}/clinit.smali" }
|
27
|
+
let(:batch_item) { ["const-string v0, \"encrypted\"\n\n invoke-static {v0}, Lorg/cf/CLInit;->decrypt(Ljava/lang/String;)Ljava/lang/String;\n\n move-result-object v0", 'v0'] }
|
28
|
+
|
29
|
+
it do
|
30
|
+
expect(driver).to receive(:make_target).with('org/cf/CLInit', 'decrypt(Ljava/lang/String;)', 'encrypted').and_return(batch)
|
31
|
+
expect(Plugin).to receive(:apply_batch).with(driver, { method => { batch => [batch_item] } }, kind_of(Proc))
|
32
|
+
subject
|
33
|
+
end
|
34
|
+
end
|
24
35
|
end
|
25
36
|
end
|
@@ -18,7 +18,7 @@ describe Unreflector do
|
|
18
18
|
|
19
19
|
it do
|
20
20
|
expect(Plugin).to receive(:apply_outputs).with(
|
21
|
-
{ batch_id =>
|
21
|
+
{ batch_id => %w(success Landroid/content/Intent;) },
|
22
22
|
{ method => { batch => [batch_item] } },
|
23
23
|
kind_of(Proc)
|
24
24
|
)
|
@@ -29,10 +29,11 @@ describe SmaliFile do
|
|
29
29
|
describe '#update' do
|
30
30
|
subject { smali_file.content }
|
31
31
|
it 'should update modified methods' do
|
32
|
-
allow(File).to receive(:open)
|
33
32
|
method = smali_file.methods.first
|
34
33
|
method.modified = true
|
35
34
|
method.body = "\nreturn-void\n"
|
35
|
+
# Make sure we don't save it
|
36
|
+
allow(File).to receive(:open)
|
36
37
|
smali_file.update
|
37
38
|
should eq ".class public LHelloWorld; # COMMENT;\n.super Ljava/lang/Object; # YEAH ;\n.implements Lsome/Interface1;\n.implements Lsome/Interface2;\n\n.field public static final someField:Z\n\n.method public static main([Ljava/lang/String;)V\nreturn-void\n.end method\n\n"
|
38
39
|
end
|
@@ -1,19 +1,28 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'fakefs/spec_helpers'
|
2
3
|
|
3
4
|
describe SmaliInput do
|
5
|
+
include FakeFS::SpecHelpers
|
6
|
+
|
4
7
|
let(:data_path) { 'spec/data' }
|
5
8
|
let(:temp_dir) { '/fake/tmp/dir' }
|
6
9
|
let(:temp_file) { '/fake/tmp/file' }
|
7
10
|
|
11
|
+
before(:each) do
|
12
|
+
FakeFS::FileSystem.clone('spec/data', 'spec/data')
|
13
|
+
end
|
14
|
+
|
15
|
+
after(:all) do
|
16
|
+
end
|
8
17
|
context 'for input that must be disassembled with baksmali' do
|
9
18
|
let(:smali_input) do
|
10
19
|
allow(Dir).to receive(:mktmpdir).and_return(temp_dir)
|
11
20
|
allow(Tempfile).to receive(:new).and_return(temp_file)
|
12
|
-
allow(
|
21
|
+
allow(Utility).to receive(:which).and_return('baksmali')
|
13
22
|
allow(SmaliInput).to receive(:exec)
|
23
|
+
allow(SmaliInput).to receive(:baksmali)
|
14
24
|
allow(SmaliInput).to receive(:update_apk)
|
15
25
|
allow(SmaliInput).to receive(:extract_dex)
|
16
|
-
allow(FileUtils).to receive(:cp)
|
17
26
|
SmaliInput.new(file_path)
|
18
27
|
end
|
19
28
|
|
@@ -31,7 +40,7 @@ describe SmaliInput do
|
|
31
40
|
context 'with a dex' do
|
32
41
|
let(:file_path) { "#{data_path}/helloworld.dex" }
|
33
42
|
its(:out_apk) { should be nil }
|
34
|
-
its(
|
43
|
+
its('out_dex.path') { should eq 'helloworld_oracle.dex' }
|
35
44
|
its(:dir) { should eq temp_dir }
|
36
45
|
its(:temp_dir) { should be true }
|
37
46
|
its(:temp_dex) { should be false }
|
data/spec/spec_helper.rb
CHANGED
data/update_driver
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
#!/usr/bin/env bash
|
2
2
|
|
3
3
|
cd driver
|
4
|
+
|
5
|
+
echo "[*] Building driver ..."
|
4
6
|
./gradlew clean fatjar
|
5
|
-
|
7
|
+
|
8
|
+
echo "[*] Updating driver stub ..."
|
9
|
+
dx --dex --force-jumbo --output=../res/driver.dex build/libs/driver.jar
|
10
|
+
|
11
|
+
echo "[*] Done."
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dex-oracle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Caleb Fenton
|
@@ -90,8 +90,10 @@ dependencies:
|
|
90
90
|
- - ">="
|
91
91
|
- !ruby/object:Gem::Version
|
92
92
|
version: 3.4.0
|
93
|
-
description:
|
94
|
-
|
93
|
+
description: 'A pattern based Dalvik deobfuscator which uses limited execution to
|
94
|
+
improve semantic analysis.
|
95
|
+
|
96
|
+
'
|
95
97
|
email: calebjfenton@gmail.com
|
96
98
|
executables:
|
97
99
|
- dex-oracle
|
@@ -117,6 +119,7 @@ files:
|
|
117
119
|
- lib/dex-oracle/driver.rb
|
118
120
|
- lib/dex-oracle/logging.rb
|
119
121
|
- lib/dex-oracle/plugin.rb
|
122
|
+
- lib/dex-oracle/plugins/bitwise_antiskid.rb
|
120
123
|
- lib/dex-oracle/plugins/string_decryptor.rb
|
121
124
|
- lib/dex-oracle/plugins/undexguard.rb
|
122
125
|
- lib/dex-oracle/plugins/unreflector.rb
|
@@ -134,6 +137,7 @@ files:
|
|
134
137
|
- spec/data/helloworld.dex
|
135
138
|
- spec/data/plugins/bytes_decrypt.smali
|
136
139
|
- spec/data/plugins/class_forname.smali
|
140
|
+
- spec/data/plugins/clinit.smali
|
137
141
|
- spec/data/plugins/multi_bytes_decrypt.smali
|
138
142
|
- spec/data/plugins/string_decrypt.smali
|
139
143
|
- spec/data/plugins/string_lookup_1int.smali
|
@@ -170,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
170
174
|
version: '0'
|
171
175
|
requirements: []
|
172
176
|
rubyforge_project:
|
173
|
-
rubygems_version: 2.
|
177
|
+
rubygems_version: 2.5.1
|
174
178
|
signing_key:
|
175
179
|
specification_version: 3
|
176
180
|
summary: Pattern based Dalvik deobfuscator
|
@@ -179,6 +183,7 @@ test_files:
|
|
179
183
|
- spec/data/helloworld.dex
|
180
184
|
- spec/data/plugins/bytes_decrypt.smali
|
181
185
|
- spec/data/plugins/class_forname.smali
|
186
|
+
- spec/data/plugins/clinit.smali
|
182
187
|
- spec/data/plugins/multi_bytes_decrypt.smali
|
183
188
|
- spec/data/plugins/string_decrypt.smali
|
184
189
|
- spec/data/plugins/string_lookup_1int.smali
|