dex-oracle 1.0.4 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -1
- data/Gemfile.lock +36 -27
- data/LICENSE.txt +1 -1
- data/README.md +43 -8
- data/bin/dex-oracle +1 -1
- data/dex-oracle.gemspec +1 -1
- data/driver/src/main/java/org/cf/oracle/Driver.java +2 -3
- data/lib/dex-oracle/driver.rb +119 -78
- data/lib/dex-oracle/plugin.rb +7 -7
- data/lib/dex-oracle/plugins/bitwise_antiskid.rb +61 -0
- data/lib/dex-oracle/plugins/string_decryptor.rb +6 -6
- data/lib/dex-oracle/plugins/undexguard.rb +28 -23
- data/lib/dex-oracle/plugins/unreflector.rb +25 -28
- data/lib/dex-oracle/resources.rb +4 -2
- data/lib/dex-oracle/smali_file.rb +30 -8
- data/lib/dex-oracle/smali_input.rb +27 -21
- data/lib/dex-oracle/version.rb +1 -1
- data/lib/oracle.rb +21 -4
- data/res/driver.dex +0 -0
- data/res/dx.jar +0 -0
- data/spec/data/plugins/clinit.smali +14 -0
- data/spec/dex-oracle/driver_spec.rb +1 -2
- data/spec/dex-oracle/plugins/string_decryptor_spec.rb +11 -0
- data/spec/dex-oracle/plugins/unreflector_spec.rb +1 -1
- data/spec/dex-oracle/smali_file_spec.rb +2 -1
- data/spec/dex-oracle/smali_input_spec.rb +12 -3
- data/spec/spec_helper.rb +3 -0
- data/update_driver +7 -1
- metadata +9 -4
data/lib/dex-oracle/version.rb
CHANGED
data/lib/oracle.rb
CHANGED
@@ -18,7 +18,8 @@ class Oracle
|
|
18
18
|
made_changes = process_plugins
|
19
19
|
@smali_files.each(&:update) if made_changes
|
20
20
|
optimizations = {}
|
21
|
-
Plugin.plugins.
|
21
|
+
optimizations = Plugin.plugins.collect { |plugin| plugin.optimizations }
|
22
|
+
optimizations = optimizations.inject(Hash.new(0)) { |memo, subhash| subhash.each { |prod, value| memo[prod] += value } ; memo }
|
22
23
|
opt_str = optimizations.collect { |k, v| "#{k}=#{v}" } * ', '
|
23
24
|
puts "Optimizations: #{opt_str}"
|
24
25
|
end
|
@@ -53,9 +54,25 @@ class Oracle
|
|
53
54
|
methods
|
54
55
|
end
|
55
56
|
|
57
|
+
def self.enumerate_files(dir, ext)
|
58
|
+
# On Windows, filenames with unicode characters do not show up with Dir#glob or Dir#[]
|
59
|
+
# They do, however, show up with Dir.entries, which is fine because it seems to be
|
60
|
+
# the only Dir method that let's me set UTF-8 encoding. I must be missing something.
|
61
|
+
# OH WELL. Do it the hard way.
|
62
|
+
opts = { encoding: 'UTF-8' }
|
63
|
+
Dir.entries(dir, opts).collect do |entry|
|
64
|
+
next if entry == '.' or entry == '..'
|
65
|
+
full_path = "#{dir}/#{entry}"
|
66
|
+
if File.directory?(full_path)
|
67
|
+
Oracle.enumerate_files(full_path, ext)
|
68
|
+
else
|
69
|
+
full_path if entry.downcase.end_with?(ext)
|
70
|
+
end
|
71
|
+
end.flatten.compact
|
72
|
+
end
|
73
|
+
|
56
74
|
def self.parse_smali(smali_dir)
|
57
|
-
|
58
|
-
|
59
|
-
smali_files
|
75
|
+
file_paths = Oracle.enumerate_files(smali_dir, '.smali')
|
76
|
+
smali_files = file_paths.collect { |path| SmaliFile.new(path) }
|
60
77
|
end
|
61
78
|
end
|
data/res/driver.dex
CHANGED
Binary file
|
data/res/dx.jar
CHANGED
Binary file
|
@@ -0,0 +1,14 @@
|
|
1
|
+
.class public Lorg/cf/CLInit;
|
2
|
+
.super Ljava/lang/Object;
|
3
|
+
|
4
|
+
.method static constructor <clinit>()V
|
5
|
+
.locals 1
|
6
|
+
|
7
|
+
const-string v0, "encrypted"
|
8
|
+
|
9
|
+
invoke-static {v0}, Lorg/cf/CLInit;->decrypt(Ljava/lang/String;)Ljava/lang/String;
|
10
|
+
|
11
|
+
move-result-object v0
|
12
|
+
|
13
|
+
return-void
|
14
|
+
.end method
|
@@ -17,6 +17,7 @@ describe Driver do
|
|
17
17
|
allow(File).to receive(:open).and_yield(temp_file)
|
18
18
|
allow(File).to receive(:read)
|
19
19
|
allow(JSON).to receive(:parse)
|
20
|
+
allow_any_instance_of(Driver).to receive(:get_driver_dir).and_return('/data/local')
|
20
21
|
Driver.new(device_id)
|
21
22
|
end
|
22
23
|
let(:driver_stub) { 'export CLASSPATH=/data/local/od.zip; app_process /system/bin org.cf.oracle.Driver' }
|
@@ -53,7 +54,6 @@ describe Driver do
|
|
53
54
|
context 'with integer arguments' do
|
54
55
|
subject { driver.run(class_name, method_signature, *args) }
|
55
56
|
it do
|
56
|
-
allow(driver).to receive(:drive)
|
57
57
|
expect(driver).to receive(:drive).with("#{driver_stub} 'some.Klazz' 'run' I:1 I:2 I:3")
|
58
58
|
subject
|
59
59
|
end
|
@@ -70,7 +70,6 @@ describe Driver do
|
|
70
70
|
|
71
71
|
subject { driver.run(class_name, method_signature, args) }
|
72
72
|
it do
|
73
|
-
allow(driver).to receive(:drive)
|
74
73
|
expect(driver).to receive(:drive).with(
|
75
74
|
"#{driver_stub} 'string.Klazz' 'run' java.lang.String:[104,101,108,108,111,32,115,116,114,105,110,103]"
|
76
75
|
)
|
@@ -21,5 +21,16 @@ describe StringDecryptor do
|
|
21
21
|
subject
|
22
22
|
end
|
23
23
|
end
|
24
|
+
|
25
|
+
context 'with clinit.smali' do
|
26
|
+
let(:file_path) { "#{data_path}/clinit.smali" }
|
27
|
+
let(:batch_item) { ["const-string v0, \"encrypted\"\n\n invoke-static {v0}, Lorg/cf/CLInit;->decrypt(Ljava/lang/String;)Ljava/lang/String;\n\n move-result-object v0", 'v0'] }
|
28
|
+
|
29
|
+
it do
|
30
|
+
expect(driver).to receive(:make_target).with('org/cf/CLInit', 'decrypt(Ljava/lang/String;)', 'encrypted').and_return(batch)
|
31
|
+
expect(Plugin).to receive(:apply_batch).with(driver, { method => { batch => [batch_item] } }, kind_of(Proc))
|
32
|
+
subject
|
33
|
+
end
|
34
|
+
end
|
24
35
|
end
|
25
36
|
end
|
@@ -18,7 +18,7 @@ describe Unreflector do
|
|
18
18
|
|
19
19
|
it do
|
20
20
|
expect(Plugin).to receive(:apply_outputs).with(
|
21
|
-
{ batch_id =>
|
21
|
+
{ batch_id => %w(success Landroid/content/Intent;) },
|
22
22
|
{ method => { batch => [batch_item] } },
|
23
23
|
kind_of(Proc)
|
24
24
|
)
|
@@ -29,10 +29,11 @@ describe SmaliFile do
|
|
29
29
|
describe '#update' do
|
30
30
|
subject { smali_file.content }
|
31
31
|
it 'should update modified methods' do
|
32
|
-
allow(File).to receive(:open)
|
33
32
|
method = smali_file.methods.first
|
34
33
|
method.modified = true
|
35
34
|
method.body = "\nreturn-void\n"
|
35
|
+
# Make sure we don't save it
|
36
|
+
allow(File).to receive(:open)
|
36
37
|
smali_file.update
|
37
38
|
should eq ".class public LHelloWorld; # COMMENT;\n.super Ljava/lang/Object; # YEAH ;\n.implements Lsome/Interface1;\n.implements Lsome/Interface2;\n\n.field public static final someField:Z\n\n.method public static main([Ljava/lang/String;)V\nreturn-void\n.end method\n\n"
|
38
39
|
end
|
@@ -1,19 +1,28 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'fakefs/spec_helpers'
|
2
3
|
|
3
4
|
describe SmaliInput do
|
5
|
+
include FakeFS::SpecHelpers
|
6
|
+
|
4
7
|
let(:data_path) { 'spec/data' }
|
5
8
|
let(:temp_dir) { '/fake/tmp/dir' }
|
6
9
|
let(:temp_file) { '/fake/tmp/file' }
|
7
10
|
|
11
|
+
before(:each) do
|
12
|
+
FakeFS::FileSystem.clone('spec/data', 'spec/data')
|
13
|
+
end
|
14
|
+
|
15
|
+
after(:all) do
|
16
|
+
end
|
8
17
|
context 'for input that must be disassembled with baksmali' do
|
9
18
|
let(:smali_input) do
|
10
19
|
allow(Dir).to receive(:mktmpdir).and_return(temp_dir)
|
11
20
|
allow(Tempfile).to receive(:new).and_return(temp_file)
|
12
|
-
allow(
|
21
|
+
allow(Utility).to receive(:which).and_return('baksmali')
|
13
22
|
allow(SmaliInput).to receive(:exec)
|
23
|
+
allow(SmaliInput).to receive(:baksmali)
|
14
24
|
allow(SmaliInput).to receive(:update_apk)
|
15
25
|
allow(SmaliInput).to receive(:extract_dex)
|
16
|
-
allow(FileUtils).to receive(:cp)
|
17
26
|
SmaliInput.new(file_path)
|
18
27
|
end
|
19
28
|
|
@@ -31,7 +40,7 @@ describe SmaliInput do
|
|
31
40
|
context 'with a dex' do
|
32
41
|
let(:file_path) { "#{data_path}/helloworld.dex" }
|
33
42
|
its(:out_apk) { should be nil }
|
34
|
-
its(
|
43
|
+
its('out_dex.path') { should eq 'helloworld_oracle.dex' }
|
35
44
|
its(:dir) { should eq temp_dir }
|
36
45
|
its(:temp_dir) { should be true }
|
37
46
|
its(:temp_dex) { should be false }
|
data/spec/spec_helper.rb
CHANGED
data/update_driver
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
#!/usr/bin/env bash
|
2
2
|
|
3
3
|
cd driver
|
4
|
+
|
5
|
+
echo "[*] Building driver ..."
|
4
6
|
./gradlew clean fatjar
|
5
|
-
|
7
|
+
|
8
|
+
echo "[*] Updating driver stub ..."
|
9
|
+
dx --dex --force-jumbo --output=../res/driver.dex build/libs/driver.jar
|
10
|
+
|
11
|
+
echo "[*] Done."
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dex-oracle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Caleb Fenton
|
@@ -90,8 +90,10 @@ dependencies:
|
|
90
90
|
- - ">="
|
91
91
|
- !ruby/object:Gem::Version
|
92
92
|
version: 3.4.0
|
93
|
-
description:
|
94
|
-
|
93
|
+
description: 'A pattern based Dalvik deobfuscator which uses limited execution to
|
94
|
+
improve semantic analysis.
|
95
|
+
|
96
|
+
'
|
95
97
|
email: calebjfenton@gmail.com
|
96
98
|
executables:
|
97
99
|
- dex-oracle
|
@@ -117,6 +119,7 @@ files:
|
|
117
119
|
- lib/dex-oracle/driver.rb
|
118
120
|
- lib/dex-oracle/logging.rb
|
119
121
|
- lib/dex-oracle/plugin.rb
|
122
|
+
- lib/dex-oracle/plugins/bitwise_antiskid.rb
|
120
123
|
- lib/dex-oracle/plugins/string_decryptor.rb
|
121
124
|
- lib/dex-oracle/plugins/undexguard.rb
|
122
125
|
- lib/dex-oracle/plugins/unreflector.rb
|
@@ -134,6 +137,7 @@ files:
|
|
134
137
|
- spec/data/helloworld.dex
|
135
138
|
- spec/data/plugins/bytes_decrypt.smali
|
136
139
|
- spec/data/plugins/class_forname.smali
|
140
|
+
- spec/data/plugins/clinit.smali
|
137
141
|
- spec/data/plugins/multi_bytes_decrypt.smali
|
138
142
|
- spec/data/plugins/string_decrypt.smali
|
139
143
|
- spec/data/plugins/string_lookup_1int.smali
|
@@ -170,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
170
174
|
version: '0'
|
171
175
|
requirements: []
|
172
176
|
rubyforge_project:
|
173
|
-
rubygems_version: 2.
|
177
|
+
rubygems_version: 2.5.1
|
174
178
|
signing_key:
|
175
179
|
specification_version: 3
|
176
180
|
summary: Pattern based Dalvik deobfuscator
|
@@ -179,6 +183,7 @@ test_files:
|
|
179
183
|
- spec/data/helloworld.dex
|
180
184
|
- spec/data/plugins/bytes_decrypt.smali
|
181
185
|
- spec/data/plugins/class_forname.smali
|
186
|
+
- spec/data/plugins/clinit.smali
|
182
187
|
- spec/data/plugins/multi_bytes_decrypt.smali
|
183
188
|
- spec/data/plugins/string_decrypt.smali
|
184
189
|
- spec/data/plugins/string_lookup_1int.smali
|