dex-oracle 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,3 +1,3 @@
1
1
  module DexOracle
2
- VERSION = '1.0.4'
2
+ VERSION = '1.0.5'.freeze
3
3
  end
@@ -18,7 +18,8 @@ class Oracle
18
18
  made_changes = process_plugins
19
19
  @smali_files.each(&:update) if made_changes
20
20
  optimizations = {}
21
- Plugin.plugins.each { |p| optimizations.merge!(p.optimizations) }
21
+ optimizations = Plugin.plugins.collect { |plugin| plugin.optimizations }
22
+ optimizations = optimizations.inject(Hash.new(0)) { |memo, subhash| subhash.each { |prod, value| memo[prod] += value } ; memo }
22
23
  opt_str = optimizations.collect { |k, v| "#{k}=#{v}" } * ', '
23
24
  puts "Optimizations: #{opt_str}"
24
25
  end
@@ -53,9 +54,25 @@ class Oracle
53
54
  methods
54
55
  end
55
56
 
57
+ def self.enumerate_files(dir, ext)
58
+ # On Windows, filenames with unicode characters do not show up with Dir#glob or Dir#[]
59
+ # They do, however, show up with Dir.entries, which is fine because it seems to be
60
+ # the only Dir method that let's me set UTF-8 encoding. I must be missing something.
61
+ # OH WELL. Do it the hard way.
62
+ opts = { encoding: 'UTF-8' }
63
+ Dir.entries(dir, opts).collect do |entry|
64
+ next if entry == '.' or entry == '..'
65
+ full_path = "#{dir}/#{entry}"
66
+ if File.directory?(full_path)
67
+ Oracle.enumerate_files(full_path, ext)
68
+ else
69
+ full_path if entry.downcase.end_with?(ext)
70
+ end
71
+ end.flatten.compact
72
+ end
73
+
56
74
  def self.parse_smali(smali_dir)
57
- smali_files = []
58
- Dir["#{smali_dir}/**/*.smali"].each { |f| smali_files << SmaliFile.new(f) }
59
- smali_files
75
+ file_paths = Oracle.enumerate_files(smali_dir, '.smali')
76
+ smali_files = file_paths.collect { |path| SmaliFile.new(path) }
60
77
  end
61
78
  end
Binary file
data/res/dx.jar CHANGED
Binary file
@@ -0,0 +1,14 @@
1
+ .class public Lorg/cf/CLInit;
2
+ .super Ljava/lang/Object;
3
+
4
+ .method static constructor <clinit>()V
5
+ .locals 1
6
+
7
+ const-string v0, "encrypted"
8
+
9
+ invoke-static {v0}, Lorg/cf/CLInit;->decrypt(Ljava/lang/String;)Ljava/lang/String;
10
+
11
+ move-result-object v0
12
+
13
+ return-void
14
+ .end method
@@ -17,6 +17,7 @@ describe Driver do
17
17
  allow(File).to receive(:open).and_yield(temp_file)
18
18
  allow(File).to receive(:read)
19
19
  allow(JSON).to receive(:parse)
20
+ allow_any_instance_of(Driver).to receive(:get_driver_dir).and_return('/data/local')
20
21
  Driver.new(device_id)
21
22
  end
22
23
  let(:driver_stub) { 'export CLASSPATH=/data/local/od.zip; app_process /system/bin org.cf.oracle.Driver' }
@@ -53,7 +54,6 @@ describe Driver do
53
54
  context 'with integer arguments' do
54
55
  subject { driver.run(class_name, method_signature, *args) }
55
56
  it do
56
- allow(driver).to receive(:drive)
57
57
  expect(driver).to receive(:drive).with("#{driver_stub} 'some.Klazz' 'run' I:1 I:2 I:3")
58
58
  subject
59
59
  end
@@ -70,7 +70,6 @@ describe Driver do
70
70
 
71
71
  subject { driver.run(class_name, method_signature, args) }
72
72
  it do
73
- allow(driver).to receive(:drive)
74
73
  expect(driver).to receive(:drive).with(
75
74
  "#{driver_stub} 'string.Klazz' 'run' java.lang.String:[104,101,108,108,111,32,115,116,114,105,110,103]"
76
75
  )
@@ -21,5 +21,16 @@ describe StringDecryptor do
21
21
  subject
22
22
  end
23
23
  end
24
+
25
+ context 'with clinit.smali' do
26
+ let(:file_path) { "#{data_path}/clinit.smali" }
27
+ let(:batch_item) { ["const-string v0, \"encrypted\"\n\n invoke-static {v0}, Lorg/cf/CLInit;->decrypt(Ljava/lang/String;)Ljava/lang/String;\n\n move-result-object v0", 'v0'] }
28
+
29
+ it do
30
+ expect(driver).to receive(:make_target).with('org/cf/CLInit', 'decrypt(Ljava/lang/String;)', 'encrypted').and_return(batch)
31
+ expect(Plugin).to receive(:apply_batch).with(driver, { method => { batch => [batch_item] } }, kind_of(Proc))
32
+ subject
33
+ end
34
+ end
24
35
  end
25
36
  end
@@ -18,7 +18,7 @@ describe Unreflector do
18
18
 
19
19
  it do
20
20
  expect(Plugin).to receive(:apply_outputs).with(
21
- { batch_id => ['success', 'Landroid/content/Intent;'] },
21
+ { batch_id => %w(success Landroid/content/Intent;) },
22
22
  { method => { batch => [batch_item] } },
23
23
  kind_of(Proc)
24
24
  )
@@ -29,10 +29,11 @@ describe SmaliFile do
29
29
  describe '#update' do
30
30
  subject { smali_file.content }
31
31
  it 'should update modified methods' do
32
- allow(File).to receive(:open)
33
32
  method = smali_file.methods.first
34
33
  method.modified = true
35
34
  method.body = "\nreturn-void\n"
35
+ # Make sure we don't save it
36
+ allow(File).to receive(:open)
36
37
  smali_file.update
37
38
  should eq ".class public LHelloWorld; # COMMENT;\n.super Ljava/lang/Object; # YEAH ;\n.implements Lsome/Interface1;\n.implements Lsome/Interface2;\n\n.field public static final someField:Z\n\n.method public static main([Ljava/lang/String;)V\nreturn-void\n.end method\n\n"
38
39
  end
@@ -1,19 +1,28 @@
1
1
  require 'spec_helper'
2
+ require 'fakefs/spec_helpers'
2
3
 
3
4
  describe SmaliInput do
5
+ include FakeFS::SpecHelpers
6
+
4
7
  let(:data_path) { 'spec/data' }
5
8
  let(:temp_dir) { '/fake/tmp/dir' }
6
9
  let(:temp_file) { '/fake/tmp/file' }
7
10
 
11
+ before(:each) do
12
+ FakeFS::FileSystem.clone('spec/data', 'spec/data')
13
+ end
14
+
15
+ after(:all) do
16
+ end
8
17
  context 'for input that must be disassembled with baksmali' do
9
18
  let(:smali_input) do
10
19
  allow(Dir).to receive(:mktmpdir).and_return(temp_dir)
11
20
  allow(Tempfile).to receive(:new).and_return(temp_file)
12
- allow(SmaliInput).to receive(:which).and_return('baksmali')
21
+ allow(Utility).to receive(:which).and_return('baksmali')
13
22
  allow(SmaliInput).to receive(:exec)
23
+ allow(SmaliInput).to receive(:baksmali)
14
24
  allow(SmaliInput).to receive(:update_apk)
15
25
  allow(SmaliInput).to receive(:extract_dex)
16
- allow(FileUtils).to receive(:cp)
17
26
  SmaliInput.new(file_path)
18
27
  end
19
28
 
@@ -31,7 +40,7 @@ describe SmaliInput do
31
40
  context 'with a dex' do
32
41
  let(:file_path) { "#{data_path}/helloworld.dex" }
33
42
  its(:out_apk) { should be nil }
34
- its(:out_dex) { should eq 'helloworld_oracle.dex' }
43
+ its('out_dex.path') { should eq 'helloworld_oracle.dex' }
35
44
  its(:dir) { should eq temp_dir }
36
45
  its(:temp_dir) { should be true }
37
46
  its(:temp_dex) { should be false }
@@ -1,3 +1,6 @@
1
+ require 'codeclimate-test-reporter'
2
+ CodeClimate::TestReporter.start
3
+
1
4
  require 'bundler/setup'
2
5
  Bundler.setup
3
6
 
@@ -1,5 +1,11 @@
1
1
  #!/usr/bin/env bash
2
2
 
3
3
  cd driver
4
+
5
+ echo "[*] Building driver ..."
4
6
  ./gradlew clean fatjar
5
- dx --dex --output=../res/driver.dex build/libs/driver.jar
7
+
8
+ echo "[*] Updating driver stub ..."
9
+ dx --dex --force-jumbo --output=../res/driver.dex build/libs/driver.jar
10
+
11
+ echo "[*] Done."
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dex-oracle
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Caleb Fenton
@@ -90,8 +90,10 @@ dependencies:
90
90
  - - ">="
91
91
  - !ruby/object:Gem::Version
92
92
  version: 3.4.0
93
- description: |
94
- A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis.
93
+ description: 'A pattern based Dalvik deobfuscator which uses limited execution to
94
+ improve semantic analysis.
95
+
96
+ '
95
97
  email: calebjfenton@gmail.com
96
98
  executables:
97
99
  - dex-oracle
@@ -117,6 +119,7 @@ files:
117
119
  - lib/dex-oracle/driver.rb
118
120
  - lib/dex-oracle/logging.rb
119
121
  - lib/dex-oracle/plugin.rb
122
+ - lib/dex-oracle/plugins/bitwise_antiskid.rb
120
123
  - lib/dex-oracle/plugins/string_decryptor.rb
121
124
  - lib/dex-oracle/plugins/undexguard.rb
122
125
  - lib/dex-oracle/plugins/unreflector.rb
@@ -134,6 +137,7 @@ files:
134
137
  - spec/data/helloworld.dex
135
138
  - spec/data/plugins/bytes_decrypt.smali
136
139
  - spec/data/plugins/class_forname.smali
140
+ - spec/data/plugins/clinit.smali
137
141
  - spec/data/plugins/multi_bytes_decrypt.smali
138
142
  - spec/data/plugins/string_decrypt.smali
139
143
  - spec/data/plugins/string_lookup_1int.smali
@@ -170,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
170
174
  version: '0'
171
175
  requirements: []
172
176
  rubyforge_project:
173
- rubygems_version: 2.4.5.1
177
+ rubygems_version: 2.5.1
174
178
  signing_key:
175
179
  specification_version: 3
176
180
  summary: Pattern based Dalvik deobfuscator
@@ -179,6 +183,7 @@ test_files:
179
183
  - spec/data/helloworld.dex
180
184
  - spec/data/plugins/bytes_decrypt.smali
181
185
  - spec/data/plugins/class_forname.smali
186
+ - spec/data/plugins/clinit.smali
182
187
  - spec/data/plugins/multi_bytes_decrypt.smali
183
188
  - spec/data/plugins/string_decrypt.smali
184
189
  - spec/data/plugins/string_lookup_1int.smali