RubyGems - dex-oracle - Versions diffs - 1.0.4 → 1.0.5 - Mend

dex-oracle 1.0.4 → 1.0.5

Files changed (30) hide show

checksums.yaml +4 -4
data/Gemfile +6 -1
data/Gemfile.lock +36 -27
data/LICENSE.txt +1 -1
data/README.md +43 -8
data/bin/dex-oracle +1 -1
data/dex-oracle.gemspec +1 -1
data/driver/src/main/java/org/cf/oracle/Driver.java +2 -3
data/lib/dex-oracle/driver.rb +119 -78
data/lib/dex-oracle/plugin.rb +7 -7
data/lib/dex-oracle/plugins/bitwise_antiskid.rb +61 -0
data/lib/dex-oracle/plugins/string_decryptor.rb +6 -6
data/lib/dex-oracle/plugins/undexguard.rb +28 -23
data/lib/dex-oracle/plugins/unreflector.rb +25 -28
data/lib/dex-oracle/resources.rb +4 -2
data/lib/dex-oracle/smali_file.rb +30 -8
data/lib/dex-oracle/smali_input.rb +27 -21
data/lib/dex-oracle/version.rb +1 -1
data/lib/oracle.rb +21 -4
data/res/driver.dex +0 -0
data/res/dx.jar +0 -0
data/spec/data/plugins/clinit.smali +14 -0
data/spec/dex-oracle/driver_spec.rb +1 -2
data/spec/dex-oracle/plugins/string_decryptor_spec.rb +11 -0
data/spec/dex-oracle/plugins/unreflector_spec.rb +1 -1
data/spec/dex-oracle/smali_file_spec.rb +2 -1
data/spec/dex-oracle/smali_input_spec.rb +12 -3
data/spec/spec_helper.rb +3 -0
data/update_driver +7 -1
metadata +9 -4

@@ -1,3 +1,3 @@
 module DexOracle
-  VERSION = '1.0.4'
+  VERSION = '1.0.5'.freeze
 end

data/lib/oracle.rb CHANGED

@@ -18,7 +18,8 @@ class Oracle
     made_changes = process_plugins
     @smali_files.each(&:update) if made_changes
     optimizations = {}
-    Plugin.plugins.each { |p| optimizations.merge!(p.optimizations) }
+    optimizations = Plugin.plugins.collect { |plugin| plugin.optimizations }
+    optimizations = optimizations.inject(Hash.new(0)) { |memo, subhash| subhash.each { |prod, value| memo[prod] += value } ; memo }
     opt_str = optimizations.collect { |k, v| "#{k}=#{v}" } * ', '
     puts "Optimizations: #{opt_str}"
   end
@@ -53,9 +54,25 @@ class Oracle
     methods
   end
+  def self.enumerate_files(dir, ext)
+    # On Windows, filenames with unicode characters do not show up with Dir#glob or Dir#[]
+    # They do, however, show up with Dir.entries, which is fine because it seems to be
+    # the only Dir method that let's me set UTF-8 encoding. I must be missing something.
+    # OH WELL. Do it the hard way.
+    opts = { encoding: 'UTF-8' }
+    Dir.entries(dir, opts).collect do |entry|
+      next if entry == '.' or entry == '..'
+      full_path = "#{dir}/#{entry}"
+      if File.directory?(full_path)
+        Oracle.enumerate_files(full_path, ext)
+      else
+        full_path if entry.downcase.end_with?(ext)
+      end
+    end.flatten.compact
+  end
   def self.parse_smali(smali_dir)
-    smali_files = []
-    Dir["#{smali_dir}/**/*.smali"].each { |f| smali_files << SmaliFile.new(f) }
-    smali_files
+    file_paths = Oracle.enumerate_files(smali_dir, '.smali')
+    smali_files = file_paths.collect { |path| SmaliFile.new(path) }
   end
 end

data/res/driver.dex CHANGED

Binary file

data/res/dx.jar CHANGED

Binary file

data/spec/data/plugins/clinit.smali ADDED

@@ -0,0 +1,14 @@
+.class public Lorg/cf/CLInit;
+.super Ljava/lang/Object;
+.method static constructor <clinit>()V
+    .locals 1
+    const-string v0, "encrypted"
+    invoke-static {v0}, Lorg/cf/CLInit;->decrypt(Ljava/lang/String;)Ljava/lang/String;
+    move-result-object v0
+    return-void
+.end method

data/spec/dex-oracle/driver_spec.rb CHANGED

@@ -17,6 +17,7 @@ describe Driver do
     allow(File).to receive(:open).and_yield(temp_file)
     allow(File).to receive(:read)
     allow(JSON).to receive(:parse)
+    allow_any_instance_of(Driver).to receive(:get_driver_dir).and_return('/data/local')
     Driver.new(device_id)
   end
   let(:driver_stub) { 'export CLASSPATH=/data/local/od.zip; app_process /system/bin org.cf.oracle.Driver' }
@@ -53,7 +54,6 @@ describe Driver do
       context 'with integer arguments' do
         subject { driver.run(class_name, method_signature, *args) }
         it do
-          allow(driver).to receive(:drive)
           expect(driver).to receive(:drive).with("#{driver_stub} 'some.Klazz' 'run' I:1 I:2 I:3")
           subject
         end
@@ -70,7 +70,6 @@ describe Driver do
         subject { driver.run(class_name, method_signature, args) }
         it do
-          allow(driver).to receive(:drive)
           expect(driver).to receive(:drive).with(
             "#{driver_stub} 'string.Klazz' 'run' java.lang.String:[104,101,108,108,111,32,115,116,114,105,110,103]"
           )

data/spec/dex-oracle/plugins/string_decryptor_spec.rb CHANGED

@@ -21,5 +21,16 @@ describe StringDecryptor do
         subject
       end
     end
+    context 'with clinit.smali' do
+      let(:file_path) { "#{data_path}/clinit.smali" }
+      let(:batch_item) { ["const-string v0, \"encrypted\"\n\n    invoke-static {v0}, Lorg/cf/CLInit;->decrypt(Ljava/lang/String;)Ljava/lang/String;\n\n    move-result-object v0", 'v0'] }
+      it do
+        expect(driver).to receive(:make_target).with('org/cf/CLInit', 'decrypt(Ljava/lang/String;)', 'encrypted').and_return(batch)
+        expect(Plugin).to receive(:apply_batch).with(driver, { method => { batch => [batch_item] } }, kind_of(Proc))
+        subject
+      end
+    end
   end
 end

data/spec/dex-oracle/plugins/unreflector_spec.rb CHANGED

@@ -18,7 +18,7 @@ describe Unreflector do
       it do
         expect(Plugin).to receive(:apply_outputs).with(
-          { batch_id => ['success', 'Landroid/content/Intent;'] },
+          { batch_id => %w(success Landroid/content/Intent;) },
           { method => { batch => [batch_item] } },
           kind_of(Proc)
         )

data/spec/dex-oracle/smali_file_spec.rb CHANGED

@@ -29,10 +29,11 @@ describe SmaliFile do
     describe '#update' do
       subject { smali_file.content }
       it 'should update modified methods' do
-        allow(File).to receive(:open)
         method = smali_file.methods.first
         method.modified = true
         method.body = "\nreturn-void\n"
+        # Make sure we don't save it
+        allow(File).to receive(:open)
         smali_file.update
         should eq ".class public LHelloWorld; # COMMENT;\n.super Ljava/lang/Object; # YEAH ;\n.implements Lsome/Interface1;\n.implements Lsome/Interface2;\n\n.field public static final someField:Z\n\n.method public static main([Ljava/lang/String;)V\nreturn-void\n.end method\n\n"
       end

data/spec/dex-oracle/smali_input_spec.rb CHANGED

@@ -1,19 +1,28 @@
 require 'spec_helper'
+require 'fakefs/spec_helpers'
 describe SmaliInput do
+  include FakeFS::SpecHelpers
   let(:data_path) { 'spec/data' }
   let(:temp_dir) { '/fake/tmp/dir' }
   let(:temp_file) { '/fake/tmp/file' }
+  before(:each) do
+    FakeFS::FileSystem.clone('spec/data', 'spec/data')
+  end
+  after(:all) do
+  end
   context 'for input that must be disassembled with baksmali' do
     let(:smali_input) do
       allow(Dir).to receive(:mktmpdir).and_return(temp_dir)
       allow(Tempfile).to receive(:new).and_return(temp_file)
-      allow(SmaliInput).to receive(:which).and_return('baksmali')
+      allow(Utility).to receive(:which).and_return('baksmali')
       allow(SmaliInput).to receive(:exec)
+      allow(SmaliInput).to receive(:baksmali)
       allow(SmaliInput).to receive(:update_apk)
       allow(SmaliInput).to receive(:extract_dex)
-      allow(FileUtils).to receive(:cp)
       SmaliInput.new(file_path)
     end
@@ -31,7 +40,7 @@ describe SmaliInput do
     context 'with a dex' do
       let(:file_path) { "#{data_path}/helloworld.dex" }
       its(:out_apk) { should be nil }
-      its(:out_dex) { should eq 'helloworld_oracle.dex' }
+      its('out_dex.path') { should eq 'helloworld_oracle.dex' }
       its(:dir) { should eq temp_dir }
       its(:temp_dir) { should be true }
       its(:temp_dex) { should be false }

data/spec/spec_helper.rb CHANGED

@@ -1,3 +1,6 @@
+require 'codeclimate-test-reporter'
+CodeClimate::TestReporter.start
 require 'bundler/setup'
 Bundler.setup

data/update_driver CHANGED

@@ -1,5 +1,11 @@
 #!/usr/bin/env bash
 cd driver
+echo "[*] Building driver ..."
 ./gradlew clean fatjar
-dx --dex --output=../res/driver.dex build/libs/driver.jar
+echo "[*] Updating driver stub ..."
+dx --dex --force-jumbo --output=../res/driver.dex build/libs/driver.jar
+echo "[*] Done."

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dex-oracle
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.5
 platform: ruby
 authors:
 - Caleb Fenton
@@ -90,8 +90,10 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.4.0
-description: |
-  A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis.
+description: 'A pattern based Dalvik deobfuscator which uses limited execution to
+  improve semantic analysis.
+'
 email: calebjfenton@gmail.com
 executables:
 - dex-oracle
@@ -117,6 +119,7 @@ files:
 - lib/dex-oracle/driver.rb
 - lib/dex-oracle/logging.rb
 - lib/dex-oracle/plugin.rb
+- lib/dex-oracle/plugins/bitwise_antiskid.rb
 - lib/dex-oracle/plugins/string_decryptor.rb
 - lib/dex-oracle/plugins/undexguard.rb
 - lib/dex-oracle/plugins/unreflector.rb
@@ -134,6 +137,7 @@ files:
 - spec/data/helloworld.dex
 - spec/data/plugins/bytes_decrypt.smali
 - spec/data/plugins/class_forname.smali
+- spec/data/plugins/clinit.smali
 - spec/data/plugins/multi_bytes_decrypt.smali
 - spec/data/plugins/string_decrypt.smali
 - spec/data/plugins/string_lookup_1int.smali
@@ -170,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.5.1
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 3
 summary: Pattern based Dalvik deobfuscator
@@ -179,6 +183,7 @@ test_files:
 - spec/data/helloworld.dex
 - spec/data/plugins/bytes_decrypt.smali
 - spec/data/plugins/class_forname.smali
+- spec/data/plugins/clinit.smali
 - spec/data/plugins/multi_bytes_decrypt.smali
 - spec/data/plugins/string_decrypt.smali
 - spec/data/plugins/string_lookup_1int.smali