# DeStroid alpha version
This folder contains an early version of our prototype (the version used in our paper will be open sourced by the end of the year).
## Why not the newest version and the full source code?
We are still working on improving the patching part. We wanted it to be more automatic, smooth and complete.
Unfortunately, it turned out that this is way more complicated than we expected. On the other hand, as this was a side project on which we
worked during our free time mostly, we are not able to continue the work right now. However, we still plan to release a version some time this year.
## So what does this version provides?
It provides an early version of our prototype which is able to decrypt strings when simple obfuscations are used. Further the patching routine is not able to patch all deobfuscated strings.
Furthermore this prototype was build for python2.7 and is using an older version of dexlib2 (library for parsing the bytecode from the target app).
## How to run DeStroid?
Best is using your own physical research device and provide it to destroid.py:
```bash
$ python2.7 destroid.py -s 807KPHG2003969 obfuscated.apk
### DeStroid ###
Begin with identifying obfuscations in obfuscated.apk
DeStroid Heuristic v0.91
Number of Classes in DEX: 1459
MethodName: Lcom/obfuscation/rot13/Rot13;->rot13(Ljava/lang/String;)Ljava/lang/String; ReturnType: Ljava/lang/String; treshold: 11
Used bit operations: [add-int/lit8, int-to-char, add-int/lit8, add-int/lit8, int-to-char, add-int/lit8, int-to-char, add-int/lit8, int-to-char]
Used bit operations (unique): [add-int/lit8, int-to-char]
Number of CLINITs in DEX: 2
Number of classes in DEX: 1459
Number of implemented methods in DEX: 10
Number of static string invokes:
Num of probably obfuscated CLINITs: 1
------------------------
We have a lot to analyze plz keep calm while building the template...
This is the possible deobfuscationRoutine: Lcom/obfuscation/rot13/Rot13;->rot13(Ljava/lang/String;)Ljava/lang/String;
DeobfuscationType: SmaliLayer.DEOBFUSCATION_TYPE_FIELD
Found 1 possible Core-Instances...
Finished analyzing...
Start building the template, this may take a while :-) ...
SingleCore Solution
Successfully written template to: /home/daniel/research/destroid_research/destroid_new/destroid_alpha/template/defuscadoTemplate.dex
Successfully created deobfuscation template of obfuscated.apk
------------------------
Finished analyzing...
beginning with template installation
set device to 807KPHG2003969
installing Deobfuscation Template to /data/local/tmp/
Successfully installed APK into our runtime deobfuscation framework
Beginning with runtime deobfuscation...
Successfully finished with the runtime deobfuscation
------------------------
Successfully patched the obfuscated values with the deobfuscated values
moving results to results/results_obfuscated/
all results can be found in: results/results_obfuscated
the patched smali code can be found here: results/results_obfuscated/obfuscated/smali/
the patched APK can be found here: results/results_obfuscated/obfuscated_deobfuscated.apk
plz keep in mind that the APK has to be signed in order to run it
DeStroid finished!
Have a nice day :-)
```
没有合适的资源?快使用搜索试试~ 我知道了~
对抗Android恶意软件中的字符串加密.zip
共100个文件
apk:81个
sh:7个
md:4个
需积分: 5 0 下载量 74 浏览量
2023-03-23
22:15:53
上传
评论
收藏 191.09MB ZIP 举报
温馨提示
对抗Android恶意软件中的字符串加密
资源推荐
资源详情
资源评论
收起资源包目录
对抗Android恶意软件中的字符串加密.zip (100个子文件)
flexispy.apk 29.67MB
anubisspy_sample1.apk 15.94MB
anubisspy_sample2.apk 13.22MB
joker.apk 8.36MB
dvmap.apk 7.64MB
pornhub.apk 6.84MB
glancelove.apk 6.36MB
telerat.apk 5.19MB
bankbot_sample3.apk 5.16MB
hiddenad.apk 5.12MB
spybanker.apk 4.6MB
triout.apk 4.48MB
adultswine.apk 3.96MB
kevdroid_sample1.apk 3.72MB
kevdroid_sample2.apk 3.64MB
podec.apk 3.49MB
bahamut_sample2.apk 3.46MB
hydra.apk 3.38MB
retefe_2014-09-12_encrypted_xml.apk 2.9MB
retefe_2014-06-23_encrypted_xml.apk 2.88MB
retefe_2014-11-10_encrypted_xml.apk 2.88MB
retefe_2015-01-29_encrypted_xml.apk 2.87MB
charger.apk 2.3MB
skygofree_2016-11-24.apk 2.18MB
premier_rat.apk 2.15MB
bankbot_sample2.apk 2.09MB
exodus_sample3.apk 1.93MB
exodus_sample1.apk 1.93MB
bahamut_sample1.apk 1.83MB
exodus_sample2.apk 1.82MB
slocker.apk 1.79MB
ztorg.apk 1.64MB
monokle.apk 1.6MB
viper_rat_dropper.apk 1.56MB
bahamut_sample3.apk 1.48MB
tempting_cedar.apk 1.45MB
goldenrat.apk 1.43MB
ztorg_downloader.apk 1.38MB
mazarbot_2017-01-01.apk 1.32MB
zoopark_v4.apk 1.31MB
bianlian.apk 1.3MB
gustuff_sample1.apk 1.25MB
cerberus.apk 1.11MB
obfuscated.apk 1.09MB
brata_sample2.apk 1.09MB
gustuff_sample2.apk 1.08MB
mazarbot_2017-10-11.apk 1.08MB
ztorg_payload.apk 1.07MB
mazarbot_2017-08-20.apk 1.06MB
brata_sample1.apk 1.06MB
mazarbot_2017-11-07.apk 1.05MB
slempo.apk 1.02MB
marcher_2016-10-19.apk 955KB
dynamicDeobfuscator.apk 923KB
exobot_sample1.apk 699KB
marcher_2016-12-01.apk 699KB
exobot_sample3.apk 697KB
exobot_sample2.apk 695KB
marcher_2017-07-26.apk 694KB
marcher_2017-01-29.apk 687KB
flexnet.apk 648KB
yellyouth.apk 644KB
triada.apk 504KB
doublelocker.apk 360KB
mysterybot.apk 321KB
dualtoy.apk 285KB
chrysaor_sample2.apk 258KB
raxir.apk 231KB
smsspy.apk 203KB
catelites_2017-12-15.apk 162KB
catelites_2017-12-17.apk 158KB
catelites_2018_01_19.apk 157KB
catelites_2017-12-21.apk 155KB
lokibot.apk 146KB
svpeng.apk 146KB
bankbot_sample1.apk 93KB
comet_bot_simple.apk 55KB
comet_bot.apk 54KB
tinyz_sample1.apk 43KB
chrysaor_sample1.apk 19KB
asacub.apk 19KB
Defuscator.jar 7.26MB
malpedia_string_enc.json 53KB
LICENSE 1KB
README.md 3KB
README.md 378B
README.md 261B
README.md 127B
DeStroid_slides.pdf 2.74MB
DeStroid_bonus_slides.pdf 2.73MB
patchDeobfuscation.py 17KB
destroid.py 5KB
defuscatorTemplate.py 240B
executeDynamicDeobfuscador.sh 3KB
installTemplate.sh 2KB
runPatchingRoutine.sh 2KB
resultGenerator.sh 1KB
getAppName.sh 875B
createDefaultAVD.sh 630B
getAvdName.sh 484B
共 100 条
- 1
资源评论
快撑死的鱼
- 粉丝: 1w+
- 资源: 9154
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功