Monday, December 8, 2014

Simplify - Android Deobfuscator / Decryptor

Here it is: https://github.com/CalebFenton/simplify
I'd build you a jar, but there have been a lot of commits recently, and you'll probably want to build it yourself.

It decrypts most types of string encryption and can remove some types of obfuscation, especially code that doesn't actually do anything.

This may be all you want to know. But this has got me thinking about optimization and deobfuscation, so continue on if you're into that sort of thing.

App obfuscation and string encryption are getting more popular, and they can be annoying as fuck. But, fundamentally, obfuscators just apply a set of rules to code, and the rules aren't that complex, because complex is really hard. It's just a thin layer of changes added on top. Intuitively, this means a general solution for undoing the changes probably takes a little more effort to undo than it did to conceive the original rules. So no matter how bad things get for crackers, it should always be possible to make a tool to fix things up.

In the PC scene, obfuscators are more evolved, but so are the deobfuscators. Just look at the feature list on this: https://github.com/0xd4d/de4dot. It's a deobfuscator and an unpacker, plus it supports a huge list of stuff.

There are a few tools like this for Android, but they are not nearly as complex (yet). Time for bullet points!
Simplify deobfuscates by virtually executing an app and analyzing the execution afterwards. So if there is an encrypted string that gets decrypted at run time, Simplify will see the encrypted, see it passed to the decryption method, and see it get get decrypted. And after it knows the value, it can remove the encrypted value and the decryption method call as redundant and replace it with a 'const-string' instruction with the decrypted literal.

It's not all the way cooked yet, but the idea is solid, and there are some interesting issues github page I'd quite like to see implemented. One of them is deobfuscating reflection.

Also, anyone who takes the time to create issues on github and follow through with closing them when they're resolved, is probably more than a little obsessive. Should be fun to watch.

20 comments :

  1. congratulations for your blog, you really have lots of good material here! I'll be studying with your material. thanks for sharing!

    ReplyDelete
  2. 'I'd build you a jar'

    Please just do it.

    ReplyDelete
    Replies
    1. Download the repository, with cmd go to the project's main directory and run "gradlew shadowJar". This should compile all but I dont know how to get the jar :S

      Delete
  3. I've checkout the repository, ran "gradlew shadowJar" it completed correctly but I dont know how to go on... any suggestions?

    ReplyDelete
    Replies
    1. sure,
      fish - you want simplify/build/libs/simplify*.jar

      how to fish - just search your file system for all jars starting from that directory and see which one makes sense

      Delete
    2. lohan bro we need example with atleast one sample apk

      Delete
    3. there's a sample / demo app that comes with the project. check it out.

      Delete
  4. Hi there, I have an app I am playing around with. What it does, is generates a long unique url, sends a request to that url and the http response is just a simple date. and that date is an expiry date for a trial period.

    My thinking is, if I can instead of using the dynamic retrieved value, can I not just change the value to a fixed static date far into the future?

    the code looks like this to generate the url:
    http://pastebin.com/dZKe2L8Z
    But I have no idea where I should set the value..

    ReplyDelete
    Replies
    1. what is the return type of the method? it's a java/util/Date. how do you create a date object which has the value you want? write the code in java and convert it to smali.

      Delete
    2. Please upload COMPILED simplify.jar directly, so we could use in on windows easily.

      Delete
  5. Nice it seems to be good post... It will get readers engagement on the article since readers engagement plays an vital role in every blog.. i am expecting more updated posts from your hands.
    Mobile App Development Company in Chennai
    Web Design Company in Chennai
    Web development Company in Chennai

    ReplyDelete
  6. Thanks for sharing this exclusive post.

    ReplyDelete

  7. "That’s a huge collection of your blog. Really it’s amazing"!!
    android apps development service

    ReplyDelete
  8. is just a simple date. and that date is an expiry date for a trial period.
    บาคาร่า
    gclub จีคลับ
    gclub casino

    ReplyDelete
  9. Thanks for your valuable information. It really gives me an insight on this topic. I'll visit here again for more information.

    how to design a mobile app

    ReplyDelete

  10. This information is impressive; I am inspired with your post writing style & how continuously you describe this topic.


    Pawn Shop

    Pawn Loans

    Pawn Shops

    Pawn Loan

    Pawn Shop near me

    ReplyDelete
  11. Hey thanks, I really love reading your blog posts. You always write to-the-point yet informative blogs. Looking forward to more such blogs. Hire Android Developers , Android Development Company

    ReplyDelete
  12. Very nice post.really I apperciate your blog.Thanks for sharing.keep sharing more blogs.

    พี่มากพระโขนง

    ReplyDelete

Do NOT post about or link to specific apps!