https://github.com/checkpointsw/android_unpacker

A (hopefully) generic unpacker for packed Android apps.
https://github.com/checkpointsw/android_unpacker

android malware research

Last synced: 9 months ago
JSON representation

A (hopefully) generic unpacker for packed Android apps.

• Host: GitHub
• URL: https://github.com/checkpointsw/android_unpacker
• Owner: CheckPointSW
• Created: 2017-07-12T07:45:29.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2022-03-15T12:42:40.000Z (almost 4 years ago)
• Last Synced: 2025-03-30T08:11:08.803Z (9 months ago)
• Topics: android, malware, research
• Language: Shell
• Homepage:
• Size: 769 KB
• Stars: 359
• Watchers: 21
• Forks: 79
• Open Issues: 4
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Android Unpacker

A (hopefully) generic unpacker for packed Android apps.

##### How does it work?

The tool is a patched version of AOSP with some additional scripts.

The scripts executes the emulator and installs the APK. Following execution, it

dumps the unpacked version of the DEX using different hooks. The result is two

files, one of them should be the real dumped version of the DEX file, depending

on how the targeted packer works.

Presented in DEF CON 25 (2017) by:

* Slava Makkaveev

* Avi Bashan

## How to build?

1. Clone the AOSP project using the [following instructions](https://source.android.com/source/downloading).

Use the `android-6.0.1_r65`.

2. Apply ```unpacker.patch``` over ```/art``` using ```$ git apply``` (Please note, your cwd should be ```/art```)

3. Build the AOSP source using

```$ lunch full-eng```

## Usage

Execute the following command

``` $ ./unpacker.sh  ```

The unpacked DEX file will be created in the current working dir.

## License

Released under "Apache 2.0" license.