Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/corellium/corellium-android-unpacking
Android Unpacking Automation using Corellium Devices
https://github.com/corellium/corellium-android-unpacking
android frida reverse-engineering reversing unpacker unpacking
Last synced: 2 months ago
JSON representation
Android Unpacking Automation using Corellium Devices
- Host: GitHub
- URL: https://github.com/corellium/corellium-android-unpacking
- Owner: corellium
- Created: 2020-01-20T19:25:15.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-01-20T19:38:50.000Z (almost 5 years ago)
- Last Synced: 2024-10-29T16:22:33.019Z (3 months ago)
- Topics: android, frida, reverse-engineering, reversing, unpacker, unpacking
- Language: Go
- Size: 14.5 MB
- Stars: 130
- Watchers: 9
- Forks: 14
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-rainmana - corellium/corellium-android-unpacking - Android Unpacking Automation using Corellium Devices (Go)
README
# Android Unpacking Automation
A bit of automation strung up around an Android 7.1.2 device on Corellium, used to defeating (most) packers on the market.
## Description
This method targets `art::DexFile::OpenMemory` method for Android 7.1.12 while utilizing a Corellium device to provide an always-on and always-ready device for unpacking. While this current demo only utilized one device, this can essentially be scaled up transparently to the front end as all the "tasks" are handled by `nsqd`.
The `backend` sets up a vpn tunnel to the Corellium server, which auto-restarts upon failure, and opens up a reverse proxy to the docker network. This is then utilized by the `unpacker-worker` which uses it to communicate transparently with the device.
## Building
### Setup
- Have a corellium account with a device already created and booted up (7.1.2 eng build)
- Replace `backend/vpn-profile.ovpn` with the OpenVPN profile from your Corellium device
- Fill out `.env` file like so;
```
INSTANCE_ID=7cc6ca2a-6622-479b-aa4b-8394aa9d9475-instance-for-unpacker
CORELLIUM_URL=testinstance.corellium.com
CORELLIUM_USERNAME=unpackeruser
CORELLIUM_PASSWORD=unpackerpassword
GIN_MODE=debug
SERVE_PORT=3000
ADB_PROXY=5555
```
### Docker
Then simply use `docker-compose build` followed by `docker-compose up`.
## Usage
Hitting the backend api with an apk will result in it queing up a binary to get unpacked;
`curl 0.0.0.0:3000/unpack/SHA1_OF_APK --data-binary @/path/to/apk`
After a minute or two, check back for the asset status;
`curl 0.0.0.0:3000/unpack/SHA1_OF_APK/status`
Then when assets of interest are found, download them;
`curl 0.0.0.0:3000/unpack/SHA1_OF_APK/SHA1_OF_ASSET`
## Disclaimer
This presentation and code are meant for education and research purposes only. Do as you please with it, but accept any and all responsibility for your actions. The tools were created specifically to assist in malware reversing and analysis - be careful. They have not been hardened for external public consumption, it is likely not a smart idea to expose a service like this to the public internet without thinking long and hard about it.
## License
```
Copyright 2020 Tim 'diff' Strazzere
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```