Tuesday, December 24, 2013

hexicle utility

Hex has released a tool called hexicle which wraps a lot of common tools such as smali, baksmali, zipalign, etc. with a friendly ui. it's written in python and is made for linux. here's a bit from the readme, which you should totally read:

The tool is written in python using curses library. The tool comes inclusive of all tools that are necessary for it's fuctionality. Hexicle will always overwrite files. The sources are decompiled in a folder with a same name.

download v1.1: http://www.mediafire.com/download/8o9m2dr7pky2mnf/Hexicle+v1.1.zip
password: hexicle

 if you have any bugs or comments, Hex requested that you just post them here.

Tuesday, October 29, 2013

Nihilus' Reversing DexGuard 5.x

Here's another tutorial kindly written by Nihilus.

It's a teardown of reversing DexGuard's protections, which are legion, along with some of the thought process behind it. I like it because it's pure reversing -- no cracking of the commercial app.


alternate link: https://mega.co.nz/#!s8MgkDyY!Qd36YVri66wLN1mXFRCQrlebNnxqRKT-ftrlpybCs80

Kindly post feedback if you're so inclined, and contact me if you'd like to share your reversing knowledge :D

Friday, October 25, 2013

hex's keygen tutorial

Got a new tutorial for you good people. The author is hex and he was kind enough to write it and send it to me. It's a no-nonsense keygen'ing guide.

Here's the download: https://mega.co.nz/#!cg4FFB5b!Sw1a0hB2MHNk72sr8VEU8Wi8LMhxt7mqLtBvCfWikHU

Feel free to leave some comments and let him know what you think.

If you'd like to share a cracking tutorial, I'd be glad to link to it, unless it's shit, so let me know. :D

Saturday, June 1, 2013

smali syntax highlighting for sublime

i have been using sublime text 2 + androguard plugin for decompiling and am liking it very much. it doesn't do as well producing correct java as, say, dex2jar + jdgui, but it's sometimes easier to read. it doesn't handle try/catch blocks at all -- just ignores them. this means it's a great alternative for jdgui, which will error out on methods with overlapping try/catch stuff.

since i've been using sublime, i've also needed a smali syntax highlighter, which i found here: https://github.com/ShaneWilton/sublime-smali

it's the best syntax highlighter i've seen because of the line level syntax validation it does. when you write smali, you can be more confident it is correct with this. you should check out the regex if you're a fan of such tedium.

Saturday, May 25, 2013

three MessyBinary tutorials

MessyBinary has been hard at it, writing up some pretty slick tutorials. i'd like to share them with you. bonus points for posting mirrors.
the android reversing community is continually getting larger, but i'm not aware of any good forum where crackme's and specific app tutorials can be posted. when i find one, i'll let you all know.


new link for all three tutorials, https://www.mediafire.com/?l9e5k1a43kvccvd
thanks Nihilus!

Saturday, January 26, 2013

string decryption with dex2jar

i have been getting a lot of questions about string decryption lately, so let's talk.

let's say you have an app and notice encrypted strings. strings are an easy way to get a basic idea of what code is doing so naturally you want to decrypt them. but how? there are many different ways to encrypt strings and then decrypt at runtime but in practices there are some assumptions we can make in decreasing order of likelihood.

1. the encryption must be reversible. the strings must be decrypted at run time somehow. this is good but we can assume even more.

2. the process is automated. when Alice wants to release her app she puts the source code through an automated modification process which iterates over every string literal, encrypts it and replaces it with a call to a decryption method with the encrypted string as a parameter.

3. decryption is the same or nearly the same for each string. there is only one decryption method.

4. the type signature of the method is:
static String decryptMethod(String)

while these assumptions hold, it is not very difficult to create a general technique by which we can decrypt all of the strings of an app in place. the real question is do you want to do it at the java or smali level? if you primarily look at decompiled code you can work at the java level. and you're in luck, such a tool already exists in dex2jar: http://code.google.com/p/dex2jar/

there is a wiki article about it here: http://code.google.com/p/dex2jar/wiki/DecryptStrings but it is unfinished. you can at least get a visual for what the decompiled code will look like before and after. if you're a good person, you will update the wiki. i leave that as a task for some good reader.

the tool is currently incorrectly spelled as d2j-decrpyt-string.(sh|bat). it takes at least two parameters and sometimes needs three. they are:
  1. method name, -mn : in our case, decryptMethod
  2. method owner, -mo : let's say com.alice.utils
  3. class path, -cp : if decryptMethod makes use of any framework api, you will need to give the path to a framework.jar from the android.sdk
d2j-decrpyt-string -mn decryptMethod -mo com.alice.utils -cp ~/android/sdk/platforms/android-4/framework.jar

doing this at the smali level requires access to a dalvik vm, so in that regard it is trickier, but there are many emulators and you can even use your phone. here's how the process can work:
  • pull out all of the strings and put into a file
  • write some java code, unless you're comfortable with smali, to open the file and iterate over each line and call the decryption method on each string.
  • compile java bytecode and convert to dalvik executable with dx from the android sdk
  • run the code on a dalvik vm