Hey there,
I'd like to let you know that I tested android_unpacker on a few packers. For some reason no OAT data was created in the /data/data/<package_name> area. I verified that the AVD's libart.so was correctly modified by pulling it from the system folder and disassembled it looking for the changes like the added fstream include and the _unpacked_oat string.
Here are the hashes of the malware I tried to unpack:
BangCLE:
35c0a075cbc6135d957bd10769e3a620 - banksteal
eefd2101e6a0b016e5a1e9859e9c443e - feejar
Please check if the code that you have uploaded on GitHub does indeed work for you. For me, there are no results whatsoever, although setting up the unpacker is a rather time consuming task.
Please let me know which samples did you use to test your AVD and post their hashes.
Thank you!
Regards,
Disane
Hey there,
I'd like to let you know that I tested android_unpacker on a few packers. For some reason no OAT data was created in the
/data/data/<package_name>area. I verified that the AVD's libart.so was correctly modified by pulling it from the system folder and disassembled it looking for the changes like the added fstream include and the _unpacked_oat string.Here are the hashes of the malware I tried to unpack:
BangCLE:
35c0a075cbc6135d957bd10769e3a620 - banksteal
eefd2101e6a0b016e5a1e9859e9c443e - feejar
Please check if the code that you have uploaded on GitHub does indeed work for you. For me, there are no results whatsoever, although setting up the unpacker is a rather time consuming task.
Please let me know which samples did you use to test your AVD and post their hashes.
Thank you!
Regards,
Disane