sslab-gatech / avpass Goto Github PK

1. handling unicode for blacklist
2. support input file

[] Decoding apk file to smali
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
I: Using Apktool 2.2.3 on aaa.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/kali/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values / XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
python refl.py -f temp_obfus.apk reflect -c no;
File "/home/kali/avpass/src/refl.py", line 552
print "Loading Smali[if]"
^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
python strp.py -f temp_obfus.apk string -c no;
File "/home/kali/avpass/src/strp.py", line 270
print "Loading Smali[if]"
^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
python strp.py -f temp_obfus.apk variable -c no;
File "/home/kali/avpass/src/strp.py", line 270
print "Loading Smali[if]"
^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
python res.py -f temp_obfus image -c no;python res.py -f temp_obfus resxml -c no -n yes;
File "/home/kali/avpass/src/res.py", line 48
print "Loading Smali files list"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
File "/home/kali/avpass/src/res.py", line 48
print "Loading Smali files list"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
Generating aaa_obfus.apk
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
I: Using Apktool 2.2.3
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
I: Checking whether resources has changed...
I: Building resources...
Exception in thread "main" brut.androlib.AndrolibException: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 2): [aapt, p, --forced-package-id, 127, --min-sdk-version, 10, --target-sdk-version, 22, --version-code, 1, --version-name, 1.4, --no-version-vectors, -F, /tmp/APKTOOL17724426771226023661.tmp, -0, arsc, -0, apk, -0, arsc, -I, /home/kali/.local/share/apktool/framework/1.apk, -S, /home/kali/avpass/src/temp_obfus/res, -M, /home/kali/avpass/src/temp_obfus/AndroidManifest.xml]
at brut.androlib.Androlib.buildResourcesFull(Androlib.java:493)
at brut.androlib.Androlib.buildResources(Androlib.java:427)
at brut.androlib.Androlib.build(Androlib.java:326)
at brut.androlib.Androlib.build(Androlib.java:264)
at brut.apktool.Main.cmdBuild(Main.java:231)
at brut.apktool.Main.main(Main.java:84)
Caused by: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 2): [aapt, p, --forced-package-id, 127, --min-sdk-version, 10, --target-sdk-version, 22, --version-code, 1, --version-name, 1.4, --no-version-vectors, -F, /tmp/APKTOOL17724426771226023661.tmp, -0, arsc, -0, apk, -0, arsc, -I, /home/kali/.local/share/apktool/framework/1.apk, -S, /home/kali/avpass/src/temp_obfus/res, -M, /home/kali/avpass/src/temp_obfus/AndroidManifest.xml]
at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:441)
at brut.androlib.Androlib.buildResourcesFull(Androlib.java:479)
... 5 more
Caused by: brut.common.BrutException: could not exec (exit code = 2): [aapt, p, --forced-package-id, 127, --min-sdk-version, 10, --target-sdk-version, 22, --version-code, 1, --version-name, 1.4, --no-version-vectors, -F, /tmp/APKTOOL17724426771226023661.tmp, -0, arsc, -0, apk, -0, arsc, -I, /home/kali/.local/share/apktool/framework/1.apk, -S, /home/kali/avpass/src/temp_obfus/res, -M, /home/kali/avpass/src/temp_obfus/AndroidManifest.xml]
at brut.util.OS.exec(OS.java:95)
at brut.androlib.res.AndrolibResources.aaptPackage(AndrolibResources.java:435)
... 6 more
W: ERROR: Unknown option '--forced-package-id'
W: Android Asset Packaging Tool
W:
W: Usage:
W: aapt l[ist] [-v] [-a] file.{zip,jar,apk}
W: List contents of Zip-compatible archive.
W:
W: aapt d[ump] [--values] [--include-meta-data] WHAT file.{apk} [asset [asset ...]]
W: strings Print the contents of the resource table string pool in the APK.
W: badging Print the label and icon for the app declared in APK.
W: permissions Print the permissions from the APK.
W: resources Print the resource table from the APK.
W: configurations Print the configurations in the APK.
W: xmltree Print the compiled xmls in the given assets.
W: xmlstrings Print the strings of the given compiled xml assets.
W:
W: aapt p[ackage] [-d][-f][-m][-u][-v][-x][-z][-M AndroidManifest.xml]
W: [-0 extension [-0 extension ...]] [-g tolerance] [-j jarfile]
W: [--debug-mode] [--min-sdk-version VAL] [--target-sdk-version VAL]
W: [--app-version VAL] [--app-version-name TEXT] [--custom-package VAL]
W: [--rename-manifest-package PACKAGE]
W: [--rename-instrumentation-target-package PACKAGE]
W: [--utf16] [--auto-add-overlay]
W: [--max-res-version VAL]
W: [-I base-package [-I base-package ...]]
W: [-A asset-source-dir] [-G class-list-file] [-P public-definitions-file]
W: [-D main-dex-class-list-file]
W: [-S resource-sources [-S resource-sources ...]]
W: [-F apk-file] [-J R-file-dir]
W: [--product product1,product2,...]
W: [-c CONFIGS] [--preferred-density DENSITY]
W: [--split CONFIGS [--split CONFIGS]]
W: [--feature-of package [--feature-after package]]
W: [raw-files-dir [raw-files-dir] ...]
W: [--output-text-symbols DIR]
W:
W: Package the android resources. It will read assets and resources that are
W: supplied with the -M -A -S or raw-files-dir arguments. The -J -P -F and -R
W: options control which files are output.
W:
W: aapt r[emove] [-v] file.{zip,jar,apk} file1 [file2 ...]
W: Delete specified files from Zip-compatible archive.
W:
W: aapt a[dd] [-v] file.{zip,jar,apk} file1 [file2 ...]
W: Add specified files to Zip-compatible archive.
W:
W: aapt c[runch] [-v] -S resource-sources ... -C output-folder ...
W: Do PNG preprocessing on one or several resource folders
W: and store the results in the output folder.
W:
W: aapt s[ingleCrunch] [-v] -i input-file -o outputfile
W: Do PNG preprocessing on a single file.
W:
W: aapt v[ersion]
W: Print program version.
W:
W: Modifiers:
W: -a print Android-specific data (resources, manifest) when listing
W: -c specify which configurations to include. The default is all
W: configurations. The value of the parameter should be a comma
W: separated list of configuration values. Locales should be specified
W: as either a language or language-region pair. Some examples:
W: en
W: port,en
W: port,land,en_US
W: -d one or more device assets to include, separated by commas
W: -f force overwrite of existing files
W: -g specify a pixel tolerance to force images to grayscale, default 0
W: -j specify a jar or zip file containing classes to include
W: -k junk path of file(s) added
W: -m make package directories under location specified by -J
W: -u update existing packages (add new, replace older, remove deleted files)
W: -v verbose output
W: -x create extending (non-application) resource IDs
W: -z require localization of resource attributes marked with
W: localization="suggested"
W: -A additional directory in which to find raw asset files
W: -G A file to output proguard options into.
W: -D A file to output proguard options for the main dex into.
W: -F specify the apk file to output
W: -I add an existing package to base include set
W: -J specify where to output R.java resource constant definitions
W: -M specify full path to AndroidManifest.xml to include in zip
W: -P specify where to output public resource definitions
W: -S directory in which to find resources. Multiple directories will be scanned
W: and the first match found (left to right) will take precedence.
W: -0 specifies an additional extension for which such files will not
W: be stored compressed in the .apk. An empty string means to not
W: compress any files at all.
W: --debug-mode
W: inserts android:debuggable="true" in to the application node of the
W: manifest, making the application debuggable even on production devices.
W: --include-meta-data
W: when used with "dump badging" also includes meta-data tags.
W: --pseudo-localize
W: generate resources for pseudo-locales (en-XA and ar-XB).
W: --min-sdk-version
W: inserts android:minSdkVersion in to manifest. If the version is 7 or
W: higher, the default encoding for resources will be in UTF-8.
W: --target-sdk-version
W: inserts android:targetSdkVersion in to manifest.
W: --max-res-version
W: ignores versioned resource directories above the given value.
W: --values
W: when used with "dump resources" also includes resource values.
W: --version-code
W: inserts android:versionCode in to manifest.
W: --version-name
W: inserts android:versionName in to manifest.
W: --replace-version
W: If --version-code and/or --version-name are specified, these
W: values will replace any value already in the manifest. By
W: default, nothing is changed if the manifest already defines
W: these attributes.
W: --custom-package
W: generates R.java into a different package.
W: --extra-packages
W: generate R.java for libraries. Separate libraries with ':'.
W: --generate-dependencies
W: generate dependency files in the same directories for R.java and resource package
W: --auto-add-overlay
W: Automatically add resources that are only in overlays.
W: --preferred-density
W: Specifies a preference for a particular density. Resources that do not
W: match this density and have variants that are a closer match are removed.
W: --split
W: Builds a separate split APK for the configurations listed. This can
W: be loaded alongside the base APK at runtime.
W: --feature-of
W: Builds a split APK that is a feature of the apk specified here. Resources
W: in the base APK can be referenced from the the feature APK.
W: --feature-after
W: An app can have multiple Feature Split APKs which must be totally ordered.
W: If --feature-of is specified, this flag specifies which Feature Split APK
W: comes before this one. The first Feature Split APK should not define
W: anything here.
W: --rename-manifest-package
W: Rewrite the manifest so that its package name is the package name
W: given here. Relative class names (for example .Foo) will be
W: changed to absolute names with the old package so that the code
W: does not need to change.
W: --rename-instrumentation-target-package
W: Rewrite the manifest so that all of its instrumentation
W: components target the given package. Useful when used in
W: conjunction with --rename-manifest-package to fix tests against
W: a package that has been renamed.
W: --product
W: Specifies which variant to choose for strings that have
W: product variants
W: --utf16
W: changes default encoding for resources to UTF-16. Only useful when API
W: level is set to 7 or higher where the default encoding is UTF-8.
W: --non-constant-id
W: Make the resources ID non constant. This is required to make an R java class
W: that does not contain the final value but is used to make reusable compiled
W: libraries that need to access resources.
W: --shared-lib
W: Make a shared library resource package that can be loaded by an application
W: at runtime to access the libraries resources. Implies --non-constant-id.
W: --app-as-shared-lib
W: Make an app resource package that also can be loaded as shared library at runtime.
W: Implies --non-constant-id.
W: --error-on-failed-insert
W: Forces aapt to return an error if it fails to insert values into the manifest
W: with --debug-mode, --min-sdk-version, --target-sdk-version --version-code
W: and --version-name.
W: Insertion typically fails if the manifest already defines the attribute.
W: --error-on-missing-config-entry
W: Forces aapt to return an error if it fails to find an entry for a configuration.
W: --output-text-symbols
W: Generates a text file containing the resource symbols of the R class in the
W: specified folder.
W: --ignore-assets
W: Assets to be ignored. Default pattern is:
W: !.svn:!.git:!.ds_store:!.scc:.:

Current package+class+method obfuscator does not work with Java reflection.

To support Java reflection with class+method name changer,
we should provide class+method name changer quickly.

#10 <<
에서 답변해주신 4가지 방법을 수행해도 같은 오류가 반복됩니다.

사용한 mal apk파일은 kisa에서 제공하는 2018 데이터셋을 사용했습니다.

1. INFERRING_LIST에서 각각의 primitive들을 주석처리(#)해봤습니다.
2. "api.py" 에서 "permission -c no" 부분을 찾아서 확인 해봤습니다.
3. directory를 youtube에 올려주신 영상과 동일하게 해봤습니다.
4. os환경은 vmware에서 ubuntu를 사용했으며 apktool 버전은 2.4.0을 사용했습니다.
5. 개별 apk를 난독화하는 "python gen_disguise.py -i YOUR_MALWARE.apk individual" 구문은 성공적으로 실행됐습니다.

Q1.
혹시 사용한 .apk파일의 버전이 맞지 않아서 일까요? kisa 2018 데이터셋 챌린지를 사용했습니다.

Q2.
말씀하신 INFERRING_LIST 에서 include, exclude 해야 할 primitive가 무엇인지 잘 모르겠습니다.

Q3.
어떻게 하면 이 오류를 해결할 수 있을까요?

---------------------------<사용한 환경>------------------------------
os : UBUNTU 16.04 64bit(vmware)
apktool : v2.4.0

When I start python2.7 gen_disguise.py -i /sdcard/Nulll.apk individual. I have error brut.directory.DirectoryException: java.io.FileNotFoundException: temp_obfus (No such file or directory)

i have a small project that i'm working on that i add new functionality to the BlackBerry Keyboard:
https://mobile.softpedia.com/apk/blackberry-keyboard/#download
i used v3.4.0.15917

this issue also occurs on the actual APK without any changes.

after i have done modification in some AV it was discovered as Virus although there is nothing there..

i have tried to use your AVPASS but in the stage of samli it fails due to wrong dalvik code generation.
i have started to fix manually some of the smali issues until i got to the point that a method was created with a " char that is illegal.

so i couldn't fix that..

hope you can help on this..

python gen_disguise.py -i bb.apk individual
[] Decoding apk file to smali
I: Using Apktool 2.2.3 on bb.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /home/toor/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values / XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
python refl.py -f temp_obfus.apk reflect -c no;
Java reflection for all api invokes in an apk
[] Loading Smali files list
Loading Smali[else]
[] Start generating wrappers
[] Done processing 4348 files => modified 2631 files
[] Everything done now
python strp.py -f temp_obfus.apk string -c no;
Perturb this APK file
Loading Smali[else]
[] Start string encoding (all different encryption)
[] Done processing 4348 files => modified 2714 files
[] Everything done now
python strp.py -f temp_obfus.apk variable -c no;
Change variable name
Loading Smali[else]
[] Start variable encryption (simple caesar)
[] Done processing 4348 files => modified 4345 files
[] Everything done now
python res.py -f temp_obfus image -c no;python res.py -f temp_obfus resxml -c no -n no;
[] Start image obfuscation
Image file obfuscation - flip pixel
[] Everything done now
[] Start Resource XML obfuscation
Loading Smali files list
Generating bb_obfus.apk
I: Using Apktool 2.2.3
I: Checking whether sources has changed...
I: Smaling smali folder into classes.dex...
temp_obfus/smali/com/swiftkey/basl/DateMacro.smali[9,0] missing EOF at '.end field'
Exception in thread "main" brut.androlib.AndrolibException: Could not smali file: com/swiftkey/basl/DateMacro.smali
at brut.androlib.src.SmaliBuilder.buildFile(SmaliBuilder.java:75)
at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:59)
at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:36)
at brut.androlib.Androlib.buildSourcesSmali(Androlib.java:420)
at brut.androlib.Androlib.buildSources(Androlib.java:351)
at brut.androlib.Androlib.build(Androlib.java:307)
at brut.androlib.Androlib.build(Androlib.java:264)
at brut.apktool.Main.cmdBuild(Main.java:231)
at brut.apktool.Main.main(Main.java:84)

On running in windows

python gen_disguise.py -i flappybird.apk individual

File "/opt/avpass/src/gen_disguise.py", line 40
print ret_command(OBFUSCATION_LIST[item] ,apkname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?

Please help and comment ASAP

python gen_disguise.py -i client.apk individual
Traceback (most recent call last):
File "gen_disguise.py", line 5, in
import numpy as np
File "/usr/lib/python2.7/dist-packages/numpy/init.py", line 132
raise ImportError(msg) from e

Please help solve this problem by installing numpy in python 2.7 (before that, the error was related to line 5)

Hi,

When I tried the code with API_REFLECTION, I found the output has __ and _A. Does it mean that __ means nothing changed? But I do not understand why the file size changed.

Thanks. Hope to get back from you.

When I use AVPASS with a command like the following:

python gen_disguise.py -i empty.apk individual

It will output some Android errors like the following:

: error: No resource identifier found for attribute 'roundIcon' in package 'android'
W:
Exception in thread "main" brut.androlib.AndrolibException: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/ds/4c705gj543dbtxtxsl5hb5br0000gn/T/brut_util_Jar_1187342378421299518.tmp, p, --forced-package-id, 127, --min-sdk-version, 9, --target-sdk-version, 25, --version-code, 1, --version-name, 1.0, --no-version-vectors, -F, /var/folders/ds/4c705gj543dbtxtxsl5hb5br0000gn/T/APKTOOL7694642950317619290.tmp, -0, arsc, -0, arsc, -I, /Users/hang12/Library/apktool/framework/1.apk, -S, /Users/hang12/Desktop/Research/Project_codes/avpass/src/temp_obfus/res, -M, /Users/hang12/Desktop/Research/Project_codes/avpass/src/temp_obfus/AndroidManifest.xml]

Could you help me figure it out?

Thank you so much!

kali@localhost:~/avpass/src$ python3.7 gen_disguise.py -i fud.apk individual
File "gen_disguise.py", line 40
print ret_command(OBFUSCATION_LIST[item] ,apkname)
^
SyntaxError: invalid syntax

Traceback (most recent call last):
File "gen_disguise.py", line 5, in
import numpy as np
File "/usr/lib/python2.7/dist-packages/numpy/init.py", line 132
raise ImportError(msg) from e
^
SyntaxError: invalid syntax

Please help and comment ASAP

When I use AVPASS with a command like the following python gen_disguise.py -i myapp.apk individual
it produce a new apk but when i try to install into a android phone, it failed,

The new apk can not be installed.

I tried "python gen_variations.py -i input -o output". But there is nothing generated in output.

D:\Test_Virus_oversea\ChangeSampleTool\avpass-master\src>python gen_variations.py -i input -o output
input/virus.apk
virus
[*] Decoding apk file to smali
apktool d ./input/virus.apk -oinput/virus
copyTree input/virus -> input/temp_obfus
CALCULATE: _______
Generating output/virus________.apk
apktool b input/temp_obfus -o output/virus________.apk
copyTree input/temp_obfus -> input/_______

RESTORE: _______
copyTree input/_______ -> input/temp_obfus

CALCULATE: A______
python refl.py -f input/temp_obfus.apk reflect -c no;
Generating output/virus_A______.apk
apktool b input/temp_obfus -o output/virus_A______.apk
copyTree input/temp_obfus -> input/A______

I tried to create a sample using an existing malware (droid jack) but stopped with this error
so which part of the script should I modify?

I: Smaling smali folder into classes.dex...
I: Checking whether resources has changed...
I: Building resources...
W: ERROR: Unknown option '--forced-package-id'
W: Android Asset Packaging Tool