Search the Community

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android. Changelog v2.1.4 The following products got improvements, rules and fixes: Packers: Multidex inline implementation EpicVM (ex-ULTIMA protector) Jiagu ELF packer DexProtector LIAPP Protectors: DexGuard v9.x (Aarch64) DexProtector telemetry (Alice), native (ARM32) and APK files FreeRASP Obfuscators: OLLVM v5, v8, v9 (with and without string encryption) ADVObfuscator (in PGSharp) Additionally, Update to Python 3.9 Update yara-python-dex dependency [hide][Hidden Content]]

A script that wraps around a multitude of packers, protectors, obfuscators, shellcode loaders, encoders, and generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor, and more. With ProtectMyTooling you can quickly obfuscate your binaries without having to worry about clicking through all the Dialogs, interfaces, and menus, creating projects to obfuscate a single binary, clicking through all the options available, and wasting time about all that nonsense. It takes you straight to the point – to obfuscate your tool. The aim is to offer the most convenient interface possible and allow to leverage of a daisy-chain of multiple packers combined on a single binary. That’s right – we can launch ProtectMyTooling with several packers at once: C:\> py ProtectMyTooling.py hyperion,upx mimikatz.exe mimikatz-obf.exe The above example will firstly pass mimikatz.exe to the Hyperion for obfuscation, and then the result will be provided to UPX for compression. Resulting with UPX(Hyperion(file)) Features Supports multiple different PE Packers, .NET Obfuscators, Shellcode Loaders/Builders Allows daisy-chaining packers where output from a packer is passed to the consecutive one: callobf,hyperion,upx will produce artifact UPX(Hyperion(CallObf(file))) Collects IOCs at every obfuscation step so that auditing & Blue Team requests can be satisfied Offers functionality to inject custom Watermarks to resulting PE artifacts – in DOS Stub, Checksum, as a standalone PE Section, to file’s Overlay Comes up with a handy Cobalt Strike aggressor script bringing protected-upload and protected-execute-assembly commands Straightforward command line usage [hide][Hidden Content]]

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android. Changelog v2.1.3 Add or improve detections for: AliPay ApkEncryptor APKProtect AppGuard CrackProof DexGuard DexProtector Hikari JsonPacker Ollvm Promon Shield Tencent Legu [hide][Hidden Content]]

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android. [hide][Hidden Content]]

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It's PEiD for Android. Changelog v2.1.1 Fixed bug with `–output-dir- not working with absolute paths within docker container (#171) – thanks @iantruslove Reduce docker layers and sizes – thanks @superpoussin22 Add scan_file_obj API Fixed some error handling Add --include-types option Fix rule identifier counting Improve rule hash stability Improve file type detection for ELFs If using filename for typing, consider .jar files as zips. For the rules: Beefed up DexGuard detection Correct dexlib1 detection Add ApppSuit detection – thanks @enovella Add SafeEngine detection – thanks @horsicq Several other fixes and improvements [hide][Hidden Content]]