├── README.md
├── ext-tools
    ├── AXMLPrinter2.jar
    ├── armeabi
    │   └── tulib
    ├── baksmali.jar
    ├── smali.jar
    └── x86
    │   └── tulib
├── screenshot.png
└── tunpacker.py


/README.md:
--------------------------------------------------------------------------------
 1 | TUnpacker
 2 | ===  
 3 |           
 4 | 简介
 5 | ===
 6 | *TUnpacker*是一款Android脱壳工具
 7 | *TUnpacker* is an Android unpack tool.
 8 | 
 9 | 使用方法
10 | ===
11 | 	python tunpacker.py jiagu.apk
12 | 	
13 | 工具截图
14 | ===
15 |  ![image](https://github.com/DrizzleRisk/TUnpacker/blob/master/screenshot.png)
16 |  
17 | 必读事项
18 | ===
19 | 	1.本代码仅适用于特定的加固方式 (请参考脚本内容)
20 | 	2.本代码仅供安全研究及授权测试使用，如用于非法用途，后果自负
21 | 	3.运行本代码前需要确保连接Android测试设备或虚拟机，并确保Android系统已root
22 | 	
23 | 工具集（分别适用于不同加固）
24 | ===
25 | 
26 | drizzleDumper <https://github.com/DrizzleRisk/drizzleDumper>
27 | 
28 | TUnpacker <https://github.com/DrizzleRisk/TUnpacker>
29 | 
30 | BUnpacker <https://github.com/DrizzleRisk/BUnpacker>
31 | 
32 | 


--------------------------------------------------------------------------------
/ext-tools/AXMLPrinter2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/AXMLPrinter2.jar


--------------------------------------------------------------------------------
/ext-tools/armeabi/tulib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/armeabi/tulib


--------------------------------------------------------------------------------
/ext-tools/baksmali.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/baksmali.jar


--------------------------------------------------------------------------------
/ext-tools/smali.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/smali.jar


--------------------------------------------------------------------------------
/ext-tools/x86/tulib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/x86/tulib


--------------------------------------------------------------------------------
/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/screenshot.png


--------------------------------------------------------------------------------
/tunpacker.py:
--------------------------------------------------------------------------------
 1 | #coding=utf-8
 2 | import sys,shutil
 3 | reload(sys)
 4 | sys.setdefaultencoding('utf-8')
 5 | import os,time,zipfile
 6 | from xml.dom import minidom
 7 | 
 8 | PACKAGE_NAME = ''
 9 | START_ACTIVITY = ''
10 | APK_PATH = ''
11 | def Title():
12 |     print '[>>>]       TUnpacker         [<<<]'
13 |     print '[>>>]    code by Drizzle      [<<<]'
14 |     print '[>>>]        2016.10          [<<<]'
15 | def CheckEnv():
16 |     Title()
17 |     print '[*] Init env'
18 |     global APK_PATH
19 |     global PACKAGE_NAME
20 |     global START_ACTIVITY
21 |     #初始化环境
22 |     if not os.path.exists('result'):
23 |         os.mkdir('result')
24 |     if not os.path.exists('tmp'):
25 |         os.mkdir('tmp')
26 |     CPU = 'x86'
27 |     os.popen('adb root').readlines()[0].strip('\n')
28 |     result = os.popen('adb shell cat /proc/cpuinfo').read()
29 |     if result.find('ARM') != -1:
30 |         CPU = 'armeabi'
31 |     print '[*] Target: '+CPU
32 |     print '[---------------------------------------]'
33 |     os.popen('adb push ext-tools/' + CPU + '/tulib /data/local/tmp')
34 |     os.popen('adb install ' + APK_PATH)
35 |     print '[---------------------------------------]'
36 |     #获取包信息备用
37 |     print '[*] Get package info'
38 |     nxml = open('tmp/nxml.xml','w')
39 |     zf = zipfile.ZipFile(APK_PATH, 'r')
40 |     content = zf.read('AndroidManifest.xml')
41 |     nxml.write(content)
42 |     nxml.close()
43 |     content = os.popen('java -jar ext-tools/AXMLPrinter2.jar tmp/nxml.xml').read()
44 |     mfest = minidom.parseString(content)
45 |     manifest = mfest.getElementsByTagName('manifest')
46 |     activities = mfest.getElementsByTagName("activity")
47 |     for node in manifest:
48 |         PACKAGE_NAME = node.getAttribute("package")
49 |     for activity in activities:
50 |             for sitem in activity.getElementsByTagName("action"):
51 |                 val = sitem.getAttribute("android:name")
52 |                 if val == "android.intent.action.MAIN" :
53 |                     START_ACTIVITY = activity.getAttribute("android:name")
54 | 
55 | def Dump():
56 |     print '[*] Dump dex'
57 |     global PACKAGE_NAME
58 |     global START_ACTIVITY
59 |     os.popen('adb shell am start -n ' + PACKAGE_NAME + '/' + START_ACTIVITY)
60 |     time.sleep(5)
61 |     content = os.popen('adb shell ./data/local/tmp/tulib ' + PACKAGE_NAME).read()
62 |     print '[---------------------------------------]'
63 |     os.popen('adb pull ' + content + ' tmp/extra')
64 |     print '[---------------------------------------]'
65 | 
66 | def Compromises():
67 |     print '[*] Compromises dex'
68 |     global APK_PATH
69 |     global PACKAGE_NAME
70 |     os.popen('java -jar ext-tools/baksmali.jar ' + APK_PATH + ' -o tmp/out')
71 |     os.popen('java -jar ext-tools/baksmali.jar tmp/extra -o tmp/out')
72 |     #清除加固残留物
73 |     if os.path.exists('tmp/out/com/tencent/bugly'):
74 |         os.popen('rm -rf tmp/out/com/tencent/bugly')
75 |     if os.path.exists('tmp/out/com/tencent/StubShell'):
76 |         os.popen('rm -rf tmp/out/com/tencent/StubShell')
77 |     #合并修复dex
78 |     os.popen('java -jar ext-tools/smali.jar tmp/out -o result/' + PACKAGE_NAME + '.dex')
79 |     if os.path.exists('result/' + PACKAGE_NAME + '.dex'):
80 |         print '[*] Success >> ' + 'result/' + PACKAGE_NAME + '.dex'
81 |     #清理环境
82 |     if os.path.exists('tmp'):
83 |         shutil.rmtree('tmp')
84 | def Useage():
85 |     Title()
86 |     print '[*] Useage: tunpacker.py jiagu.apk'
87 |     print '[*] 1.Before Running ,make sure a rooted Android system has been connected to your PC'
88 |     print '[*] 2.Only for testing,Do not be evil !'
89 | if __name__ == '__main__':
90 |     if len(sys.argv) < 2:
91 |         Useage()
92 |     else:
93 |         APK_PATH = sys.argv[1]
94 |         CheckEnv()
95 |         Dump()
96 |         Compromises()
97 | 


--------------------------------------------------------------------------------