├── README.md ├── ext-tools ├── AXMLPrinter2.jar ├── armeabi │ └── tulib ├── baksmali.jar ├── smali.jar └── x86 │ └── tulib ├── screenshot.png └── tunpacker.py /README.md: -------------------------------------------------------------------------------- 1 | TUnpacker 2 | === 3 | 4 | 简介 5 | === 6 | *TUnpacker*是一款Android脱壳工具 7 | *TUnpacker* is an Android unpack tool. 8 | 9 | 使用方法 10 | === 11 | python tunpacker.py jiagu.apk 12 | 13 | 工具截图 14 | === 15 | ![image](https://github.com/DrizzleRisk/TUnpacker/blob/master/screenshot.png) 16 | 17 | 必读事项 18 | === 19 | 1.本代码仅适用于特定的加固方式 (请参考脚本内容) 20 | 2.本代码仅供安全研究及授权测试使用,如用于非法用途,后果自负 21 | 3.运行本代码前需要确保连接Android测试设备或虚拟机,并确保Android系统已root 22 | 23 | 工具集(分别适用于不同加固) 24 | === 25 | 26 | drizzleDumper 27 | 28 | TUnpacker 29 | 30 | BUnpacker 31 | 32 | -------------------------------------------------------------------------------- /ext-tools/AXMLPrinter2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/AXMLPrinter2.jar -------------------------------------------------------------------------------- /ext-tools/armeabi/tulib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/armeabi/tulib -------------------------------------------------------------------------------- /ext-tools/baksmali.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/baksmali.jar -------------------------------------------------------------------------------- /ext-tools/smali.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/smali.jar -------------------------------------------------------------------------------- /ext-tools/x86/tulib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/ext-tools/x86/tulib -------------------------------------------------------------------------------- /screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DrizzleRisk/TUnpacker/94464fde5bab78b22cf62bf50f8ed1a5525a164a/screenshot.png -------------------------------------------------------------------------------- /tunpacker.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | import sys,shutil 3 | reload(sys) 4 | sys.setdefaultencoding('utf-8') 5 | import os,time,zipfile 6 | from xml.dom import minidom 7 | 8 | PACKAGE_NAME = '' 9 | START_ACTIVITY = '' 10 | APK_PATH = '' 11 | def Title(): 12 | print '[>>>] TUnpacker [<<<]' 13 | print '[>>>] code by Drizzle [<<<]' 14 | print '[>>>] 2016.10 [<<<]' 15 | def CheckEnv(): 16 | Title() 17 | print '[*] Init env' 18 | global APK_PATH 19 | global PACKAGE_NAME 20 | global START_ACTIVITY 21 | #初始化环境 22 | if not os.path.exists('result'): 23 | os.mkdir('result') 24 | if not os.path.exists('tmp'): 25 | os.mkdir('tmp') 26 | CPU = 'x86' 27 | os.popen('adb root').readlines()[0].strip('\n') 28 | result = os.popen('adb shell cat /proc/cpuinfo').read() 29 | if result.find('ARM') != -1: 30 | CPU = 'armeabi' 31 | print '[*] Target: '+CPU 32 | print '[---------------------------------------]' 33 | os.popen('adb push ext-tools/' + CPU + '/tulib /data/local/tmp') 34 | os.popen('adb install ' + APK_PATH) 35 | print '[---------------------------------------]' 36 | #获取包信息备用 37 | print '[*] Get package info' 38 | nxml = open('tmp/nxml.xml','w') 39 | zf = zipfile.ZipFile(APK_PATH, 'r') 40 | content = zf.read('AndroidManifest.xml') 41 | nxml.write(content) 42 | nxml.close() 43 | content = os.popen('java -jar ext-tools/AXMLPrinter2.jar tmp/nxml.xml').read() 44 | mfest = minidom.parseString(content) 45 | manifest = mfest.getElementsByTagName('manifest') 46 | activities = mfest.getElementsByTagName("activity") 47 | for node in manifest: 48 | PACKAGE_NAME = node.getAttribute("package") 49 | for activity in activities: 50 | for sitem in activity.getElementsByTagName("action"): 51 | val = sitem.getAttribute("android:name") 52 | if val == "android.intent.action.MAIN" : 53 | START_ACTIVITY = activity.getAttribute("android:name") 54 | 55 | def Dump(): 56 | print '[*] Dump dex' 57 | global PACKAGE_NAME 58 | global START_ACTIVITY 59 | os.popen('adb shell am start -n ' + PACKAGE_NAME + '/' + START_ACTIVITY) 60 | time.sleep(5) 61 | content = os.popen('adb shell ./data/local/tmp/tulib ' + PACKAGE_NAME).read() 62 | print '[---------------------------------------]' 63 | os.popen('adb pull ' + content + ' tmp/extra') 64 | print '[---------------------------------------]' 65 | 66 | def Compromises(): 67 | print '[*] Compromises dex' 68 | global APK_PATH 69 | global PACKAGE_NAME 70 | os.popen('java -jar ext-tools/baksmali.jar ' + APK_PATH + ' -o tmp/out') 71 | os.popen('java -jar ext-tools/baksmali.jar tmp/extra -o tmp/out') 72 | #清除加固残留物 73 | if os.path.exists('tmp/out/com/tencent/bugly'): 74 | os.popen('rm -rf tmp/out/com/tencent/bugly') 75 | if os.path.exists('tmp/out/com/tencent/StubShell'): 76 | os.popen('rm -rf tmp/out/com/tencent/StubShell') 77 | #合并修复dex 78 | os.popen('java -jar ext-tools/smali.jar tmp/out -o result/' + PACKAGE_NAME + '.dex') 79 | if os.path.exists('result/' + PACKAGE_NAME + '.dex'): 80 | print '[*] Success >> ' + 'result/' + PACKAGE_NAME + '.dex' 81 | #清理环境 82 | if os.path.exists('tmp'): 83 | shutil.rmtree('tmp') 84 | def Useage(): 85 | Title() 86 | print '[*] Useage: tunpacker.py jiagu.apk' 87 | print '[*] 1.Before Running ,make sure a rooted Android system has been connected to your PC' 88 | print '[*] 2.Only for testing,Do not be evil !' 89 | if __name__ == '__main__': 90 | if len(sys.argv) < 2: 91 | Useage() 92 | else: 93 | APK_PATH = sys.argv[1] 94 | CheckEnv() 95 | Dump() 96 | Compromises() 97 | --------------------------------------------------------------------------------