The Smali file

Question

The Smali file

JDaltonLins opened this issue 4 years ago · comments

Dalton Lins commented 4 years ago

Hello and good morning (at least here).
I tried to use simplify on Instagram, to be able to extract an API.

However, it returned the following error:

It seems that name is not supported outside alphanumeric.

so sad ;-;

Sorry if the English is bad, the google translator is not 100% guaranteed.

Caleb Fenton · Answer 1 · Wed Oct 07 2020 12:55:00 GMT+0800 (China Standard Time)

Hello, what is the file hash (sha256)? Where can I get the sample?

Most importantly, does LX/6rt; exist in the dex file? It may be created at runtime by an unpacker or something.

Does this file disassemble with baksmali dis <apk>? If it's not compatible with dexlib2 (baksmali), then the issue is there and there's not much I can do about it.

Dalton Lins · Answer 2 · Wed Oct 07 2020 13:50:48 GMT+0800 (China Standard Time)

793cb753a5bd35096c1789b69daeb615568c140388ea122f0d7c41fd9b0425bd *Instagram_v162.0.0.42.125.apk

I used baksmali and there was no error, but none of the files had the class declaration LX/6rt; , the strange thing is that many files use this same class. I used grep to search within the files. log

But with dex2jar I got the class, but this apk has more than 20k (if I'm not mistaken) of classes and etc.
I don't know if the error is due to the number of existing classes

In case you want to try it yourself, download.

Caleb Fenton · Answer 3 · Wed Oct 07 2020 14:16:14 GMT+0800 (China Standard Time)

There are two problems here. The smaller problem is that this class (it's an interface) is inside of classes2.dex and dexlib2 isn't super multi-dex-aware. This is something others have asked about improving, but there's an easy work around: just dump all the dex files to a single directory and work from the smali, e.g. apktool d <apk path>

The larger problem is that you're trying to use the wrong tool for the job. Simplify is for code deobfuscation, not really identifier remapping. Unfortunately, Simplify will not give you useful names for variables, methods, classes (i.e. identifiers). This code isn't actually obfuscated, it's just hard to read because they stripped a lot of the names out. Most commercial apps don't really obfuscate because it's hard to implement and can break things. The only people who use real obfuscation are super paranoid weirdos and malware authors. And usually their apps aren't that big.

Since Simplify tries to execute every possible path in every single method in every one of the ~3000 classes with your include filter, it'll take about 100 years. I'd give you more specific advice, but I'm not sure what you're trying to do.

Caleb Fenton · Answer 4 · Wed Oct 07 2020 14:17:28 GMT+0800 (China Standard Time)

Duplicate of #60

Might implement multi-dex one day but it's really just a quality of life feature and it's more an indication that you're using the tool in a way it's not designed to be used, i.e. against large commercial apps (which aren't really obfuscated)

ApkUnpacker · Answer 5 · Wed Oct 07 2020 14:19:10 GMT+0800 (China Standard Time)

http://apk-deguard.com/ is the thing you should try buddy