GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sslab-gatech → Avpass

sslab-gatech / Avpass

Licence: gpl-2.0
Tool for leaking and bypassing Android malware detection system

Labels

smali

Projects that are alternatives of or similar to Avpass

Wechat
modified wechat
Stars: ✭ 66 (-69.72%)
Mutual labels:  smali
Backdoor Apk
backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.
Stars: ✭ 1,766 (+710.09%)
Mutual labels:  smali
Sublime Smali
A syntax highlighter for the Dalvik bytecode language, Smali
Stars: ✭ 157 (-27.98%)
Mutual labels:  smali
Gcam
Stars: ✭ 68 (-68.81%)
Mutual labels:  smali
Obfusesmalitext
smali文件,jar包字符串混淆,支持gradle插件
Stars: ✭ 105 (-51.83%)
Mutual labels:  smali
Haxrat
A Android RAT with lots of features , check README for more information.
Stars: ✭ 135 (-38.07%)
Mutual labels:  smali
Autoreinforce
自动加固Android App
Stars: ✭ 55 (-74.77%)
Mutual labels:  smali
Sigkill
一键绕过App签名验证
Stars: ✭ 172 (-21.1%)
Mutual labels:  smali
Apk Changer
Command line program for modifying apk files
Stars: ✭ 122 (-44.04%)
Mutual labels:  smali
Bytecode Viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Stars: ✭ 12,606 (+5682.57%)
Mutual labels:  smali
Tinysmaliemulator
A very minimalist smali emulator that could be used to "decrypt" obfuscated strings
Stars: ✭ 68 (-68.81%)
Mutual labels:  smali
Pixellaunchermodv5
Stars: ✭ 95 (-56.42%)
Mutual labels:  smali
Hiding Passwords Android
A project to compare various secret/sensitive key hiding techniques in android.
Stars: ✭ 139 (-36.24%)
Mutual labels:  smali
Jflte Gpe
Google Edition by Danvdh, Kryten2k35, Googy_Anas & Ktoonsez
Stars: ✭ 67 (-69.27%)
Mutual labels:  smali
Androidreversenotes
Android逆向笔记---从入门到入土
Stars: ✭ 163 (-25.23%)
Mutual labels:  smali
Simplesmali
通过精简Smali语法细节来增强反编译代码阅读性,自定义了一种简单语法
Stars: ✭ 61 (-72.02%)
Mutual labels:  smali
Treble experimentations
Notes about tinkering with Android Project Treble
Stars: ✭ 2,000 (+817.43%)
Mutual labels:  smali
Com.tencent.mm
WeChat
Stars: ✭ 208 (-4.59%)
Mutual labels:  smali
Apkstudio
Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
Stars: ✭ 2,246 (+930.28%)
Mutual labels:  smali
Java2smali
java代码直接转化成smali代码工具
Stars: ✭ 142 (-34.86%)
Mutual labels:  smali
View All Similar Projects ➔

AVPASS

AVPASS is a tool for leaking the detection model of Android malware detection systems (i.e., antivirus software), and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques. AVPASS is not limited to detection features used by detection systems, and can also infer detection rules so that it can disguise any Android malware as a benign application by automatically transforming the APK binary. To prevent leakage of the application logic during transformation, AVPASS provides an Imitation Mode that allows malware developers to safely query curious detection features without sending the entire binary.

AVPASS offers several useful features to transform any Android malware so it can bypass anti-virus software. Below are the main features AVPASS offers:

  • APK obfuscation with more than 10 modules
  • Feature inference for the detection system by using individual obfuscation
  • Rule inference of the detection system by using the 2k factorial experiment
  • Targeted obfuscation to bypass a specific detection system
  • Safe query support by using Imitation Mode

DISCLAIMER

All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. The authors and SSLab group will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law. (Disclaimer taken from: here)

DEMO

  • Bypassing API-, Dataflow-, Interaction-based detection systems

DEMO1

  • Inferring and Bypassing AVs through VirusTotal

DEMO2

License

This project is released under the GPL license.

Running & Docs

More documentation is available in docs/README.md.

Authors and Contact

These are the list of contributors for implementing AVPASS:

  • Jinho Jung
  • Chanil Jeon
  • Max Wolotsky
  • Insu Yun
  • Arbis Arthur Batenburg

Send us email for any questions.

Main contact point: Jinho Jung ([email protected])

Contribute

If you want to contribute, please pick up something from our Github issues.

Cite

  • Black Hat USA 2017
@inproceedings{jung:avpass-bh,
  title        = {{AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically}},
  author       = {Jinho Jung and Chanil Jeon and Max Wolotsky and Insu Yun and Taesoo Kim},
  booktitle    = {Black Hat USA Briefings (Black Hat USA)},
  month        = jul,
  year         = 2017,
  address      = {Las Vegas, NV},
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].