quarkslab / Legu_unpacker_2019
Scripts to unpack APK protected by Legu
Stars: ✭ 150
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Legu unpacker 2019
Jarvis
"Just Another ReVersIng Suite" or whatever other bullshit you can think of
Stars: ✭ 137 (-8.67%)
Mutual labels: reverse-engineering
Native Shim
A "shim" for loading native jni files for Android active debugging
Stars: ✭ 145 (-3.33%)
Mutual labels: reverse-engineering
Stuff
Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest
Stars: ✭ 146 (-2.67%)
Mutual labels: reverse-engineering
Wechatmagician
WechatMagician is a Xposed module written in Kotlin, that allows you to completely control your Wechat.
Stars: ✭ 1,739 (+1059.33%)
Mutual labels: reverse-engineering
Magisk Frida
🔐 Run frida-server on boot with Magisk, always up-to-date
Stars: ✭ 144 (-4%)
Mutual labels: reverse-engineering
Steamkit
SteamKit2 is a .NET library designed to interoperate with Valve's Steam network. It aims to provide a simple, yet extensible, interface to perform various actions on the network.
Stars: ✭ 1,926 (+1184%)
Mutual labels: reverse-engineering
Tastyworks api
An unofficial, reverse-engineered Python API for tastyworks.
Stars: ✭ 138 (-8%)
Mutual labels: reverse-engineering
Execution Trace Viewer
Tool for viewing and analyzing execution traces
Stars: ✭ 149 (-0.67%)
Mutual labels: reverse-engineering
Nauz File Detector
Linker/Compiler/Tool detector for Windows, Linux and MacOS.
Stars: ✭ 146 (-2.67%)
Mutual labels: reverse-engineering
Apiscout
This project aims at simplifying Windows API import recovery on arbitrary memory dumps
Stars: ✭ 146 (-2.67%)
Mutual labels: reverse-engineering
Rematch
REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
Stars: ✭ 141 (-6%)
Mutual labels: reverse-engineering
Xpeviewer
PE file viewer/editor for Windows, Linux and MacOS.
Stars: ✭ 144 (-4%)
Mutual labels: reverse-engineering
Android Analysis
Getting Genymotion & Burpsuite setup for Android Mobile App Analysis
Stars: ✭ 146 (-2.67%)
Mutual labels: reverse-engineering
Iosreextension
A fast and elegant extension for VSCode used for iOSre projects.
Stars: ✭ 139 (-7.33%)
Mutual labels: reverse-engineering
Droidreverse
reverse engineering tools for android(android 逆向工程工具集)
Stars: ✭ 1,839 (+1126%)
Mutual labels: reverse-engineering
Pafish
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Stars: ✭ 2,026 (+1250.67%)
Mutual labels: reverse-engineering
Triton
Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.
Stars: ✭ 1,934 (+1189.33%)
Mutual labels: reverse-engineering
Validity90
Reverse engineering of Validity/Synaptics 138a:0090, 138a:0094, 138a:0097, 06cb:0081, 06cb:009a fingerprint readers protocol
Stars: ✭ 1,807 (+1104.67%)
Mutual labels: reverse-engineering
Mviewer
Reverse Engineer MView 3D File Format
Stars: ✭ 148 (-1.33%)
Mutual labels: reverse-engineering
Ghidra Switch Loader
Nintendo Switch loader for Ghidra
Stars: ✭ 146 (-2.67%)
Mutual labels: reverse-engineering
Legu Unpacker
Scripts to unpack Android applications protected by Tencent Legu. It only works with versions 4.1.0.15 and 4.1.0.18 of Legu.
Blog post: https://blog.quarkslab.com/a-glimpse-into-tencents-legu-packer.html
Overview
The original DEX files are located in assets/0OO00l111l1l with the following layout:
One can find the details of this structure in the Kaitai file: legu_packed_file.ks
The hashmap embedded in the second part is described in the legu_hashmap.ks file:
pylegu
pylegu contains the Python bindings to decrypt and uncompress the data embedded in assets/0OO00l111l1l.
To compile and install pylegu:
$ cd pylegu
$ python3.7 ./setup.py build -j4 install --user
$ python -c "import pylegu"
One could also use jap/pyucl to decompress the data and aguinet/dragonffi to bind the custom implementation of XTEA.
Get Started
The sample com.intotherain.voicechange.apk is a suspicious application that can be unpacked as follows:
$ python ./unpack.py ./samples/com.intotherain.voicechange.apk
[+] Legu version: 4.1.0.15
[+] Password is 'IPk2Hw7AKTuIQBlc'
[+] Number of dex files: 1
[+] Unpacking #1 DEX files ...
[+] dex 0 compressed size: 0x1619a3
[+] dex 0 uncompressed size: 0x5671f8
[+] Unpacking #1 hashmap ...
[+] hashmap 0 compressed size: 0x4399c
[+] hashmap 0 uncompressed size: 0x95558
[+] Unpacking #1 packed methods ...
[+] packed methods 0 compressed_size: 0xf4636
[+] packed methods 0 uncompressed_size: 0x1e3072
[+] Stage 2: Patching DEX files
[+] Unpacked APK: unpacked.apk
The unpacked DEX files are located in the unpacked.apk file.
Requirements
- Python >= 3.7
- Kaitai Struct
- LIEF
- pylegu
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].