calebfenton / dex-oracle Goto Github PK

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

License: MIT License

Ruby 72.78% Java 22.78% Smali 4.18% Shell 0.26%

reverse-engineering android malware malware-analysis malware-analyzer deobfuscation deobfuscator dex dalvik malware-research

dex-oracle's Introduction

Oracle

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify.

Before

After

sha1: a68d5d2da7550d35f7dbefc21b7deebe3f4005f3

md5: 2dd2eeeda08ac8c15be8a9f2d01adbe8

Installation

Step 1. Install Smali / Baksmali

Since you're an elite Android reverser, I'm sure you already have Smali and Baksmali on your path. If for some strange reason it's not already installed, this should get you started, but please examine it carefully before running:

mkdir ~/bin || cd ~/bin
curl --location -O https://bitbucket.org/JesusFreke/smali/downloads/smali-2.2.5.jar && mv smali-*.jar smali.jar
curl --location -O https://bitbucket.org/JesusFreke/smali/downloads/baksmali-2.2.5.jar && mv baksmali-*.jar baksmali.jar
curl --location -O https://bitbucket.org/JesusFreke/smali/downloads/smali
curl --location -O https://bitbucket.org/JesusFreke/smali/downloads/baksmali
chmod +x ./smali ./baksmali
export PATH=$PATH:$PWD

Step 2. Install Android SDK / ADB

Make sure adb is on your path.

Step 3. Install the Gem

gem install dex-oracle

Or, if you prefer to build from source:

git clone https://github.com/CalebFenton/dex-oracle.git
cd dex-oracle
gem install bundler
bundle install

Step 4. Connect a Device or Emulator

You must have either an emulator running or a device plugged in for Oracle to work. The minimum required Android version is 5.0!

Oracle needs to execute methods on an live Android system. This can either be on a device or an emulator (preferred). If it's a device, make sure you don't mind running potentially hostile code on it.

If you'd like to use an emulator, and already have the Android SDK installed, you can create and start emulator images with:

android avd

Usage

Usage: dex-oracle [opts] <APK / DEX / Smali Directory>
    -h, --help                       Display this screen
    -s ANDROID_SERIAL,               Device ID for driver execution, default=""
        --specific-device
    -t, --timeout N                  ADB command execution timeout in seconds, default="120"
    -i, --include PATTERN            Only optimize methods and classes matching the pattern, e.g. Ldune;->melange\(\)V
    -e, --exclude PATTERN            Exclude these types from optimization; including overrides
        --disable-plugins STRING[,STRING]*
                                     Disable plugins, e.g. stringdecryptor,unreflector
        --list-plugins               List available plugins
    -v, --verbose                    Be verbose
    -V, --vverbose                   Be very verbose

For example, to only deobfuscate methods in a class called Lcom/android/system/admin/CCOIoll; inside of an APK called obad.apk:

dex-oracle -i com/android/system/admin/CCOIoll obad.apk

How it Works

Oracle takes Android apps (APK), Dalvik executables (DEX), and Smali files as inputs. First, if the input is an APK or DEX, it is disassembled into Smali files. Then, the Smali files are passed to various plugins which perform analysis and modifications. Plugins search for patterns which can be transformed into something easier to read. In order to understand what the code is doing, some Dalvik methods are actually executed with and the output is collected. This way, some method calls can be replaced with constants. After that, all of the Smali files are updated. Finally, if the input was an APK or a DEX file, the modified Smali files are recompiled and an updated APK or DEX is created.

Method execution is performed by the Driver. The input APK, DEX, or Smali is combined with the Driver into a single DEX using dexmerge and is pushed onto a device or emulator. Plugins can then use Driver which uses Java reflection to execute methods from the input DEX. The return values can be used to improve semantic analysis beyond mere pattern recognition. This is especially useful for many string decryption methods, which usually take an encrypted string or some byte array. One limitation is that execution is limited to static methods.

Hacking

Creating Your Own Plugin

There are three plugins which come with Oracle:

Undexguard - removes certain types of Dexguard obfuscations
Unreflector - removes some Java reflection
String Decryptor - simple plugin which removes a common type of string encryption

If you encounter a new type of obfuscation, it may be possible to deobfuscate with Oracle. Look at the Smali and figure out if the code can either be:

rearranged
understood by executing some static methods

If either of these two are the case, you should try and write your own plugin. There are four steps to building your own plugin:

identify Smali patterns
figure out how to simplify the patterns
figure out how to interact with driver and invoke methods
figure out how to apply modifications directly

The included plugins should be a good guide for understanding steps #3 and #4. Driver is designed to help with step #2.

Of course, you're always welcome to share whatever obfuscation you come across and someone may eventually get to it.

Updating Driver

First, ensure dx is on your path. This is part of the Android SDK, but it's probably not on your path unless you're hardcore.

The driver folder is a Java project managed by Gradle. Import it into Eclipse, IntelliJ, etc. and make any changes you like. To finish updating the driver, run ./update_driver. This will rebuild the driver and convert the output JAR into a DEX.

Troubleshooting

If there's a problem executing driver code on your emulator or device, be sure to open monitor (part of the Android SDK) and check for any clues there. Even if the error doesn't make sense to you, it'll help if you post it along with the issue you'll create.

Not all Android platforms work well with dex-oracle. Some of them just crap out when trying to execute arbitrary DEX files. If you're having trouble with Segfaults or driver crashes, try using Android 4.4.2 API level 19 with ARM.

It's possible that a plugin sees a pattern it thinks is obfuscation but is actually some code it shouldn't execute. This seems unlikely because the obfuscation patterns are really unusual, but it is possible. If you're finding a particular plugin is causing problems and you're sure the app isn't protected by that particular obfuscator, i.e. the app is not DexGuarded but the DexGuard plugin is trying to execute stuff, just disable it.

More Information

dex-oracle's People

Contributors

Stargazers

Watchers

Forkers

uo250711 0xr0ot bushalo cpluse melbshark keulraesik pwelyn jokerni codecrack3 equationdz cjq rubyzy binsys 453483289 ikoz shuixi2013 netspire jbaginski themenucha bkerler michaelcranevong halfkiss tamerplatform apcwowo congenital virqdroid wanchouchou flycrane thomasking2014 curehsu krishachetan89 rover12421 worldcosplaygirl live17909 lukedaywalker gb0070 nitroxenon terry2012 zezebao prometheusxtime zuk-playground mr-polite simonliyu xiaomale ghostfish2018 yehgdotnet jasi2169 parhelia512 asutoshpalai enovella crackercat snollyg0st3r tigerwood primekun sasqwatch aplus123 mmg1 suge hohjgdhsj xxxyanchenxxx superbase-zz zekn tinyshay dxcyber409 nbg0x1 woozoo86 loulei moonight10 netstu hello-xbugs funnyproject skyun1314 unknowphoton fhooker seabreg duydqq matioupi jepon besimbicer89 githubxiaowangzi chenshige lykmoon supercuglong android-toolkits yashomer1994 actorexpose eybisi o2e modulexcite slxshmodder gitwk86 hartl3y94 thisistfs sergiogarciasec colasnow thelumberjhack

dex-oracle's Issues

Help a stranger?

@CalebFenton

Hey,

You may or may not remember be, but i'm the guy who asked for your help on de-obfuscating a modified kik messager app known as "Pikek". The un-obfuscated version of the app was "leaked" so i jumped ship on trying to fuzz with the obfuscated code and started messing around with it.

I am back though asking for help on another obfuscated kik app.

This is my last plea.

Here's some background:

There is a small community surrounding it that does "Modifications" to its regular version. It's very popular now days for users to have a Modified Kik App. The "developers" of these modded kiks add all kinds of features that aren't normally in the regular version followed by mass distributing it via their websites.

The features include everything from changing the theme to having automated messages. If you'd like more detail, i'll give you a rundown of what the coolest mods to have on kik are. It really is a thing, no joke.

Fyi again, I do not know how to code and technically am a "skid", but i would like to be able to go in, look at the coding, see what they did, change and add things for myself; Basically customizing it the way i like it and using it on my personal behalf, for fun of course.

There is one app in particular known as "Matrik" that has been obfuscated similar to what "Pikek" had.

It has long class names with weird symbols and string encryption. Obviously, this was done to prevent "skids" from taking their work and claiming it to be theirs. It is only done to a handful of smali files; Files that they have either added or tampered with. Even so, most of the smali files weren't touched, just obfuscated differently. The ones with the added features are scattered among the smali files in the com and the folder titled matrik.

I have retried dex-oracle. The good news is that there are no errors, but the bad news is that i don't think the plugins are set up to do anything. "Optimized 0 methods" I can't figure out how to use or even understand what to change, yet alone figure out what i'm looking at for unique patterns and such.

It is an older version of kik: Version 8.10, that originally had default proguard with names and such as letters. Here is the regular version kik 8.10. Note: This is a old version of kik that the modded kik is based on, not the current one in the google store.

https://drive.google.com/open?id=0BwhSOSdIKPj8WWhKU1lORk40N1k

-> from my google drive and may have to copy and paste link into browser

Here is the Modified Kik App, also known as "Matrik": I obviously used the Apktool to decompile it.

https://drive.google.com/open?id=0BwhSOSdIKPj8WWhKU1lORk40N1k

-> from my google drive and may have to copy and paste link into browser

(If you'd like the decompiled apk, i'll give you a zip folder of all the files. Of course it would be much faster if you decompiled it yourself)

This is what the class names look like:

This is what the encrypted strings look like: As you can see from looking at the function name, the main dude who writes most of the javascript/smali calls himself moon. Don't get me wrong though, he seems to a very talented java script programmer. Some of what is on matrik is pretty impressive, to me anywho.

As a stranger, I am not pressuring you into helping me out, but i'd appreciate if you'd so kindly take some time out of your day try to help me break this. Although, this isn't anything important, most likely a waste of time, but i'm putting this out there in case you're bored.

By all means, Anyone who comes across this post may take a crack at it.

Thanks,

Paul

[Q] oracle in the jvm?

hi,

i admit to be very lazy and haven't tried this tool.

before i found it i was thinking of writing a similar tool but with a couple of differences:

a) processing dex using dexlib2 instead of processing smali text.
b) running target code in the jvm itself.

instead of a device or emulator, i thought of simply running the dex through dex2jar and invoking methods directly.

to sandbox, i thought of implementing a class loader that breaks the common pattern of delegation and only delegate classes that are whitelisted as safe (eg: String). classes that are loadable in the parent class loader but are not whitelisted would throw an error. and the rest would be loaded from the dex2jar jar.

i thought of mentioning this because you might think that this is an improvement over the current implementation, or at least a welcomed option. for literal decryption, i guess there wouldn't be to much whitelisting needed. in any case, an automated whitelisting solution could be developed.

i never implemented a class loader sandbox so my ideas could be way off. i just imagine how the JVM works, i haven't read much.

the sharing of whitelisted classes between contexts could be a problem. eg, a java.lang class could have static fields that get modified by the target code and end up influencing dex-oracle. an alternative would be not to delegate anything and load new class copies from the java runtime jar in the target class loader.

for instance, String could be loaded again, this time by the oracle class loader. passing a string argument to target code would entail building an oracle String using reflection from main code, since system String is not the same class as oracle String. Object and arrays at least would need to be treated specially. with this solution there might not be a need to whitelist anything: if access to native methods is forbidden, the whole java runtime would be neutered. in fact, the android runtime could be used instead (minus native implementations, obviously).

actually a mix of both strategies would work too, whitelisting String, Integer, et al from the system class loader to avoid marshaling to/from oracle, and reloading other runtime classes

Baksmali is not defined.

How to solve this problem? I set with export to path but its not working. Making aliases in .bashrc file. It doenst work. So what i need to do?
Thanks
Mike!

Ruby Zipfile trying to rename open Tempfile

Windows is currently broken because an open Tempfile is given to Zip to create a new zip.

Error looks like this:

C:\repos\dex-oracle>ruby bin\dex-oracle -v app.apk
Error installing driver: Permission denied @ rb_file_s_rename - (C:/Users/devbox/AppData/Local/Temp/oracle-driver20160709-1628-1n79sw2.zip20160709-1628-n6l3hq,C:/Users/devbox/AppData/Local/Temp/oracle-driver20160709-1628-1n79sw2.zip)
C:/Ruby23-x64/lib/ruby/gems/2.3.0/gems/rubyzip-1.2.0/lib/zip/file.rb:408:in `rename'
        C:/Ruby23-x64/lib/ruby/gems/2.3.0/gems/rubyzip-1.2.0/lib/zip/file.rb:408:in `on_success_replace'
        C:/Ruby23-x64/lib/ruby/gems/2.3.0/gems/rubyzip-1.2.0/lib/zip/file.rb:310:in `commit'
        C:/Ruby23-x64/lib/ruby/gems/2.3.0/gems/rubyzip-1.2.0/lib/zip/file.rb:334:in `close'
        C:/Ruby23-x64/lib/ruby/gems/2.3.0/gems/rubyzip-1.2.0/lib/zip/file.rb:104:in `open'
        C:/repos/dex-oracle/lib/dex-oracle/utility.rb:16:in `create_zip'
        C:/repos/dex-oracle/lib/dex-oracle/driver.rb:53:in `install'
        bin/dex-oracle:89:in `<main>'
C:/repos/dex-oracle/lib/dex-oracle/smali_file.rb:42:in `read': Invalid argument @ rb_sysopen - C:/Users/devbox/AppData/Local/Temp/d20160709-1628-14kgu8g/com/android/volley/toolbox/????.smali (Errno::EINVAL)
        from C:/repos/dex-oracle/lib/dex-oracle/smali_file.rb:42:in `parse'
        from C:/repos/dex-oracle/lib/dex-oracle/smali_file.rb:21:in `initialize'
        from C:/repos/dex-oracle/lib/oracle.rb:58:in `new'
        from C:/repos/dex-oracle/lib/oracle.rb:58:in `block in parse_smali'
        from C:/repos/dex-oracle/lib/oracle.rb:58:in `each'
        from C:/repos/dex-oracle/lib/oracle.rb:58:in `parse_smali'
        from C:/repos/dex-oracle/lib/oracle.rb:9:in `initialize'
        from bin/dex-oracle:91:in `new'
        from bin/dex-oracle:91:in `<main>'

Emulate stack trace related methods

I tring this apk http://www8.zippyshare.com/v/vQTFFChK/file.html Uret Patcher v3.5.apk,
you can find it on https://jasi2169.wordpress.com/ , this apk encrypt strings with a dinamic key which depends on method call.

    StackTraceElement v1 = new RuntimeException().getStackTrace()[1];
    String v4 = new StringBuffer(v1.getMethodName()).insert(0, v1.getClassName()).toString();
    // code with xor and string v4

I used android x86 (Remix OS). I got this log on logcat

04-20 08:26:20.000 15205 15205 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 2000 <<<<<<
04-20 08:26:20.002 15205 15205 D AndroidRuntime: CheckJNI is OFF
04-20 08:26:20.002 15205 15205 E cutils-trace: Error opening trace file: Permission denied (13)
04-20 08:26:20.019 15205 15205 D ICU     : No timezone override file found: /data/misc/zoneinfo/current/icu/icu_tzdata.dat
04-20 08:26:20.023 15205 15205 W art     : Could not create mount namespace.
04-20 08:26:20.023 15205 15205 W         : Failed to bind-mount /system/lib/x86/cpuinfo as /proc/cpuinfo: Operation not permitted
04-20 08:26:20.034 15205 15205 E memtrack: Couldn't load memtrack module (No such file or directory)
04-20 08:26:20.034 15205 15205 E android.os.Debug: failed to load memtrack module: -2
04-20 08:26:20.035 15205 15205 I Radio-JNI: register_android_hardware_Radio DONE
04-20 08:26:20.044 15205 15205 D AndroidRuntime: Calling main entry org.cf.oracle.Driver
04-20 08:26:20.071 15205 15205 D AndroidRuntime: Shutting down VM

This is the command line used:

# dex-oracle -i zone/jasi2169/uretpatcher/Xposed prova.apk 
Optimizing 67 methods over 2385 Smali files.
Optimizations: string_lookups=0, string_decrypts=193, class_lookups=0
Time elapsed 20.289434831 seconds

On class zone/jasi2169/uretpatcher/Xposed all decrypted strings are wrong and one string is not decrypted.

Programm don't work

I try deobfuscated cod in android apk on real device connected with usb. I use kali linux x86. But i don't understand why i get permission denied in log. Device with root.

My log:
root@kali:~# dex-oracle -i ru/my/test/Protected_App /root/12.apk
failed to copy '/tmp/oracle-driver20170329-32112-13naw8n.zip' to '/data/local/od.zip': Permission denied
Optimizing 50 methods over 4612 Smali files.
failed to copy '/tmp/oracle-targets20170329-32112-ipstx8.json' to '/data/local/od-targets.json': Permission denied
/var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/dex-oracle/driver.rb:212:in validate_output': a (RuntimeError)ution failure, output: 'Aborted 0' from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/dex-oracle/driver.rb:222:in drive'
from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/dex-oracle/driver.rb:113:in run_batch' from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:47:in apply_batch'
from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/dex-oracle/plugins/string_decryptor.rb:38:in process' from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/oracle.rb:33:in block (2 levels) in process_plugins'
from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/oracle.rb:31:in each' from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/oracle.rb:31:in block in process_plugins'
from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/oracle.rb:29:in loop' from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/oracle.rb:29:in process_plugins'
from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/lib/oracle.rb:18:in divine' from /var/lib/gems/2.3.0/gems/dex-oracle-1.0.5/bin/dex-oracle:94:in <top (required)>'
from /usr/local/bin/dex-oracle:23:in load' from /usr/local/bin/dex-oracle:23:in

'
Please, help me.

Smarter plugin management

Right now, all plugins are enabled by default and the user can disable them. However, it's likely that some plugins should only run in some circumstances. Should make it so plugins can declare themselves disabled by default.

As a bonus, would be nice if plugins were a bit more documented.

the exception:"Failure to merge input DEX and driver DEX: was found

I encountered such an exception when I was trying to execute:dex-oracle ~/1.apk on ubuntu 15.10

the following details might help:

java version "1.6.0_45"

Java(TM) SE Runtime Environment (build 1.6.0_45-b06)

Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)

adb version: Android Debug Bridge version 1.0.31

Here is the detailed error:

wolf@wolf:~$ dex-oracle ~/1.apk
[ERROR] 2016-09-17 01:53:43: Failure to merge input DEX and driver DEX:
Exception in thread "main" java.lang.UnsupportedClassVersionError: com/android/dx/merge/DexMerger : Unsupported major.minor version 52.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
Could not find the main class: com.android.dx.merge.DexMerger. Program will exit.

Need to set debuggable = true?

When supplying an APK, do I need to set debuggable to true in the manifest?

Smali compilation failed on macOS

I got an error stating that the smali compilation procedure is failing. Any idea what can be the problem?

I'm running this on macOS 10.14 Mojave

Exception in thread "main" com.beust.jcommander.MissingCommandException: Expected a command, got itsme-1.32.0004.apk
	at com.beust.jcommander.JCommander.parseValues(JCommander.java:725)
	at com.beust.jcommander.JCommander.parse(JCommander.java:304)
	at com.beust.jcommander.JCommander.parse(JCommander.java:287)
	at org.jf.baksmali.Main.main(Main.java:90)
/usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:19: warning: constant ::NIL is deprecated
/usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:19: warning: constant ::Data is deprecated
/usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:19: warning: constant ::TRUE is deprecated
/usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:19: warning: constant ::FALSE is deprecated
/usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:19: warning: constant ::Fixnum is deprecated
/usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:19: warning: constant ::Bignum is deprecated
Optimizing 0 methods over 0 Smali files.
Optimizations:
Exception in thread "main" com.beust.jcommander.MissingCommandException: Expected a command, got /var/folders/r5/l_1fgfmd39z6gs_6whhtd_kw0000gn/T/d20180814-2606-1po2zww
	at com.beust.jcommander.JCommander.parseValues(JCommander.java:725)
	at com.beust.jcommander.JCommander.parse(JCommander.java:304)
	at com.beust.jcommander.JCommander.parse(JCommander.java:287)
	at org.jf.smali.Main.main(Main.java:87)
Traceback (most recent call last):
	5: from /usr/local/bin/dex-oracle:23:in `<main>'
	4: from /usr/local/bin/dex-oracle:23:in `load'
	3: from /usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/bin/dex-oracle:96:in `<top (required)>'
	2: from /usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:18:in `finish'
	1: from /usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:35:in `update_apk'
/usr/local/lib/ruby/gems/2.5.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:30:in `compile': Crap, smali compilation failed. (RuntimeError)

Command failed

Android 9 emulator with root:

Optimizing 10575 methods over 1303 Smali files.
**/dex-oracle/lib/dex-oracle/driver.rb:190:in `validate_output': Command failed with 255: shell "cd /data/local/tmp; export CLASSPATH=/data/local/tmp/od.zip; app_process /system/bin org.cf.oracle.Driver @/data/local/tmp/od-targets.json"; echo $? (RuntimeError)
Output: 255
	from **/dex-oracle/lib/dex-oracle/driver.rb:208:in `drive'
	from **/dex-oracle/lib/dex-oracle/driver.rb:96:in `run_batch'
	from **/dex-oracle/lib/dex-oracle/plugin.rb:49:in `apply_batch'
	from **/dex-oracle/lib/dex-oracle/plugins/string_decryptor.rb:38:in `process'
	from **/dex-oracle/lib/oracle.rb:33:in `block (2 levels) in process_plugins'
	from **/dex-oracle/lib/oracle.rb:31:in `each'
	from **/dex-oracle/lib/oracle.rb:31:in `block in process_plugins'
	from **/dex-oracle/lib/oracle.rb:29:in `loop'
	from **/dex-oracle/lib/oracle.rb:29:in `process_plugins'
	from **/dex-oracle/lib/oracle.rb:18:in `divine'
	from ./dex-oracle/bin/dex-oracle:98:in `<main>'

Error /var/lib/gems/2.7.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:66:in `initialize': No such file or directory

Help me i have this error when i use it

dex-oracle class/a/b/c test.apk
Traceback (most recent call last):
7: from /usr/local/bin/dex-oracle:23:in <main>' 6: from /usr/local/bin/dex-oracle:23:in load'
5: from /var/lib/gems/2.7.0/gems/dex-oracle-1.0.5/bin/dex-oracle:86:in <top (required)>' 4: from /var/lib/gems/2.7.0/gems/dex-oracle-1.0.5/bin/dex-oracle:86:in new'
3: from /var/lib/gems/2.7.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:14:in initialize' 2: from /var/lib/gems/2.7.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:66:in prepare'
1: from /var/lib/gems/2.7.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:66:in open' /var/lib/gems/2.7.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:66:in initialize': No such file or directory @ rb_sysopen - class/a/b/c (Errno::ENOENT)

Getting errors in windows during rum time

i am struggling to run this program from 2 days. every time i ended with different errors so that is why i ended to post my error here

i installed dex-oracle in my Windows 10 using Git Bash and installed Ruby 2.5 from Window Installer Setup and using Android Studio AVD emulator and apk i am using from project Simplify "obfuscated-app"

com.beust.jcommander.MissingCommandException: Expected a command, got protected.apk

I am trying to deobfuscate my apk file with dex-oracle but i have this error :

dex-oracle -i com.example.client protected.apk

Exception in thread "main" com.beust.jcommander.MissingCommandException: Expected a command, got protected.apk
at com.beust.jcommander.JCommander.parseValues(JCommander.java:725)
at com.beust.jcommander.JCommander.parse(JCommander.java:304)
at com.beust.jcommander.JCommander.parse(JCommander.java:287)
at org.jf.baksmali.Main.main(Main.java:90)
internal:dir:14:in open': wrong number of arguments (given 2, expected 1) (ArgumentError) from /var/lib/gems/3.0.0/gems/dex-oracle-1.0.5/lib/oracle.rb:63:in entries'
from /var/lib/gems/3.0.0/gems/dex-oracle-1.0.5/lib/oracle.rb:63:in enumerate_files' from /var/lib/gems/3.0.0/gems/dex-oracle-1.0.5/lib/oracle.rb:75:in parse_smali'
from /var/lib/gems/3.0.0/gems/dex-oracle-1.0.5/lib/oracle.rb:9:in initialize' from /var/lib/gems/3.0.0/gems/dex-oracle-1.0.5/bin/dex-oracle:91:in new'
from /var/lib/gems/3.0.0/gems/dex-oracle-1.0.5/bin/dex-oracle:91:in <top (required)>' from /usr/local/bin/dex-oracle:25:in load'
from /usr/local/bin/dex-oracle:25:in `

Connect to emulator on different IP Address

Can I specify a different IP address to connect to like

adb connect 10.71.34.101

not exactly a dex-oracle issue

Hello,

thank you for releasing this magnificent tool!
I am trying to look into the internal logic of this app:
https://www.apk4fun.com/apk/119729/

However, while trying to deobfuscate the mentioned app using dex-oracle, I received the advice clearly seen in the picture below:

Using apktool v2.2.2: apktool d mentionedApp.apk I got the smali. The apk could be repacked without issues using apktool b.
As advised by dex-oracle, I replaced the const-string with const-string/jumbo in all smali files using:
find ./ -type f exec sed -i -e 's/cont-string/const-string\/jumbo/g' {} \;

However, the updated smali refused to rebuild to apk using apktool b. See picture below.

Any leads?

Thank you in advance.

skipping static constructor methods

for some reason when dex-oracle iterates over all class and methods and skips over
.method static constructor ()V
with all the encrypted strings in this example: 82232590e17bcd612c3871286eb24ac0e22997f42f06ec2b74f29963b5921376

if i change the method sig to .method static a(Ljava/lang/String;)Ljava/lang/String; the string decryption works,

any idea how to make dex-oracle decrypt strings in static constructor methods?

com.beust.jcommander.MissingCommandException

On executing 'dex-oracle.ruby2.1 -v my.test.apk' I'm getting:

Exception in thread "main" com.beust.jcommander.MissingCommandException: Expected a command, got my.test.apk
at com.beust.jcommander.JCommander.parseValues(JCommander.java:725)
at com.beust.jcommander.JCommander.parse(JCommander.java:304)
at com.beust.jcommander.JCommander.parse(JCommander.java:287)
at org.jf.baksmali.Main.main(Main.java:90)

Logging injection

I intend to inject logging statements into smali code like invoke-static {v1}, LLogger;->printObject(Ljava/lang/Object;)V

Will I be able to see executed logging statements on the console when I run dex-oracle command?

Windows fails to handle filenames with unicode characters

Filenames with unicode characters are completely borked.

Error looks like:

C:/repos/dex-oracle/lib/dex-oracle/smali_file.rb:42:in `read': Invalid argument @ rb_sysopen - C:/Users/devbox/AppData/Local/Temp/d20160709-1872-zlz4qx/com/android/volley/toolbox/????.smali (Errno::EINVAL)
        from C:/repos/dex-oracle/lib/dex-oracle/smali_file.rb:42:in `parse'
        from C:/repos/dex-oracle/lib/dex-oracle/smali_file.rb:21:in `initialize'
        from C:/repos/dex-oracle/lib/oracle.rb:58:in `new'
        from C:/repos/dex-oracle/lib/oracle.rb:58:in `block in parse_smali'
        from C:/repos/dex-oracle/lib/oracle.rb:58:in `each'
        from C:/repos/dex-oracle/lib/oracle.rb:58:in `parse_smali'
        from C:/repos/dex-oracle/lib/oracle.rb:9:in `initialize'
        from bin/dex-oracle:91:in `new'
        from bin/dex-oracle:91:in `<main>'

did not get warn

Hi,in your article Hacking with dex-oracle for Android Malware Deobfuscation,you get warning like:

[WARN] 2017-10-28 12:28:45: Unsuccessful status: failure for Error executing 'static java.lang.String xjmurla.gqscntaej.bfdiays.f.a(int)' with 'I:839889519'
java.lang.reflect.InvocationTargetException

But when I use exactly the same sample and command I cannot get any warning:
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Optimizing 11 methods over 23 Smali files.
Optimizations:
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Invalid date/time in zip entry
Time elapsed 1.782126245 seconds

Any tips?

dex-oracle on Windows 7 troubleshooting

Hello again. I get this when running on Windows. I know where they are located. But how to I get it to point to the right path? (Or how do I manually set the path?)

'/data/local/tmp/od-output.json' wasn't created

After experimenting a bit with versions of smali / baksmali I noticed that 2.1.3 version seems to resolve the issue #27

... but I was immediately hit with another one:

remote object '/data/local/tmp/od-output.json' does not exist
/usr/lib/ruby/2.3.0/json/common.rb:156:in 'initialize': A JSON text must at least contain two octets! (JSON:ParserError)

a lot of syntax errors

Hi caleb!,
during test i got a lot of syntax errors with program

syntax error, unexpected ')', expecting '='

exception errs are 👍
/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in require': /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/lib/dex-oracle/plugins/unreflector.rb:44: syntax error, unexpected tLPAREN_ARG, expecting keyword_do_LAMBDA or tLAMBEG (SyntaxError) CLASS_LOOKUP_MODIFIER = -> (_, output, out_reg) { "const-... ^ /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/lib/dex-oracle/plugins/unreflector.rb:44: syntax error, unexpected ')', expecting '=' ...IFIER = -> (_, output, out_reg) { "const-class #{out_reg}, #... ... ^ /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/lib/dex-oracle/plugins/unreflector.rb:44: syntax error, unexpected '}', expecting keyword_end from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'
from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/lib/dex-oracle/plugin.rb:16:in block in plugin_classes' from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/lib/dex-oracle/plugin.rb:16:ineach'
from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/lib/dex-oracle/plugin.rb:16:in plugin_classes' from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/lib/dex-oracle/plugin.rb:28:ininit_plugins'
from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/lib/oracle.rb:11:in initialize' from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/bin/dex-oracle:91:innew'
from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.4/bin/dex-oracle:91:in <top (required)>' from /usr/local/bin/dex-oracle:23:inload'
from /usr/local/bin/dex-oracle:23:in `

i'll be thankful if you check the issue.

Dockerize

The dependency on the Android emulator makes running this project a little complex. Having a docker script would make it easier for people to try the project.

Fails when input apk has special characters or space

dex-oracle/bin/dex-oracle xxx\(xxx.apk
sh: 1: Syntax error: "(" unexpected
/home/moritz/Documents/instagram/dex-oracle/lib/dex-oracle/plugin.rb:21: warning: constant ::NIL is deprecated
/home/moritz/Documents/instagram/dex-oracle/lib/dex-oracle/plugin.rb:21: warning: constant ::Data is deprecated
/home/moritz/Documents/instagram/dex-oracle/lib/dex-oracle/plugin.rb:21: warning: constant ::TRUE is deprecated
/home/moritz/Documents/instagram/dex-oracle/lib/dex-oracle/plugin.rb:21: warning: constant ::FALSE is deprecated
/home/moritz/Documents/instagram/dex-oracle/lib/dex-oracle/plugin.rb:21: warning: constant ::Fixnum is deprecated
/home/moritz/Documents/instagram/dex-oracle/lib/dex-oracle/plugin.rb:21: warning: constant ::Bignum is deprecated
Optimizing 0 methods over 0 Smali files.
Optimizations: 
Time elapsed 6.081287631 seconds

Can't run

(RuntimeError).gem/ruby/2.0.0/gems/dex-oracle-1.0.5/lib/dex-oracle/driver.rb:212:in `validate_output': app_process execution failure, output: 'Killed
0'

Android 4.4.2/Arm emu

Have a problem to use this tool.

Hi,

I want to execute dex-oracle on my mac.

I entered
dex-oracle /users/aa/bb.apk

It was looks like going well but finally it failed with..

Caused by: java.lang.NullPointerException
at com.a.b.c.d.app.util.o.aK(PG:416)
at com.a.b.c.d.app.util.r.o(PG:595)
at com.a.b.c.d.app.InstallApps.b(PG:3603)
... 7 more

Optimizations: string_decrypts=24, string_lookups=2, class_lookups=4
/Library/Ruby/Gems/2.0.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:30:in compile': Crap, smali compilation failed. (RuntimeError) from /Library/Ruby/Gems/2.0.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:35:in update_apk'
from /Library/Ruby/Gems/2.0.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:18:in finish' from /Library/Ruby/Gems/2.0.0/gems/dex-oracle-1.0.5/bin/dex-oracle:96:in <top (required)>'
from /usr/local/bin/dex-oracle:23:in load' from /usr/local/bin/dex-oracle:23:in

can you help me about this issue?

Failed to install

Hi caleb,

My dex-oracle could not work. Could you help me?
I have not idea about these msg.

$ ruby -v
ruby 2.3.0p0 (2015-12-25 revision 53290) [i386-linux-gnu]
$ gem -v
2.5.1
$ bundle install
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/..
Resolving dependencies...
Using ast 2.2.0
Using rubyzip 1.1.7
Using diff-lcs 1.2.5
Using powerpack 0.1.1
Using rainbow 2.1.0
Using rspec-support 3.4.1
Using ruby-progressbar 1.7.5
Using unicode-display_width 0.3.1
Using bundler 1.11.2
Using parser 2.3.0.6
Using dex-oracle 1.0.3 from source at `.`
Using rspec-core 3.4.2
Using rspec-expectations 3.4.0
Using rspec-mocks 3.4.1
Using rubocop 0.37.2
Using rspec-its 1.2.0
Installing rspec 3.4.0
Bundle complete! 5 Gemfile dependencies, 17 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

$ ./bin/dex-oracle 
/usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- Open3 (LoadError)
    from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /home/lai/github/dex-oracle/lib/dex-oracle/driver.rb:3:in `<top (required)>'
    from ./bin/dex-oracle:6:in `require_relative'
    from ./bin/dex-oracle:6:in `<main>'

Which version of Ruby is required?

Hi,

I'm having trouble figuring out which version of Ruby is being used to run dex-oracle. Could you help me by revealing this information?

Here's what I tried: I followed your instructions. Grabbed, installed and exported smali, baksmali, etc. I already had an AVD setup as well as the Android SDK. Here's what happened when I tried to make use of dex-oracle:

// Tried this (I have the Obad sample mentioned in the instructions):
disane@ubuntu:~/Desktop$ dex-oracle -i com/android/system/admin/CCOIoll /mnt/hgfs/VMWareShared/obad.apk 
// Uploading APK to started AVD
2982 KB/s (241347 bytes in 0.079s)
// Then an error is yielded by the Ruby interpreter:
/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugins/undexguard.rb:52: syntax error, unexpected tLPAREN_ARG, expecting keyword_do_LAMBDA or tLAMBEG (SyntaxError)
  MODIFIER = -> (_, output, out_reg) { "const-...
                 ^
/var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugins/undexguard.rb:52: syntax error, unexpected ')', expecting '='
...IFIER = -> (_, output, out_reg) { "const-string #{out_reg}, ...
...                               ^
/var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugins/undexguard.rb:52: syntax error, unexpected '}', expecting keyword_end
    from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:16:in `block in plugin_classes'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:16:in `each'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:16:in `plugin_classes'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:28:in `init_plugins'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/oracle.rb:11:in `initialize'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/bin/dex-oracle:91:in `new'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/bin/dex-oracle:91:in `<top (required)>'
    from /usr/local/bin/dex-oracle:23:in `load'
    from /usr/local/bin/dex-oracle:23:in `<main>'

Also when I tried to list all mentioned dex-oracle plugins I get the following error:

disane@ubuntu:~/Desktop$ dex-oracle --list-plugins
Available plugins:
/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugins/undexguard.rb:52: syntax error, unexpected tLPAREN_ARG, expecting keyword_do_LAMBDA or tLAMBEG (SyntaxError)
  MODIFIER = -> (_, output, out_reg) { "const-...
                 ^
/var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugins/undexguard.rb:52: syntax error, unexpected ')', expecting '='
...IFIER = -> (_, output, out_reg) { "const-string #{out_reg}, ...
...                               ^
/var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugins/undexguard.rb:52: syntax error, unexpected '}', expecting keyword_end
    from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:16:in `block in plugin_classes'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:16:in `each'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/lib/dex-oracle/plugin.rb:16:in `plugin_classes'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/bin/dex-oracle:55:in `block (2 levels) in <top (required)>'
    from /usr/lib/ruby/1.9.1/optparse.rb:1360:in `call'
    from /usr/lib/ruby/1.9.1/optparse.rb:1360:in `block in parse_in_order'
    from /usr/lib/ruby/1.9.1/optparse.rb:1347:in `catch'
    from /usr/lib/ruby/1.9.1/optparse.rb:1347:in `parse_in_order'
    from /usr/lib/ruby/1.9.1/optparse.rb:1341:in `order!'
    from /usr/lib/ruby/1.9.1/optparse.rb:1432:in `permute!'
    from /usr/lib/ruby/1.9.1/optparse.rb:1453:in `parse!'
    from /var/lib/gems/1.9.1/gems/dex-oracle-1.0.5/bin/dex-oracle:67:in `<top (required)>'
    from /usr/local/bin/dex-oracle:23:in `load'
    from /usr/local/bin/dex-oracle:23:in `<main>'

Looking at the features of the tool, it would seem useful for analyzing and RE-ing obfuscated Android Malware, but I need to know what kind of environment I need to setup to get it to work.

If the log is unreadable, I put up a copy on pastebin of both error messages:
http://pastebin.com/Y6NNg7nv

Regards,
Disane

Crap, smali compilation failed. (RuntimeError)

Hi, i got an issue. Please follow the code;

dex-oracle dex_2767.dex --disable-plugins bitwiseantiskid,stringdecryptor,undexguard,unreflector,indexedclasslookup -i '/d'

Exception in thread "main" com.beust.jcommander.MissingCommandException: Expected a command, got dex_2767.dex at com.beust.jcommander.JCommander.parseValues(JCommander.java:725) at com.beust.jcommander.JCommander.parse(JCommander.java:304) at com.beust.jcommander.JCommander.parse(JCommander.java:287) at org.jf.baksmali.Main.main(Main.java:90) Optimizing 0 methods over 0 Smali files. Optimizations: Exception in thread "main" com.beust.jcommander.MissingCommandException: Expected a command, got /var/folders/25/3661xv3s1s38s523pmbz27300000gn/T/d20190115-6948-1rg4wpm at com.beust.jcommander.JCommander.parseValues(JCommander.java:725) at com.beust.jcommander.JCommander.parse(JCommander.java:304) at com.beust.jcommander.JCommander.parse(JCommander.java:287) at org.jf.smali.Main.main(Main.java:87) /Users/uceka/.rvm/gems/ruby-2.3.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:30:incompile': Crap, smali compilation failed. (RuntimeError)
from /Users/uceka/.rvm/gems/ruby-2.3.0/gems/dex-oracle-1.0.5/lib/dex-oracle/smali_input.rb:19:in finish' from /Users/uceka/.rvm/gems/ruby-2.3.0/gems/dex-oracle-1.0.5/bin/dex-oracle:96:in <top (required)>'
from /Users/uceka/.rvm/gems/ruby-2.3.0/bin/dex-oracle:23:in load' from /Users/uceka/.rvm/gems/ruby-2.3.0/bin/dex-oracle:23:in

'
from /Users/uceka/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in eval' from /Users/uceka/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in '

Coud not work in MacOS

bin@localhost dex-oracle$ uname -v
Darwin Kernel Version 15.5.0: Tue Apr 19 18:36:36 PDT 2016; root:xnu-3248.50.21~8/RELEASE_X86_64
bin@localhost dex-oracle$ ruby -v
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15]
bin@localhost dex-oracle$ gem -v
2.5.1

AVD 4.4.2
dx 19.1.0

$ ./bin/dex-oracle  -i com/android/system/admin/CCOIoll obad.apk
/Users/bin/Project/dex-oracle/lib/dex-oracle/plugin.rb:19: warning: constant Kernel::TimeoutError is deprecated
Optimizing 0 methods over 58 Smali files.
Optimizations: 
Time elapsed 16.548851 seconds

Remove dexmerge

Right now, dex-oracle merges the target dex and the driver dex. Then, the driver is invoked from the command line and executed with some arguments. This is silly and I'm not sure why I did it this way. I think it was because dexmerge was such a cool idea. But it causes a lot of problems, see #16, but in general the problems are that dex files are really big now and sometimes can't be merged because the dex format doesn't support that many strings, etc.

Should change so that driver and target dex are separate. Driver should dynamically load a target dex and invoke stuff with reflection. Should be a fairly small change. Would reduce complexity and improve robustness.

bytes encrypt not work

    try {
            StringBuilder stringBuilder = new StringBuilder();
            stringBuilder.append(Environment.getExternalStorageDirectory().getAbsolutePath());
            stringBuilder.append(File.separator);
            byte[] bArr = new byte[]{(byte) 116, (byte) 24, (byte) 65, (byte) 77, (byte) 86, (byte) 78, (byte) 90};
            OooOO0OO.OooOOoo0oo(new byte[]{(byte) 2, (byte) 84, (byte) 4, (byte) 1, (byte) 11, (byte) 91}, "7a262c");
            OooOO0OO.OooOOoo0oo(bArr, "556798");
            stringBuilder.append("A-wzovo");
            stringBuilder.append(File.separator);
            byte[] bArr2 = new byte[]{(byte) 112, (byte) 85, (byte) 90, (byte) 85, (byte) 82, (byte) 99, (byte) 93, (byte) 75, (byte) 81};
            OooOO0OO.OooOOoo0oo(new byte[]{(byte) 11, (byte) 14, (byte) 13, (byte) 15, (byte) 95, (byte) 87}, "9789fc");
            OooOO0OO.OooOOoo0oo(bArr2, "295694");
            stringBuilder.append("BlockWord");
            FileUtils.fileWrite(stringBuilder.toString(), this.editBlockWord.getText().toString());
            stringBuilder = new StringBuilder();
            stringBuilder.append(Environment.getExternalStorageDirectory().getAbsolutePath());
            stringBuilder.append(File.separator);
            bArr = new byte[]{(byte) 36, (byte) 27, (byte) 69, (byte) 73, (byte) 90, (byte) 21, (byte) 10};
            OooOO0OO.OooOOoo0oo(new byte[]{(byte) 82, (byte) 2, (byte) 6, (byte) 87, (byte) 83, (byte) 1}, "744dfb");
            OooOO0OO.OooOOoo0oo(bArr, "e6235c");
            stringBuilder.append("A-wzovo");
            stringBuilder.append(File.separator);
            bArr = new byte[]{(byte) 35, (byte) 67, (byte) 67, (byte) 13, TarConstants.LF_FIFO};
            OooOO0OO.OooOOoo0oo(new byte[]{(byte) 7, (byte) 1, (byte) 4, (byte) 7, (byte) 0, (byte) 0}, "e73ed3");
            OooOO0OO.OooOOoo0oo(bArr, "b67bd3");
            stringBuilder.append("AutoR");
            FileUtils.fileWrite(stringBuilder.toString(), this.editAutoR.getText().toString());
            byte[] bArr3 = new byte[]{(byte) -43, (byte) -34, (byte) -4, (byte) -36, (byte) -50, (byte) -81, (byte) -41, (byte) -23, (byte) -15, (byte) -36, (byte) -23, (byte) -88};
            OooOO0OO.OooOOoo0oo(new byte[]{(byte) 4, (byte) 83, (byte) 81, (byte) 0, (byte) 0, (byte) 81}, "5209cf");
            Toast.makeText(this, OooOO0OO.OooOOoo0oo(bArr3, "1aa9c7"), 0).show();
        } catch (Exception e) {
            e.printStackTrace();
            Toast.makeText(this, OooOO0OO.OooOOoo0oo(new byte[]{(byte) 0, (byte) 14, (byte) 83, (byte) 86, (byte) 6, (byte) 3}, OooOO0OO.OooOOoo0oo(new byte[]{(byte) 0, (byte) 14, (byte) 83, (byte) 86, (byte) 6, (byte) 3}, "27bc1f")), 0).show();
        }


public class OooOO0OO {
    public static byte[] encode(byte[] bytes, String key) {
        int len = bytes.length;
        int keyLen = key.length();
        for (int i = 0; i < len; i++) {
            bytes[i] = (byte) (bytes[i] ^ key.charAt(i % keyLen));
        }
        return bytes;
    }

    public static String OooOOoo0oo(byte[] bytes, String key) {
        int len = bytes.length;
        int keyLen = key.length();
        for (int i = 0; i < len; i++) {
            bytes[i] = (byte) (bytes[i] ^ key.charAt(i % keyLen));
        }
        return new String(bytes);
    }
}