-
Notifications
You must be signed in to change notification settings - Fork 23
Home
LaurieWired edited this page Jun 29, 2024
·
1 revision
BadUnboxing is an automated Android packer. It works by locating and decompiling code inside the APK that is relevant to the unpacking process. It detects packing by finding classes declared within the AndroidManfest that do not exist on disk. It also discovers calls to common ClassLoaders inside of Java code. Once BadUnboxing detects packing, it automatically generates a new Java application based on the decompiled code. This new application can be executed to drop dynamic unpacked artifacts to disk.
- Avoids reliance on Android emulators
- Works completely packer-agnostic
- Automatic custom decryptor generator
- Recursive reflection removal
- Replacement of Android-specific API invocations
- Java and native packing detection
- Locates usage of common ClassLoaders
- Creates list of packed classes
- Renames identifiers to unique names
- Inserts BadUnboxing comments specifying modifications to each line
- Locates Application Subclass and turns it into the main class for the application
- Turns attachBaseContext method into main method of new app
- Finds all referenced classes and adds to list for processing
- Renames classes, methods, and variables to unique identifiers
- Decompiles relevant code
- Processes and removes Android imports
- Replaces Android API calls with equivalent Java code
- Example: getPackageName() is replaces with the string literal of the package
- Replaces calls to DexClassLoader with console printing the target directory
- Recursively removes reflective calls
- Generates modified relevant classes
- Opens new app in BadUnboxing code explorer window
BadUnboxing uses the JADX API on the backend for decompilation of the sample. That means that if you have previously opened this file in JADX, the cache will be used and BadUnboxing will execute faster.