Skip to content

Latest commit

 

History

History
96 lines (65 loc) · 2.63 KB

README.md

File metadata and controls

96 lines (65 loc) · 2.63 KB

Paranoid/LSParanoid deobfuscator

PyPI - Version

Note

Only compatible with Paranoid v0.3.0+ (released in 25 Jan 2020)

A script to deobfuscate apps obfuscated with Paranoid/LSParanoid to help you with static analysis.

Before After
Before After

Installation

Using pip

pip install paranoid-deobfuscator

Using pipx

pipx install paranoid-deobfuscator

Usage

$ paranoid-deobfuscator --help

Usage: paranoid-deobfuscator [OPTIONS] COMMAND [ARGS]...

Options:
  -v, --verbose  Enables verbose mode
  --help         Show this message and exit.

Commands:
  deobfuscate  Deobfuscate a paranoid obfuscated APK smali files
  helpers      Helper commands
$ paranoid-deobfuscator deobfuscate --help

Usage: paranoid-deobfuscator deobfuscate [OPTIONS] TARGET

  Deobfuscate a paranoid obfuscated APK smali files

Options:
  --help  Show this message and exit.
$ paranoid-deobfuscator helpers --help

Usage: paranoid-deobfuscator helpers [OPTIONS] COMMAND [ARGS]...

  Helper commands

Options:
  --help  Show this message and exit.

Commands:
  deobfuscate-string  Deobfuscate a string using extracted chunks
  extract-chunks      Save the chunks from a paranoid obfuscated APK
  extract-strings     Extracts the strings from a paranoid obfuscated APK

APK file (using Apktool)

  1. Decode .apk file: apktool d app.apk
  2. Run deobfuscator: paranoid-deobfuscator deobfuscate app
  3. Build: apktool b app

DEX file (using smali)

  1. Disassemble .dex file: baksmali d classes.dex
  2. Run deobfuscator: paranoid-deobfuscator deobfuscate out
  3. Assemble: smali a out