After analyzing the container implementations of some of the repackaged APKs with protection,
I found that they use a combination of techniques for sophisticated protection implementation,
As a result they always use "Hybrids" and advanced versions of anti-debugging.
"Using this POC, we were able to effectively extract the full decrypted DEX file from the memory of the running APK protected by the protection". This method has a 100% success rate as the DEX file must remain fully readable in memory during the decryption and class loading phases.
#note
For Android application developers, we propose the following protection suggestions, which can effectively improve application security, even when commercial protection solutions...
Secure Design:
Adopt the principle of least privilege
Implement a layered defense strategy
Avoid hard-coding sensitive information
Use strong encryption algorithms
Code Protection:
Use multiple levels of obfuscation
Native implementation of key logic
Application Code Virtualization
Dynamic code generation and execution
Runtime Protection:
Implement multi-level integrity verification
Implement advanced anti-debugging techniques
Use memory protection technology
Implement API hook detection
Remote Authentication:
Remote security verification
Dynamic policy delivery
Detect abnormal behavior
Remote authorization for critical operations
By combining these technologies, application security can be effectively enhanced even in the face of sophisticated reverse engineering and hacking techniques.
Written by @Qwanwin
I found that they use a combination of techniques for sophisticated protection implementation,
As a result they always use "Hybrids" and advanced versions of anti-debugging.
"Using this POC, we were able to effectively extract the full decrypted DEX file from the memory of the running APK protected by the protection". This method has a 100% success rate as the DEX file must remain fully readable in memory during the decryption and class loading phases.
#note
For Android application developers, we propose the following protection suggestions, which can effectively improve application security, even when commercial protection solutions...
Secure Design:
Adopt the principle of least privilege
Implement a layered defense strategy
Avoid hard-coding sensitive information
Use strong encryption algorithms
Code Protection:
Use multiple levels of obfuscation
Native implementation of key logic
Application Code Virtualization
Dynamic code generation and execution
Runtime Protection:
Implement multi-level integrity verification
Implement advanced anti-debugging techniques
Use memory protection technology
Implement API hook detection
Remote Authentication:
Remote security verification
Dynamic policy delivery
Detect abnormal behavior
Remote authorization for critical operations
By combining these technologies, application security can be effectively enhanced even in the face of sophisticated reverse engineering and hacking techniques.
Written by @Qwanwin
π3β€2
AndrolineHook v1.0
Yo what's up! Just dropped a sick library for Android memory mods! AndrolineHook - lightweight tool for all you game/app modding enthusiasts π₯
Cool stuff inside:
Runtime lib detection
Easy memory patching
Auto backup/restore
Perfect for:
β’ Game modding
β’ Application Modding
β’ Security testing
β’ Learning & research
β’ Experimental stuff
Source code is open guys, check it out:
https://github.com/Qwanwin/AndrolineHook
Join the community for updates & chat:
@Qwanwin
Share with your modding buddies! π
#Android #OpenSource
Yo what's up! Just dropped a sick library for Android memory mods! AndrolineHook - lightweight tool for all you game/app modding enthusiasts π₯
Cool stuff inside:
Runtime lib detection
Easy memory patching
Auto backup/restore
Perfect for:
β’ Game modding
β’ Application Modding
β’ Security testing
β’ Learning & research
β’ Experimental stuff
Source code is open guys, check it out:
https://github.com/Qwanwin/AndrolineHook
Join the community for updates & chat:
@Qwanwin
Share with your modding buddies! π
#Android #OpenSource
GitHub
GitHub - Qwanwin/AndrolineHook: AndrolineHook is a lightweight C++ library for runtime memory hooking and patching in Android apps.β¦
AndrolineHook is a lightweight C++ library for runtime memory hooking and patching in Android apps. It supports library detection, offset modification, and original byte restoration. - Qwanwin/Andr...
π₯8π2π1π1
Codex
AndrolineHook v1.0 Yo what's up! Just dropped a sick library for Android memory mods! AndrolineHook - lightweight tool for all you game/app modding enthusiasts π₯ Cool stuff inside: Runtime lib detection Easy memory patching Auto backup/restore Perfectβ¦
For the next version, maybe I will upgrade dlopen() and add other features for stability and more complex use. Wait for further news.π
β€3π₯2π1
π₯ AndrolineHook v0.2.0 Release! π₯
After a process that made my brain quite dizzy, finally the AndrolineHook update
is ready for you to try! This update brings many cool features that make
modding easier and more powerful π
β¨ What's New:
βββββββββββββββ
β’ More powerful pattern scanning system
β’ Safer & faster memory operations
β’ Stronger symbol resolve
β’ Smarter library handling
πͺ Improvement:
βββββββββββββββ
β’ More optimal error handling
β’ Performance upgrade
β’ Support for multiple library paths
β’ More optimal memory protection
π₯ Download:
βββββββββββββββ
https://github.com/Qwanwin/AndrolineHook/releases
Let's push modding to the next level! Drop your feedback in the comments
or directly on GitHub! Stay awesome! π₯
Share with your modding buddies! π
#Android #OpenSource #AndroHook
After a process that made my brain quite dizzy, finally the AndrolineHook update
is ready for you to try! This update brings many cool features that make
modding easier and more powerful π
β¨ What's New:
βββββββββββββββ
β’ More powerful pattern scanning system
β’ Safer & faster memory operations
β’ Stronger symbol resolve
β’ Smarter library handling
πͺ Improvement:
βββββββββββββββ
β’ More optimal error handling
β’ Performance upgrade
β’ Support for multiple library paths
β’ More optimal memory protection
π₯ Download:
βββββββββββββββ
https://github.com/Qwanwin/AndrolineHook/releases
Let's push modding to the next level! Drop your feedback in the comments
or directly on GitHub! Stay awesome! π₯
Share with your modding buddies! π
#Android #OpenSource #AndroHook
GitHub
Releases Β· Qwanwin/AndrolineHook
AndrolineHook is a lightweight C++ library for runtime memory hooking and patching in Android apps. It supports library detection, offset modification, and original byte restoration. - Qwanwin/Andr...
π₯7β€2π2π1π₯°1π1
π ANDROID SECURITY DETECTOR
Hey Developers! π
Latest security solution for your Android applications is now available!
β¨ What's New:
βββββββββββββββ
β’ Latest Root Detection System
β’ Super Secure Network Security
β’ Anti-Hook System
β’ Real-time Protection
π― Perfect For:
βββββββββββββββ
β’ Personal Projects
β’ Commercial Applications
β’ System Development
β’ Framework Integration
β‘ Features:
βββββββββββββββ
β’ Magisk & KernelSU Detection
β’ VPN Analysis
β’ System Check
β’ Anti Emulator
β’ Native Code Protection
π₯ Download:
βββββββββββββββ
[https://github.com/Qwanwin/Detector]
Share with other developers π
#Android #OpenSource #Dev
Hey Developers! π
Latest security solution for your Android applications is now available!
β¨ What's New:
βββββββββββββββ
β’ Latest Root Detection System
β’ Super Secure Network Security
β’ Anti-Hook System
β’ Real-time Protection
π― Perfect For:
βββββββββββββββ
β’ Personal Projects
β’ Commercial Applications
β’ System Development
β’ Framework Integration
β‘ Features:
βββββββββββββββ
β’ Magisk & KernelSU Detection
β’ VPN Analysis
β’ System Check
β’ Anti Emulator
β’ Native Code Protection
π₯ Download:
βββββββββββββββ
[https://github.com/Qwanwin/Detector]
Share with other developers π
#Android #OpenSource #Dev
GitHub
GitHub - Qwanwin/Detector: Advanced security library to protect Android applications from various forms of threats and unauthorizedβ¦
Advanced security library to protect Android applications from various forms of threats and unauthorized modifications. - Qwanwin/Detector
β€7π₯3π2
PineHookGenerator.apk
2.6 MB
π PineGenerator is now ready to use!
This application allows you to easily hook methods in other applications. With an intuitive interface, you can configure method replacements, pre-call and post-call hooks, as well as modify parameters and return values.
Check for ui β
https://t.me/codex4444/243
### Description:
- Simple and user-friendly interface.
- Supports
- Dynamically generates Java code based on user input.
Feel free to try it out and provide your feedback! π
Made by @Qwanwin
This application allows you to easily hook methods in other applications. With an intuitive interface, you can configure method replacements, pre-call and post-call hooks, as well as modify parameters and return values.
Check for ui β
https://t.me/codex4444/243
### Description:
- Simple and user-friendly interface.
- Supports
Before Call, After Call, and Method Replacement.- Dynamically generates Java code based on user input.
Feel free to try it out and provide your feedback! π
Made by @Qwanwin
β€14π₯4π€―2
π’ Androline v0.3.0 Released! π
Excited to share the latest Androline, a native Android library for powerful memory manipulation, scanning, and library patching! Version 0.3.0 is packed with new features and fixes to level up your Android dev game.β¨
Whatβs New:
π String obfuscation for top-notch security
𧡠Thread-safe operations with std::mutex
β‘ Memory region caching for blazing-fast scanning
π Original bytes storage for reversible patching
π Robust library loading with robustDlopen & findLibraryPath
π Unique logging tags for easy debugging
π± Full support for arm64-v8a, armeabi-v7a, x86
π Fixed:
β getpagesize & std::map errors
β fixed bug
β findLibraryPath issues in SymbolResolver
π» Try It:
Share with your modding buddies! π
π Source & Download: [ Click Link]
π§Example Use : [ Click Link]
π Docs: [README.md]
π¬ Got ideas or issues? Join us on GitHub!
Excited to share the latest Androline, a native Android library for powerful memory manipulation, scanning, and library patching! Version 0.3.0 is packed with new features and fixes to level up your Android dev game.β¨
Whatβs New:
π String obfuscation for top-notch security
𧡠Thread-safe operations with std::mutex
β‘ Memory region caching for blazing-fast scanning
π Original bytes storage for reversible patching
π Robust library loading with robustDlopen & findLibraryPath
π Unique logging tags for easy debugging
π± Full support for arm64-v8a, armeabi-v7a, x86
π Fixed:
β getpagesize & std::map errors
β fixed bug
β findLibraryPath issues in SymbolResolver
π» Try It:
#include "AndroHook.hpp"
const char* libName = OBFUSCATE("libtarget.so");
std::string path = Androline::Memory::findLibraryPath(libName);
ANDROHOOK("0x1234", "9090");
Share with your modding buddies! π
π Source & Download: [ Click Link]
π§Example Use : [ Click Link]
π Docs: [README.md]
π¬ Got ideas or issues? Join us on GitHub!
π₯13π€―1
Media is too big
VIEW IN TELEGRAM
How to Add Hook app π
NB "This is just an example, don't use it as a benchmark for your application. Each application has a different way of using it."
NB "This is just an example, don't use it as a benchmark for your application. Each application has a different way of using it."
π₯7π3
π₯ New Release: PLTHook - Your Android Hooking Companion!
Hey devs! π Just dropped a super handy library for hooking functions on Android: PLTHook!
It's perfect for dynamically replacing function implementations within shared libraries. Think of it like magic, but code. β¨
Key Features:
* Supports arm32 & arm64
* Easy-to-use API
* Restore original functions seamlessly
* Safe GOT modifications with
Ready to level up your Android skills? π
β‘οΈ GitHub: [https://github.com/Qwanwin/PLTHook]
#AndroidDev #PLTHook #Hooking
Hey devs! π Just dropped a super handy library for hooking functions on Android: PLTHook!
It's perfect for dynamically replacing function implementations within shared libraries. Think of it like magic, but code. β¨
Key Features:
* Supports arm32 & arm64
* Easy-to-use API
* Restore original functions seamlessly
* Safe GOT modifications with
mprotectReady to level up your Android skills? π
β‘οΈ GitHub: [https://github.com/Qwanwin/PLTHook]
#AndroidDev #PLTHook #Hooking
1β€6π4π₯1π€―1π1
π AndrolineHook v0.4.0 Released!
π¦ Overall Update
β‘ Efficiency
Pattern scanning now uses Boyer-Moore algorithm β much faster performance!
Optimized for applications with large library address spaces.
π§ New Features
Added ptrace fallback (works even under strict SELinux).
Added manualElfOpen to handle dlopen failures manually.
π Compatibility
Fully supports 32-bit & 64-bit (ARM/ARM64).
Compatible across many Android versions & devices.
π Security
Stricter input validation.
Improved logging for easier debugging & better stability.
π― Flexibility
Supports library filtering during pattern scanning.
Full manual ELF loading for advanced dev control.
π Download:
π https://github.com/Qwanwin/AndrolineHook/releases/tag/v0.4.0
π¦ Overall Update
β‘ Efficiency
Pattern scanning now uses Boyer-Moore algorithm β much faster performance!
Optimized for applications with large library address spaces.
π§ New Features
Added ptrace fallback (works even under strict SELinux).
Added manualElfOpen to handle dlopen failures manually.
π Compatibility
Fully supports 32-bit & 64-bit (ARM/ARM64).
Compatible across many Android versions & devices.
π Security
Stricter input validation.
Improved logging for easier debugging & better stability.
π― Flexibility
Supports library filtering during pattern scanning.
Full manual ELF loading for advanced dev control.
π Download:
π https://github.com/Qwanwin/AndrolineHook/releases/tag/v0.4.0
GitHub
Release v0.4.0 Β· Qwanwin/AndrolineHook
π¦ Overall Update
β‘ Efficiency
Pattern scanning now utilizes the Boyer-Moore algorithm for significantly faster performance.
Optimized for applications with large library address spaces.
π§ New Fea...
β‘ Efficiency
Pattern scanning now utilizes the Boyer-Moore algorithm for significantly faster performance.
Optimized for applications with large library address spaces.
π§ New Fea...
1π₯8β€4
Forwarded from Fly Dragon Fly
Reverse Engineering IDA For Beginners.7z
265.7 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
Reverse Engineering Frida for Beginners.7z
413.1 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯7β€3π2
obfuscate.hpp
4.4 KB
π‘οΈ Native String Obfuscator
Ready to Use! π₯
you can obfuscate all const char* strings in C++ (NDK) safely and easily π₯
No more leaking your strings through strings lib.so or static analysis tools! βΌοΈ
β Compile-time XOR
β Auto-decrypts at runtime
β No performance impact
β Safe offset patching, and more
β Simple macro
OBFUSCATE("String") β store encrypted string
DEOBF("String") β use as const char*
DEOBFSTR("string") β use as std::string
Semple
Header-only, just
#include "obfuscate.hpp" and you're done!
Author: @Qwanwin
Ready to Use! π₯
you can obfuscate all const char* strings in C++ (NDK) safely and easily π₯
No more leaking your strings through strings lib.so or static analysis tools! βΌοΈ
β Compile-time XOR
β Auto-decrypts at runtime
β No performance impact
β Safe offset patching, and more
β Simple macro
OBFUSCATE("String") β store encrypted string
DEOBF("String") β use as const char*
DEOBFSTR("string") β use as std::string
Semple
void log(const char* str) {
printf("[Log] %s\n", str);
}
log(DEOBF("Status OK"));Header-only, just
#include "obfuscate.hpp" and you're done!
Author: @Qwanwin
π₯6π3β€2π1