davinci1012 / pinduoduo_backdoor_unpacker Goto Github PK
View Code? Open in Web Editor NEWSamples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo
Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo
v6 files do not unpack properly. They are XORing the opcodes.
大佬,我发现samples文件夹里的许多包名下的nw0.bin文件在apk里面是找不到的,请问是从哪里拿到的呢?
说不要学习,你还公布出来。有何居心?
有大佬指点一下吗
app_mango目录里面的配置文件有人分享一下吗?
-- Removed --
感谢楼下大佬指正,安全意识还是欠缺。
rt
RT
macos@macos nw0 % /usr/bin/python3 run.py nw0.bin ./output
input file: nw0.bin, output dir: ./output
use xorkey = ['0xec9b75bf', '0xec2fa4dc', '0x51be5a72', '0xeaac64d3']
engine flag: 0x0 0x0 0x2d
55228
string size: 0x288 total: 0x39a1
40470
constant size: 0xbb total: 0x3ab
39526
37539
parse 0x75 field
35809
parse 0xf7 method
15918
dex size: 0x3e04
0
sh: /Users/macos/dex-tools-2.1/d2j-dex2jar.sh: No such file or directory
unzip: cannot find or open ../fake-dex2jar.jar, ../fake-dex2jar.jar.zip or ../fake-dex2jar.jar.ZIP.
rm: ../fake-dex2jar.jar: No such file or directory
parse com/xunmeng/nvwavm/Module
compile com/xunmeng/nvwavm/Module fail
bash: krak2: command not found
parse com/google/devtools/build/android/desugar/runtime/ThrowableExtension
compile com/google/devtools/build/android/desugar/runtime/ThrowableExtension fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/SignatureDt$SignatureConf
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/SignatureDt$SignatureConf fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/R$string
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/R$string fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/utils/DtUtils
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/utils/DtUtils fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EmulatorDt$1
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EmulatorDt$1 fail
bash: krak2: command not found
parse com/google/devtools/build/android/desugar/runtime/ThrowableExtension$MimicDesugaringStrategy
compile com/google/devtools/build/android/desugar/runtime/ThrowableExtension$MimicDesugaringStrategy fail
bash: krak2: command not found
parse com/google/devtools/build/android/desugar/runtime/ThrowableExtension$AbstractDesugaringStrategy
compile com/google/devtools/build/android/desugar/runtime/ThrowableExtension$AbstractDesugaringStrategy fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/DebuggableDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/DebuggableDt fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EnvDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EnvDt fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/Main
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/Main fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EnvDtManager$EnvDtConf
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EnvDtManager$EnvDtConf fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/SeparationDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/SeparationDt fail
bash: krak2: command not found
parse com/google/devtools/build/android/desugar/runtime/ThrowableExtension$ConcurrentWeakIdentityHashMap
compile com/google/devtools/build/android/desugar/runtime/ThrowableExtension$ConcurrentWeakIdentityHashMap fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/RootDt$RootConf
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/RootDt$RootConf fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/R
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/R fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/Init
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/Init fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/AppDebuggableDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/AppDebuggableDt fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/RootDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/RootDt fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/SignatureDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/SignatureDt fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/NRogueDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/NRogueDt fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EnvDtManager
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EnvDtManager fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/DtRet
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/DtRet fail
bash: krak2: command not found
parse com/google/devtools/build/android/desugar/runtime/ThrowableExtension$NullDesugaringStrategy
compile com/google/devtools/build/android/desugar/runtime/ThrowableExtension$NullDesugaringStrategy fail
bash: krak2: command not found
parse com/google/devtools/build/android/desugar/runtime/ThrowableExtension$ConcurrentWeakIdentityHashMap$WeakKey
compile com/google/devtools/build/android/desugar/runtime/ThrowableExtension$ConcurrentWeakIdentityHashMap$WeakKey fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/utils/RpUtils
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/utils/RpUtils fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/SecBaseService
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/SecBaseService fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/JRogueDt$JRogueConf
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/JRogueDt$JRogueConf fail
bash: krak2: command not found
parse com/google/devtools/build/android/desugar/runtime/ThrowableExtension$ReuseDesugaringStrategy
compile com/google/devtools/build/android/desugar/runtime/ThrowableExtension$ReuseDesugaringStrategy fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EmulatorDt$EmtConf
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EmulatorDt$EmtConf fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/JRogueDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/JRogueDt fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EmulatorDt
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/EmulatorDt fail
bash: krak2: command not found
parse com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/NRogueDt$NRogueConf
compile com/xunmeng/pinduoduo/cs/sec/plg/bsd/env/NRogueDt$NRogueConf fail
bash: krak2: command not found
macos@macos nw0 %
都默默不说是吧
脱壳貌似拖出来的部分代码方法缺少初始参数,希望大哥能修一下,谢谢大哥
Scan
请问share.pkg_list_for_dynamic_app_id中的配置项就是https://github.com/davinci1010/pinduoduo_backdoor中说的动态下发的DEX吗?
使用nvwa_unpacker脱壳机脱壳后,文件后缀为.j, 看起来像是smali, 但也不是标准的smali, 请问这些文件怎么处理? 能转成.java文件吗?
`
.version 50 0
.class public super com/xunmeng/pinduoduo/alive/unify/ability/dynamic/abilities/dataCollect/collectors/XmVoiceAssistantUsageCollector
.super java/lang/Object
.implements com/xunmeng/pinduoduo/alive/unify/ability/dynamic/abilities/dataCollect/ability/IDataCollector
.field public static TAG Ljava/lang/String;
.field public static CONFIG_KEY_COLLECTOR Ljava/lang/String;
.field public static AB_KEY_TRACK Ljava/lang/String;
.field public static KEY_LAST_FAILURE_COLLECT_TIME Ljava/lang/String;
.field public static KEY_LAST_SUCCESS_COLLECT_TIME Ljava/lang/String;
.field public static FILE_PATH Ljava/lang/String;
.field public collectRecordKV Lcom/xunmeng/pinduoduo/alive/strategy/interfaces/adapter/intf/IMMKV;
.method public : ()V
.code stack 3 locals 1
L_0: aload 0
L_1: ldc "LVUA.XmVoiceAssistantUsageCollector"
L_2: ldc 0
L_3: invokestatic Method com/xunmeng/pinduoduo/alive/strategy/interfaces/adapter/proxy/MMKVCompat module (Ljava/lang/String;Z)Lcom/xunmeng/pinduoduo/alive/strategy/interfaces/adapter/intf/IMMKV;
L_4: putfield Field com/xunmeng/pinduoduo/alive/unify/ability/dynamic/abilities/dataCollect/collectors/XmVoiceAssistantUsageCollector collectRecordKV Lcom/xunmeng/pinduoduo/alive/strategy/interfaces/adapter/intf/IMMKV;
L_5: return
.end code
.end method
`
成功获取到代码,但是我看没人放出来呢,是不是都怕被盯上?
$FF: Couldn't be decompiled
请教大神PDD 提权是怎么触发的。现在试了下PDD并不是装上去就立即提权了,需要啥触发条件?
求加邮箱交流;[email protected]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.