{"id":2296,"date":"2019-05-17T13:42:17","date_gmt":"2019-05-17T21:42:17","guid":{"rendered":"https:\/\/www.pnfsoftware.com\/blog\/?p=2296"},"modified":"2020-03-03T08:57:19","modified_gmt":"2020-03-03T16:57:19","slug":"new-version-of-androsig","status":"publish","type":"post","link":"https:\/\/www.pnfsoftware.com\/blog\/new-version-of-androsig\/","title":{"rendered":"New version of Androsig"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">This post is a follow-up on a <a href=\"https:\/\/www.pnfsoftware.com\/blog\/jeb-library-code-matching-for-android\/\">previous article<\/a>: we have updated the <a href=\"https:\/\/github.com\/pnfsoftware\/jeb2-androsig\/\">Androsig plugin<\/a> and the pre-generated set of library signatures.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Reminder: Androsig is a JEB plugin used to <strong>sign and match library code for Android applications<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The purpose of the plugin is to help deobfuscate lightly-obfuscated applications that perform name mangling  and hierarchy flattening  (such as Proguard and other common Java and Dalvik protectors). <strong>Using  our collection of signatures for common libraries, library code can be recognized; methods and classes can be renamed; package  hierarchies can be rebuilt<\/strong>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Examples<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Below, an example of what that looks like on a test app:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"693\" height=\"729\" src=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/obfuscated_jeb_test_file.png\" alt=\"\" class=\"wp-image-2628\" srcset=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/obfuscated_jeb_test_file.png 693w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/obfuscated_jeb_test_file-285x300.png 285w\" sizes=\"auto, (max-width: 693px) 100vw, 693px\" \/><figcaption>Matched libraries on a sample app bundling the Android Support package<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Another example: running Androsig on a large app (<a href=\"https:\/\/apkpure.com\/vidmate-downloader-hd-live-tv\/com.nemo.vidmate\">Vidmate 4.0809<\/a>), see the reconstructed glide\/&#8230; sub-packages below:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"703\" src=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/obfuscated_vidmate_before_after-1024x703.png\" alt=\"\" class=\"wp-image-2626\" srcset=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/obfuscated_vidmate_before_after-1024x703.png 1024w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/obfuscated_vidmate_before_after-300x206.png 300w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/obfuscated_vidmate_before_after-768x527.png 768w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/obfuscated_vidmate_before_after.png 1240w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>Matched libraries on a PlayStore app<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Installation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">1) Download the latest version of the compiled binary plugin&nbsp;and drop it into the JEB coreplugins\/ folder. If you are running JEB 3.4+, the plugin should come bundled with your .<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Link: <strong><a href=\"https:\/\/github.com\/pnfsoftware\/jeb2-androsig\/tree\/master\/out\">JebAndroidSigPlugin-1.1.x.jar<\/a><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This single JAR offers two plugin entry-points, as can be seen in the picture below:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"973\" height=\"576\" src=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/jeb_menu_plugin_android_code_recognition.png\" alt=\"\" class=\"wp-image-2629\" srcset=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/jeb_menu_plugin_android_code_recognition.png 973w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/jeb_menu_plugin_android_code_recognition-300x178.png 300w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2019\/05\/jeb_menu_plugin_android_code_recognition-768x455.png 768w\" sizes=\"auto, (max-width: 973px) 100vw, 973px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">2) Then download and extract the latest signatures package to your [JEB]\/coreplugins\/android_sigs\/ folder. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Link: <strong><a href=\"https:\/\/s3-us-west-2.amazonaws.com\/jebdecompiler2\/androsig_1.1_db_20190515.zip\">androsig_1.1_db_20190515.zip<\/a><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The user interface was unchanged so you can refer to previous article for matching, generating, results and parameters.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post is a follow-up on a previous article: we have updated the Androsig plugin and the pre-generated set of library signatures. Reminder: Androsig is a JEB plugin used to sign and match library code for Android applications. The purpose of the plugin is to help deobfuscate lightly-obfuscated applications that perform name mangling and hierarchy &hellip; <a href=\"https:\/\/www.pnfsoftware.com\/blog\/new-version-of-androsig\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">New version of Androsig<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,18],"tags":[],"class_list":["post-2296","post","type-post","status-publish","format-standard","hentry","category-android","category-jeb3"],"_links":{"self":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/2296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/comments?post=2296"}],"version-history":[{"count":0,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/2296\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/media?parent=2296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/categories?post=2296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/tags?post=2296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}