A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and show important info such as class interfaces and members, dex counts and dependencies. ClassyShark supports multiple formats including libraries (.dex, .aar, .so), executables (.apk, .jar, .class) and all Android binary XMLs: AndroidManifest, resources, layouts etc. Useful links: - User guide - Command-line reference - Gradle sample - Vision and Strategy Download: To run, grab the latest JAR and run java -jar ClassyShark.jar. Export data in text format Exporter API finder 🚧 work in progress Develop: - Clone the repo - Open in your favorite IDE/editor - Build options: IntelliJ - builds automatically when exporting the project - Gradle script RetroBuild Arch Linux: If you're running Arch Linux you can install the latest prebuilt jar from the AUR. Dependencies: - dexlib2 by jesusfreke - guava by Google - ASM by OW2 - ASMDEX by OW2 - java-binutils by jawi - BCEL by Apache Support: If you've found an error, please file an issue: https://github.com/google/android-classyshark/issues Patches are encouraged, and may be submitted by forking this project and submitting a pull re
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
Generates a YARA rule to match basic blocks of the current function in IDA Pro
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A 32-bit assembler level analyzing debugger for Microsoft Windows.
Generate Yara rules from function basic blocks in x64dbg.
Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.