APKiD Versions Save
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
v2.1.5
9 months agoThe following SDK got improvements, rules and fixes:
- Packers:
- AppSealing
- BlackMod (modder)
- 5Play.ru (modder)
- Aegis - AndroidRepublic (modder)
- KangaPack
- LIAPP
- Protectors:
- DexGuard v9.x (Aarch64)
- DexProtector telemetry (Alice)
- Verimatrix / InsideSecure
- Protectt.ai
- Google Play Integrity protection
- Secucen AppIron
- Ahope AppShield
- AppCamo
- EverSafe
- VGuard
- DxShield
- Obfuscators:
- LSPosed (seen in Momo, Shamiko and so on)
- Android Republic VIP (modder)
Thanks to everyone who contributed! @cryptax @FrenchYeti @dustty0 @Yehh22 @CalebFenton @enovella
v2.1.4
1 year agoThe following products got improvements, rules and fixes:
- Packers:
- Multidex inline implementation
- EpicVM (ex-ULTIMA protector)
- Jiagu ELF packer
- DexProtector
- LIAPP
- Protectors:
- DexGuard v9.x (Aarch64)
- DexProtector telemetry (Alice), native (ARM32) and APK files
- FreeRASP
- Obfuscators:
- OLLVM v5, v8, v9 (with and without string encryption)
- ADVObfuscator (in PGSharp)
Additionally,
- Update to Python 3.9
- Update yara-python-dex dependency
Thanks to everyone who contributed! @cryptax @apkunpacker @enovella @CalebFenton @strazzere @Fare9
v2.1.3
2 years agoWe've had a good number of rule changes since the last release so we wanted to cut a new version. Thanks to everyone who contributed! We hope you find the tool useful.
Add or improve detections for:
- AliPay
- ApkEncryptor
- APKProtect
- AppGuard
- CrackProof
- DexGuard
- DexProtector
- Hikari
- JsonPacker
- Ollvm
- Promon Shield
- Tencent Legu
v2.1.2
2 years agoFor APKiD:
- Use yara-python-dex to greatly simplify installation (yay!)
- Print some errors to stderr
No significant changes were made to rules.
v2.1.1
3 years agoFor APKiD itself:
- Fixed bug with `--output-dir- not working with absolute paths within docker container (https://github.com/rednaga/APKiD/issues/171) - thanks @iantruslove
- Reduce docker layers and sizes - thanks @superpoussin22
- Add
scan_file_objAPI - Fixed some error handling
- Add
--include-typesoption - Fix rule identifier counting
- Improve rule hash stability
- Improve file type detection for ELFs
- If using
filenamefor typing, consider.jarfiles as zips.
For the rules:
- Beefed up DexGuard detection
- Correct dexlib1 detection
- Add AppSuit detection - thanks @enovella
- Add SafeEngine detection - thanks @horsicq
- Several other fixes and improvements
v2.0.3
4 years ago- Add check for zip entry types before trying to scan them
- Handle duplicate zip entries via
ZipFile.infolist() - Make
OutputFormatter.build_json_outputpublic - Change default typing behavior to
magic
The zip entry type check is a minor optimization. The previous behavior was to assume all zip entries should be scanned. Here's a quick benchmark to show that using filename typing (which is faster than magic bytes), you can save a bunch of time. Of course, you'll miss "hidden" files that aren't named with the correct extension. If you use APKiD forensically or with malware, you should either use the default option. If you have some weird custom rules, you might even want to use --typing none.
Here's some benchmarking data:
apkid test-data --typing filename 23.96s user 1.49s system 98% cpu 25.844 total
apkid test-data --typing magic 41.05s user 2.37s system 98% cpu 43.922 total
apkid test-data --typing none 41.66s user 2.19s system 98% cpu 44.640 total
v2.0.0
5 years agoLots of good changes here. Many thanks to people who contributed rules and put up with my review process -- @enovella, @P0r0, @zeroload, @ulexec.
- Rewrite core code -- cleaner API, Python 3.6+ compatible, type hints
- New rules -- Arxan GuardIT, SecNeo, SecEnh, AppSealing, AliPay, GaoXor, Kiwi, Gemalto
- Updated yara-python dependency to 3.10.0 (removed dependency on our custom fork!)
- General rule cleanup and refactoring
- 14.7% more cool
- Readme now includes a screenshot because the marketing department demanded one
v1.2.1
5 years agoThis release has a lot of changes both in the code and in the rules.
Thanks to @enovella who has really stepped up and added a lot of rules, and thanks to everyone else in the community who's contributed!
Core Changes
- Update to yara-python 3.7.0.999 (with the new official DEX module)
- Added TravisCI integration & some tests for rules
- Rules need to compile or the test will fail
- Warnings are given if rules don't have tags, description, or a sample
- Add colorized output
New native obfuscators
- Obfuscator-LLVM
- v3.4
- v3.5
- v3.6.1
- v4.0
- v6.0 (unofficial fork)
- v6.0 with string encryption (unofficial fork)
- version-less
- Firehash
- AVDobfuscator
New DEX obfuscators
- Allatori demo
- Arxan
- Multidex support
- DexProtector (bugfixes)
- AMMO (thanks @P0r0!)
New native packers
- Promon Shield
- UPX
- v3.93
- v3.94
- Bangcle SecShell (secneo-like)
- AppGuard (secneo-like)
New DEX packers
- ApkPacker (Custom packer)
- CryptoShell
- ApkGuard
- DexProtector (more versions)
- Jiagu (ApkToolPlus)
- Custom Chinese "ChornClickers" (Ch-ina PornClickers)
v1.0.0
7 years agoChanges:
- Add
--output-diroption which writes individual JSON to a target directory - Add rules for Jack compiler (https://calebfenton.github.io/2016/12/01/building-with-and-detecting-jack/)
- Add rules for anti-vm detection
- Add rules for SecNeo and DxShield (thanks @circleous!)
- Improve accuracy and specificity for dex compiler fingerprints
- Update dex module & yara dependency to 3.5.0
v0.9.4
7 years agoChanges:
- Fixed segfaults for badly formed DEX files (thanks @cryptax!)
- Added PangXie packer rules (thanks @cryptax!)
- Added DexProtector obfuscator rules (thanks @Jasi2169!)
- Updated Yara from 3.4.0 to 3.5.0 (thanks ME!)
- Fixed some typos, cleaned up code, the usual