Tweet
Hello!
I'm Gabi and I'll slowly be releasing bits and pieces of what Katalina can do while we get closer to the conference. Since I'll be launching the tool live when the conference starts, it's gonna be a bit more until y'all can play with the tool :D For now, please find attached some funny strings that I've deobfuscated from a Xenomorph sample!
This is how the original function for the string "hq.json" looked like:
Katalina automatically found an entrypoint that called this string obfuscating function, executed it and spit out the generated string! As you can see, the tool is like Unicorn but for Dalvik bytecode. It provides an environment that can execute Android bytecode automatically or one function at a time, but more on that in a later post. For more questions feel free to post here or DM me on Twitter (@hookgab) or Mastodon (hookgab@mas.to).
I'm Gabi and I'll slowly be releasing bits and pieces of what Katalina can do while we get closer to the conference. Since I'll be launching the tool live when the conference starts, it's gonna be a bit more until y'all can play with the tool :D For now, please find attached some funny strings that I've deobfuscated from a Xenomorph sample!
This is how the original function for the string "hq.json" looked like:
Katalina automatically found an entrypoint that called this string obfuscating function, executed it and spit out the generated string! As you can see, the tool is like Unicorn but for Dalvik bytecode. It provides an environment that can execute Android bytecode automatically or one function at a time, but more on that in a later post. For more questions feel free to post here or DM me on Twitter (@hookgab) or Mastodon (hookgab@mas.to).