Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Dalvik executable (DEX) module #604
This is a module for parsing Dalvik executables for Android. It makes a lot of information available to yara rules that opens the door for some useful yara rules, e.g. for compiler fingerprinting. Here are some examples: https://github.com/rednaga/APKiD/blob/master/apkid/rules/dex/compilers.yara
This module was originally proposed here: #484
The code's fairly robust. I've used it on 100k dex files with a very small number of failures and @strazzere did some extensive fuzzing to harden against possible exploitation.
I'm not just dropping this here. I'm willing to fix it up to make it acceptable, but I'm not sure if this is something y'all even want.
Fails to build on windows because of this:
apart from this it lgtm
I believe this module needs an important rework before being merged into master branch.