AAMO: Another Android Malware Obfuscator
We release our set of code-obfuscation scripts tailored for Android applications. We assume that the original application can be disassembled into Smali.
$ mkdir dir_with_apks_to_obfuscate/ # fill the dir with some APKs $ vim obfuscators/obfuscators.py
obfuscator_to_apply variable to define the list of obfuscators you
want to apply. For example:
obfuscator_to_apply = [ 'Resigned', 'Alignment', 'Rebuild', 'Fields', 'Debug', 'Indirections', 'Defunct', 'StringEncrypt', 'Renaming', 'Reordering', 'Goto', 'ArithmeticBranch', 'Nop', 'Asset', 'Intercept', 'Raw', 'Resource', 'Lib', 'Restring', 'Manifest', 'Reflection']
You can choose a subset of obfuscators (recommended).
$ python obfuscators/obfuscators.py
Enjoy your obfuscated APKs.
We currently support:
Simple control-flow modifications
- Junk code insertion
- Debug symbols stripping
- Defunct code insertion
- Unconditional jump insertion
Advanced control-flow modifications
- Call indirection
- Code reordering
- Opaque predicate insertion
- Non-code files and resource renaming
- Fields and methods renaming
- Package renaming
- Resource encryption (asset files)
- Native code encryption
- Data encryption (strings)
There might be plenty of bugs. Feel free to fork and send us pull requests!
- Federico Pellegatta (main developer)
- Federico Maggi (advisor, maintainer)
- Mila Dalla Preda (advisor, contributor)
AAMO is supported by the FACE research project, under the FIRB 2013 funding program of the Italian Ministry of University and Research (grant agreement N. RBFR13AJFT).