Dalvik Bytecode Obfuscation on Android

Question

I have recently read this article Dalvik Bytecode Obfuscation on Android

I have also downloaded the source code at https://github.com/thuxnder/dalvik-obfuscator/blob/master/injector.py

I understand that what the technique does is to iterate through all the methods, insert junkbytes in a code block and unconditional branch in front of the code block (to ensure the code block is never executed).

However I'm not familiar with Python script, so I got trouble understand the code block from line 204 to 212 which causes Exception:

def _obfuscator_arrayDataOverlayIf(self, method):
    obfuscator = array.array('c', "\x32\x00\x09\x00\x26\x00\x03\x00\x00\x00\x00\x03\x01\x00\x00\x00\x00\x00")
    size = method.getMethodSize()
    if size == 0:
        print "skip method @ 0x%x" % method._offset
        return 
    payloadlen = size-len(obfuscator)
    struct.pack_into('I', obfuscator, 14, payloadlen)
    return method.obfuscate(obfuscator)

I would appreciate if some one can explain me what this block of code does so that I can catch the idea of the author.

Edit: The trace back is as below:

Traceback (most recent call last):
  File "C:\Apps\EclipsePortable\Data\workspace\DalvikObfuscator\DalvikObfuscator\injector.py", line 216, in 
    inj.obfuscate()
  File "C:\Apps\EclipsePortable\Data\workspace\DalvikObfuscator\DalvikObfuscator\injector.py", line 196, in obfuscate
    if reduce(lambda op1,op2: op1 or op2, map(self._obfuscator_arrayDataOverlayIf, method), False):
  File "C:\Apps\EclipsePortable\Data\workspace\DalvikObfuscator\DalvikObfuscator\injector.py", line 209, in _obfuscator_arrayDataOverlayIf
    struct.pack_into('I', obfuscator, 14, payloadlen)
struct.error: integer out of range for 'I' format code

Dalvik Bytecode Obfuscation on Android

Answers (1)

Related Questions