Add support for unpacking DEX from SQLCipher column #10
Description
In sample 72888975925abd4f55b2dd0c2c17fc68670dd8dee1bae2baabc1de6299e6cc05, to my understanding, a DEX is being loaded from an encrypted(?) sqlite database hidden in an asset.
- The asset file is
./assets/agenitelegions.db - The unpacking is done in
com.nibble.agenitelegions.RqgqIR.
To my understanding, it gets the agenitelegions.db file, loads it using a native library called libsqlcipher.so. Then, from the SQlite database, it queries a column named FUKNAwGqO, and will dump the content of this column in a file in a subdirectory of ./dr9wf1gw0m8jekjiqkt9. This is assumed to be a DEX.
Finally, it loads a dynamic class called com.nibble.agenitelegions.agenitelegions.ATxTws
Unfortunately kavanoz does not support this.
kavanoz mobidash-2023.apk
⚠ Sample is not packed
❌ Cannot unpack