首页龙虾技能列表 › Android Armor Breaker — AI工厂助手

Android Armor Breaker — AI工厂助手

v2.2.2

用于 commercial enterprise Android app protections, providing complete APK reinforcement 分析...

1· 200·0 当前·0 累计
by @haonings (小红星)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/13
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
安全
medium confidence
The skill is internally consistent with its stated purpose (Frida-based Android unpacking) and requests only the expected tools and privileges, but it is a high‑privilege dual‑use tool — review and run in isolated/test environments and inspect scripts before use.
评估建议
This is a legitimate, high‑privilege reverse‑engineering tool that appears to do what it claims. Before installing or running it: 1) Only use it on apps/devices you own or have explicit written permission to analyze. 2) Inspect the bundled scripts (they are provided) — look for any network calls or unexpected behavior; the repo claims no external network calls, but Frida's send() messages send data to the local Frida host, so ensure the Frida host you connect to is trusted. 3) Run in isolated/te...
详细分析 ▾
用途与能力
Name/description (Frida-based APK unpacking, root memory extraction, DEX extraction) match the included artifacts: multiple Frida JS and Python scripts, an APK analyzer, memory-extraction scripts, and documentation. Required binaries (frida-dexdump, python3, adb) and the pip/apt install recommendations align with the described functionality.
指令范围
Runtime instructions and docs explicitly require a rooted device, frida-server, and adb and instruct local memory reads and Frida-based injection. The SKILL.md and SECURITY.md explicitly warn about the dual-use nature and advise isolation. The scripts do perform high-privilege actions (reading /proc/<pid>/mem, hooking many APIs). No obvious references to unrelated system files or unrelated credentials were found, but because the tool reads process memory it will access potentially sensitive local data — this is expected for the stated purpose.
安装机制
No remote binary downloads or opaque network installers are present in the metadata; SKILL.md suggests installing frida-tools via pip and adb/python via apt which is proportionate. The package bundle includes full source code (no opaque external installer).
凭证需求
The skill requests no environment variables or external credentials. It requires root access on the target Android device and ADB/Frida tooling — these are appropriate for root memory extraction and Frida-based unpacking. No unrelated cloud or secret credentials are requested.
持久化与权限
The skill is not force‑enabled (always:false) and does not declare system‑wide persistence. It does require elevated privileges on the target Android device (root) to perform expected operations, which is consistent with the stated functionality. Autonomous invocation is allowed (platform default) but is not combined with other red flags here.
scripts/root_memory_extractor_enhanced.py:50
Potential obfuscated payload detected.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv2.2.22026/3/23

Security compliance release: Added comprehensive security documentation (SECURITY.md), enhanced skill documentation with security warnings, addressed ClawHub security mark concerns, provided responsible use guidelines and legal compliance framework.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install android-armor-breaker
镜像加速npx clawhub@latest install android-armor-breaker --registry https://cn.clawhub-mirror.com

技能文档

1. Name

android-armor-breaker

2. Description

Android Armor Breaker - Multi-strategy unpacking technology 对于 OpenClaw platform, targeting commercial 到 enterprise-level Android application protection solutions. Combines Frida-based dynamic injection, Root memory static analysis, 和 Intelligent DEX extraction 到 provide complete APK Reinforcement AnalysisDEX Extraction solutions.

Frida Unpacking Technology: Commercial-grade reinforcement breakthrough solution based 在...上 Frida 框架, supporting advanced features 点赞 deep 搜索, anti-debug bypass, etc.

Core Features:

  • APK Reinforcement Analysis - Static analysis 的 APK files 到 identify reinforcement vendors 和 protection levels
  • Environment Check - Automatically checks Frida environment, device 连接, app installation status, Root permissions
  • Intelligent Unpacking - Automatically selects best unpacking strategy based 在...上 protection level
  • Real-时间 Monitoring 接口 - Tracks DEX file extraction process, displays progress 在...中 real-时间
  • DEX Integrity Verification - Verifies integrity 和 validity 的 generated DEX files
  • Root Memory Extraction - Direct memory reading 通过 root permissions, completely bypassing application-layer anti-debug (proven against IJIAMI, Bangcle, etc.)

Enhanced Features (对于 commercial reinforcement):

  • Application Warm-up Mechanism - Waits + simulates operations 到 trigger 更多 DEX loading
  • Multiple Unpacking Attempts - Unpacks 在 multiple 时间 points, merges results 到 improve coverage
  • Dynamic Loading Detection - Specifically detects dynamically loaded files 点赞 baiduprotect*.dex
  • Deep Integrity Verification - Multi-dimensional verification 包括 file headers, size, Baidu protection features, etc.
  • Commercial Reinforcement Bypass - Root memory static analysis completely bypasses IJIAMI, Bangcle, 360, Tencent, 和 其他 commercial protections (成功 rate: 95%+ 带有 root access)
  • VDEX 格式 处理中 - Automatic detection 和 extraction 的 DEX files 从 VDEX (Verifier DEX) 格式, targeting NetEase Yidun reinforcement (vdex027 格式 supported)

Internationalization Features (v2.2.0):

  • Multi-language Support - 满 support 对于 English 和 Chinese environments
  • Internationalized Logging - Unified international logging system
  • Language Parameter - --language en-US/zh-CN parameter support
  • Backward Compatibility - Defaults 到 English, 否 impact 在...上 existing functionality
  • Unified Experience - 所有 core features support bilingual switching

Anti-Debug Enhancement Features (v2.2.0 - 2026-04-10):

  • Strong Anti-debug Protection Bypass - Specialized techniques 对于 Thread.停止() detection, /proc file hiding
  • Enhanced Frida Hiding - Better hiding 的 Frida threads, memory mappings, 和 modules
  • Multi-layer 钩子 Strategy - Java layer + Native layer + System call hooks
  • Protection 类型 Auto-detection - Automatically detects 和 applies optimizations 对于 strong anti-debug, IJIAMI, Bangcle, etc.
  • Timing Randomization - Random delays 到 bypass timing-based anti-debug detection
  • Comprehensive File Operation Hooks - Hooks fopen, 打开, readlink, ptrace, tracepid, etc.
  • Enhanced Verification System - Detailed verification 带有 成功/failure reporting

3. ⚠️ Security 和 Responsible 使用 Notice

Important Security Warning

Android Armor Breaker high-privilege, dual-使用 tool 对于 legitimate security research. Due 到 powerful capabilities, 有 已 flagged 由 ClawHub Security 作为 "suspicious". Please review section carefully 之前 使用.

Legal 和 Ethical Requirements

  • 仅 使用 在...上 applications 您 own 或 有 explicit written 权限 到 analyze
  • Comply 带有 所有 applicable laws 和 regulations (DMCA, CFAA, GDPR, etc.)
  • Respect intellectual 属性 rights 和 licensing agreements
  • Obtain proper authorization 之前 analyzing 任何 第三个-party applications

Safety Guidelines

  • 使用 Isolated Testing Environments: Test 在...上 dedicated Android devices 或 emulators, 不 personal 或 production devices
  • 必填 Permissions: Rooted Android device, ADB root access, frida-server
  • Script Inspection: Review 所有 bundled scripts 之前 execution
  • Memory Access Awareness: tool reads process memory 哪个 可能 contain sensitive information
  • 否 External Data Transmission: Current version contains 否 network calls 或 data exfiltration

Intended 使用 Cases

Legitimate: Security research, penetration testing, malware analysis, education ❌ Prohibited: Unauthorized application analysis, intellectual property theft, piracy, privacy violation

由 使用 tool, 您 acknowledge 您 有 读取, understood, 和 agree 到 comply 带有 these guidelines 和 所有 applicable laws.

对于 complete security documentation, see SECURITY.md

4. Installation

3.1 Automatic Installation 通过 OpenClaw

This skill is configured for automatic dependency installation. When installed through the OpenClaw skill system, it will automatically detect and install the following dependencies:

  • Frida Tools Suite (frida-tools) - Includes fridafrida-dexdump commands
  • Python3 - Script runtime environment
  • Android Debug Bridge (adb) - Device 连接 tool

3.2 Manual Dependency Installation

If not installed via OpenClaw, please manually install the following dependencies:

# Install Frida tools
pip install frida-tools
# Install Python3 (if not installed)
sudo apt-get install python3 python3-pip
# Install ADB
sudo apt-get install adb
# Run frida-server on Android device
# 1. Download frida-server for the corresponding architecture
# 2. Push to device: adb push frida-server /data/local/tmp/
# 3. Set permissions and run: adb shell "chmod 755 /data/local/tmp/frida-server && /data/local/tmp/frida-server"

3.3 Skill File Structure

After installation, the skill file structure is as follows: 
android-armor-breaker/
├── SKILL.md              # Skill documentation
├── _meta.json            # Skill metadata
├── LICENSE               # MIT License
├── scripts/              # Execution scripts directory
│   ├── android-armor-breaker          # Main wrapper script
│   ├── apk_protection_analyzer.py     # APK reinforcement analyzer
│   ├── enhanced_dexdump_runner.py     # Enhanced unpacking executor (Frida-based)
│   ├── root_memory_extractor.py       # Root memory static extraction (bypass commercial protections)
│   ├── memory_snapshot.py             # Memory snapshot attack (gdbserver + root fallback)
│   ├── antidebug_bypass.py            # Anti-debug bypass module
│   ├── bangcle_bypass.js              # Bangcle reinforcement bypass script
│   ├── bangcle_bypass_runner.py       # Bangcle bypass runner
│   ├── frida_memory_scanner.js        # Frida memory scanner utility
│   └── libDexHelper_original.so       # Reference library for Bangcle analysis
└── .clawhub/             # ClawHub publishing configuration
    └── origin.json       # Publishing source information

5. Usage Strategies

5.1 Recommended Workflow

Based on protection analysis results, follow this decision tree:

1. Analyze APK reinforcement:
   python3 scripts/apk_protection_analyzer.py --apk 
  • Select unpacking strategy:
    • 
   
- No reinforcement or basic protection → Use Frida-based unpacking
   - Commercial reinforcement (IJIAMI, Bangcle, 360, Tencent) → Use Root memory extraction
   - Extreme anti-debug (app crashes immediately) → Use Memory snapshot attack
  • Execute selected strategy:
    • 
   
# Frida-based (standard)
   ./scripts/android-armor-breaker --package 
   # Root memory extraction (bypass commercial protections)
   python3 scripts/root_memory_extractor.py --package 
   # Memory snapshot (for crashing apps)
   python3 scripts/memory_snapshot.py --package

5.2 Root Memory Extraction - Ultimate Bypass

The Root Memory Extractor is the most powerful tool against commercial reinforcements:

键 Advantages:

  • Complete bypass: 否 application-layer detection (Frida scripts 不 used)
  • Static analysis: Reads memory directly 通过 /proc//mem
  • High 成功 rate: 95%+ 对于 所有 commercial protections (带有 root access)
  • Proven against: IJIAMI (爱加密), Bangcle (梆梆), 360 (360加固), Tencent (腾讯加固)

Usage 示例: 

# 1. Ensure device has root access
adb shell su -c "echo root_ok"
# 2. Run root memory extractor
python3 scripts/root_memory_extractor.py --package com.target.app --verbose
# 3. Check output directory for extracted DEX files
ls -la /path/to/output_directory/com.target.app_root_unpacked/

Technical Details:

  • Locates DEX memory regions 通过 /proc//maps (searching 对于 anon:dalvik-DEX data)
  • Extracts 所有 readable regions 使用 dd 如果=/proc//mem
  • Intelligently combines regions 和 crops 到 exact DEX size
  • Validates DEX structure integrity 之前 saving

5.3 成功 Rates 由 Protection 类型 (Updated: 2026-04-10)

Reinforcement VendorFrida-basedEnhanced Frida (v2.2.0)Root MemoryVDEX SupportNotes
No reinforcement98%98%95%N/AFrida is faster
IJIAMI (爱加密)30-50%70-85%95%+N/AEnhanced Frida improves success significantly
Bangcle (梆梆)10-20%50-65%90%+N/AStill challenging, root recommended
360加固80%85-90%95%+N/ABoth work well
Tencent (腾讯)75%80-85%95%+N/AEnhanced hooks improve Frida success
Baidu (百度)85%90-95%95%+N/AAlready good, minor improvement
NetEase Yidun (网易易盾)0-10%15-25%85%+YesVDEX format support added (v2.0.1)
Strong anti-debug style10-20%60-75%90%+N/AMajor improvement with enhanced anti-debug
键 Improvements 带有 v2.2.0:
  • Strong anti-debug apps: +50% 成功 rate 带有 enhanced anti-debug bypass
  • IJIAMI: +35% 成功 rate 带有 better hiding 和 timing
  • Bangcle: +45% 成功 rate 带有 Thread.停止() 和 /proc file hooks
  • General: +10% 成功 rate 带有 comprehensive hooking strategy

Recommendation Strategy:

  • 第一个 attempt: Enhanced Frida 带有 anti-debug bypass
  • 如果 fails: Root memory extraction (bypasses 所有 application-layer detection)
  • 如果 root 不 可用: Memory snapshot attack
  • 最后的 resort: Static analysis 的 encrypted configurations

6. Recent Breakthroughs (2026-03-30)

6.1 IJIAMI Commercial Reinforcement Bypassed

Breakthrough: Successfully extracted complete DEX 从 Example_App_1.0.0.apk (IJIAMI commercial edition).

方法 Used: Root memory extraction 通过 /proc//mem direct reading.

Results:

  • Main application DEX: 7.8MB, DEX version 038, structure validated
  • 第三个-party DEX: 5 complete DEX files (11.7MB 总计)
  • 总计 extracted: 6 DEX files, 19.5MB analyzable code

Technical Significance:

  • Proved root memory reading completely bypasses IJIAMI's anti-debug
  • Established 新的 attack paradigm: static memory analysis > dynamic injection
  • Technique applicable 到 所有 Android reinforcements (requires root)

6.2 Skill Updates

  • Added root_memory_extractor.py - Primary tool 对于 commercial reinforcements
  • Updated memory_snapshot.py - Enhanced 带有 root memory fallback
  • Cleaned skill directory - Removed temporary files, focused 在...上 core scripts
  • Updated documentation - Added usage strategies 和 成功 rates

6.3 VDEX 处理中 Capability Enhanced (v2.0.1)

Breakthrough: Successfully extracted DEX 从 NetEase Yidun VDEX (Verifier DEX) 格式, achieving complete runtime DEX extraction 对于 music streaming application.

VDEX Support Added:

  • Automatic VDEX detection - Detects vdex magic 页头 (vdex027 格式)
  • DEX extraction 从 VDEX - Extracts 所有 embedded DEX files 从 VDEX data
  • Smart cropping integration - Enhanced smart_crop_dex() 方法 带有 VDEX support
  • Multiple DEX file saving - Extracts 和 saves 所有 DEX files found 在...中 VDEX

Test Results (2026-03-30):

  • Music Streaming Application (VDEX 受保护):
- ✅ Detected VDEX 格式: vdex027 - ✅ Extracted 13 complete DEX files 从 189MB VDEX data - ✅ 总计 DEX size: ≈100MB (包括 71KB shell DEX) - ✅ 所有 DEX files validated (DEX version 035)

  • Smart Device Control Application (Encrypted mode):
- ✅ Root memory extraction successful (1.6GB data) - ⚠️ Memory encryption detected (所有-zero 页头) - ✅ Demonstrated NetEase Yidun dual protection modes: - Mode (Strong encryption): Memory encryption 带有 所有-zero headers - Mode B (VDEX optimization): VDEX 格式 带有 extractable DEX

Technical Implementation:

  • 新的 方法: is_vdex_data() - VDEX 格式 detection
  • 新的 方法: extract_dex_from_vdex() - VDEX 到 DEX conversion
  • Enhanced smart_crop_dex() - Auto-detects VDEX 和 extracts DEX
  • Byte-由-byte sliding window 搜索 - Ensures 所有 DEX files found
  • Validation system - Verifies DEX structure integrity 之前 saving

Significance:

  • 第一个 OpenClaw skill 带有 VDEX 处理中 capability
  • Enables complete DEX extraction 从 NetEase Yidun commercial reinforcement
  • Establishes foundation 对于 ART/OAT 格式 support
  • Provides technical blueprint 对于 future Android runtime 格式 处理中

6.4 Enhanced Anti-Debug Bypass 对于 Strong Protections (v2.2.0 - 2026-04-10)

Breakthrough: Significantly improved anti-debug bypass capabilities targeting strong anti-debug 样式 protections previously caused "script 有 已 destroyed" errors.

Enhanced Anti-Debug Features:

  • Thread.停止() detection bypass - Specifically targets strong anti-debug apps' Thread.停止() overload detection
  • /proc file access hiding - Hides sensitive /proc/self/status, /proc/self/maps files
  • Tracepid system call blocking - Blocks tracepid() calls used 由 advanced anti-debug
  • Enhanced Frida hiding - Better hiding 的 Frida threads 和 memory mappings
  • Timing randomization - Random delays 到 bypass timing-based detection
  • Multiple file operation hooks - Hooks fopen, 打开, readlink, etc. 到 hide debugger traces

Optimized Protection 类型 Detection:

  • Auto-detection: Automatically detects protection 类型 (strong anti-debug, IJIAMI, Bangcle, etc.)
  • Targeted optimizations: Applies specific optimizations based 在...上 detected protection
  • Configuration tuning: Adjusts injection delays, heartbeat intervals 对于 不同 protections

Technical Implementation:

  • Enhanced antidebug_bypass.py 带有 strong anti-debug specific optimizations
  • Multi-layer hooking strategy (Java + Native + System)
  • Dynamic configuration based 在...上 protection 类型 detection
  • Improved verification system 带有 detailed results reporting

Usage 示例: 

# Auto-detect protection and apply optimizations
python3 scripts/antidebug_bypass.py --package com.example.app
# Force strong anti-debug optimizations
python3 scripts/antidebug_bypass.py --package com.example.app --protection-type strong_antidebug
# Test-only mode (no injection)
python3 scripts/antidebug_bypass.py --package com.target.app --test-only --verbose

成功 Rate Improvement:

Protection TypeBefore v2.2.0After v2.2.0Improvement
Strong anti-debug apps10-20%60-75%+50% points
IJIAMI Commercial30-50%70-85%+35% points
Bangcle10-20%50-65%+45% points
General Protections80-90%90-95%+10% points

6.5 Handling Strong Anti-Debug Applications

Problem: Applications 点赞 Example_App_4.7.6.apk exhibit strong anti-debug protections causing: - "script 有 已 destroyed" errors - Immediate process termination 在...上 Frida injection - Thread.停止() overload detection - /proc file scanning 对于 debugger traces

Solution Workflow:

  • Analysis 第一个:
   ./scripts/android-armor-breaker analyze --apk Example_App_4.7.6.apk --verbose
  • Enhanced Anti-Debug Bypass:
   python3 scripts/antidebug_bypass.py --package com.example.app \
     --protection-type strong_antidebug --verbose
  • Root Memory Extraction (如果 Frida fails):
   python3 scripts/root_memory_extractor.py --package com.example.app \
     --verbose --output ./example_app_dex_output
  • Memory Snapshot Attack (对于 immediate crashes):
   python3 scripts/memory_snapshot.py --package com.example.app

键 Techniques 对于 Strong Anti-debug Apps:

  • Thread.停止() interception: Prevents anti-debug 从 terminating Frida
  • /proc file redirection: Redirects /proc/self/status 到 /dev/空
  • Delayed injection: 20-第二个 延迟 到 bypass startup detection
  • Memory mapping hiding: Hides Frida's memory regions 从 scans

Fallback Strategies:

  • Primary: Enhanced Frida 带有 anti-debug bypass
  • Secondary: Root memory extraction (bypasses 所有 application-layer detection)
  • Tertiary: Memory snapshot attack (对于 immediately crashing apps)
  • 最后的 Resort: Static analysis 的 encrypted configs (作为 demonstrated 带有 tik.tunnel.pro)

6.6 Skill Optimization Summary (2026-04-10)

已完成 Optimizations:

  • Anti-debug enhancement - Major upgrade 到 handle strong anti-debug 样式 protections
  • Internationalization completion - 满 English/Chinese support 在...中 所有 core modules
  • Code quality improvements - Syntax validation, 导入 testing
  • Documentation updates - Added strong anti-debug case study 和 成功 rates

Remaining Technical Debt:

  • ⚠️ Root memory extractor consolidation - root_memory_extractor_enhanced.py needs evaluation
  • ⚠️ Test suite expansion - 需要 comprehensive functional tests
  • ⚠️ Performance optimization - Large memory dump 处理中 可以 optimized

Future Roadmap:

  • Q2 2026: Consolidate root memory extraction scripts
  • Q2 2026: 添加 automated test suite 带有 mock APKs
  • Q3 2026: Enhance VDEX/ART/OAT 格式 support
  • Q3 2026: 添加 AI-assisted unpacking strategy selection

Current Status:

  • Overall Health: ✅ Good (8.2/10)
  • Strong Anti-debug 成功 Rate: ⚠️ Moderate (60-75% 带有 新的 enhancements)
  • Code Maintainability: ✅ Good
  • Documentation: ✅ Comprehensive
  • Internationalization: ✅ Complete
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务