<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> at least they know how to collect memory and logs instead of just opening a reverse shell for the devs to take a look</p>

<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@tammy" class="u-url mention">@<span>tammy</span></a></span> also it&#39;s encrypted with a hardcoded AES key of `UK*@3oKpFlVVnads`</p>

<p>i think the intended use for it is a crash handler but it looks sketchy as fuck</p>

<p>looking at a library from, presumably, bytedance android sdk, and that thing sure looks like malware</p><p>using syscall() all over the place, parsing /proc/self/maps to call random dalvik functions, encrypting logs to, presumably, send them over the network</p>

<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> Been there. </p><p>jq exists for a reason :-)</p><p>Nevertheless, can be a fun exercise as long as you don&#39;t need to maintain the hell you&#39;re creating.</p>

<p>OH: although that may not even be an obfuscation technique, that might be just how their code looks</p>

<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@ldcd" class="u-url mention">@<span>ldcd</span></a></span> i know right</p>

<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@ldcd" class="u-url mention">@<span>ldcd</span></a></span> o:3</p>

<p>you can have a better version of this snippet using:</p><p>git clone <a href="https://gist.github.com/whitequark/03594daa69710089b55720cee688d556" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/whitequark/035</span><span class="invisible">94daa69710089b55720cee688d556</span></a> ~/.binaryninja/snippets/whitequark</p><p>(and then install the official snippets plugin to run it easily)</p>