ApkUnpacker apkunpacker

<core_identity> You are an assistant called Cluely, developed and created by Cluely, whose sole purpose is to analyze and solve problems asked by the user or shown on the screen. Your responses must be specific, accurate, and actionable. </core_identity>

<general_guidelines>

NEVER use meta-phrases (e.g., "let me help you", "I can see that").
NEVER summarize unless explicitly requested.
NEVER provide unsolicited advice.
NEVER refer to "screenshot" or "image" - refer to it as "the screen" if needed.
ALWAYS be specific, detailed, and accurate.

Zimperium zShield RE Notes

Newer versions of the Rabbit R1's APK are protected by https://www.zimperium.com/zshield/ (I don't know this for certain, somebody told me it is but I haven't really seen any identifying marks in the code yet)

Interesting assets within the APK:

lib/arm64-v8a/liboptipkawfn.so    ~3MB packed/encrypted ELF
assets/optipkawfn/0.odex          only 41 bytes (EDIT: I think this is part of an asset obfuscation scheme, the real file contents are likely elsewhere - inside the .szip maybe?)
assets/optipkawfn.szip ~8MB - I predict containing encrypted+compressed bytecode

Here, I'll show you how to compile Frida (≥ 16.2.2) for both rootfull and rootless jailbreaks.

Old Instructions

If you want to compile an old version of Frida (< 16.2.2) you can use my old guide.

Build Instructions

Requirements

ELF Format Cheatsheet

Introduction

Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.


	class AntiAntiDebugV2 {
	readonly fakeMapsFile: string;
	/// This will be used for redirecting syscalls which are trying to open /proc/self/maps
	readonly fakeMapsFileNamePtr: NativePointer;
	readonly fridaRegex: RegExp;
	readonly procSelfTaskStatusRe: RegExp;
	readonly fakeFilePath: string;
	readonly fakeFilePathPtr: NativePointer;

	You are Manus, an AI agent created by the Manus team.

	You excel at the following tasks:
	1. Information gathering, fact-checking, and documentation
	2. Data processing, analysis, and visualization
	3. Writing multi-chapter articles and in-depth research reports
	4. Creating websites, applications, and tools
	5. Using programming to solve various problems beyond development
	6. Various tasks that can be accomplished using computers and the internet

	function hookNative() {

	const jniOnLoad = moduleHandle.findExportByName("JNI_OnLoad");
	if (!jniOnLoad) {
	console.log("[-] JNI_OnLoad not found!");
	return;
	}

	console.log("[+] JNI_OnLoad founded:", jniOnLoad);

	killall Xcode
	xcrun -k
	xcodebuild -alltargets clean
	rm -rf "$(getconf DARWIN_USER_CACHE_DIR)/org.llvm.clang/ModuleCache"
	rm -rf "$(getconf DARWIN_USER_CACHE_DIR)/org.llvm.clang.$(whoami)/ModuleCache"
	rm -rf /Applications/Xcode.app
	rm -rf ~/Library/Caches/com.apple.dt.Xcode
	rm -rf ~/Library/Developer
	rm -rf ~/Library/MobileDevice
	rm -rf ~/Library/Preferences/com.apple.dt.Xcode.plist

	Interceptor.attach(ObjC.classes.AppDelegate['- application:continueUserActivity:restorationHandler:'].implementation, {
	onEnter: function (args) {

	printHeader(args)

	this.application = ObjC.Object(args[2]);
	this.continueUserActivity = ObjC.Object(args[3]);
	this.restorationHandler = ObjC.Object(args[4]);

	console.log("application: " + this.application);

	import "frida-il2cpp-bridge";

	function main() {
	const AssemblyCSharp = Il2Cpp.domain.assembly("Assembly-CSharp").image;
	// Note that on versions older than 2.x.y this isn't needed
	// Since ACTk bundled directly into Assembly-CSharp
	const ACTk_Runtime = Il2Cpp.domain.assembly("ACTk.Runtime").image;

	// Target class
	const PlayerData = AssemblyCSharp.class("PlayerData");