Null input parameter for AESDecryptor

Question

Null input parameter for AESDecryptor

CalebFenton opened this issue 6 years ago · 0 comments

Provide link to specific APK, DEX, or file hash
https://www.virustotal.com/gui/file/6ba481ab82f5c3c9a955efd1fa310f6c9c416caf4daeb2a87a23b95ab4c4c2f0/detection

Describe the bug
Getting an unhandled exception for some code which looks simplifable.

To Reproduce

$ java -jar ~/repos/simplify/simplify/build/libs/simplify.jar -it 'o3pkg/u;-><init>' ~/Downloads/banky/urmomgeh.apk                                                    255 ↵
[1 / 1] Processing top level class Lo3pkg/u;
(1 / 1) Executing top level method: Lo3pkg/u;-><init>(Lo3pkg/aa;[B[B)V
15:32:55.113 ERROR NodeExecutor - ExecutionNode{signature=Lo3pkg/u;-><init>(Lo3pkg/aa;[B[B)V, op=throw r0, @=37} throws unhandled virtual exception
Aborting execution; exception: Unhandled virtual exception: type=Ljava/lang/Exception;, value=java.lang.Exception: one of the input parameters is null in AESDecryptor Constructor
Skipping optimization of Lo3pkg/u;-><init>(Lo3pkg/aa;[B[B)V; null execution graph

Attempted work-arounds
I am the work-around.

Additional context
This is actual malware. I think it's dexguard.