Menu
I am trying to reverse engineer an Android game to find out the logic behind their calculation.
After extraction of .apk file, there are lua script in /assets/lua folder and all of them have .lua extension. However if open with Text/HEX editor, they are not human readable.
For example: this file
The content of all files end with "droi.lua" signature, made me think this is not a LUA script but some sort of compressed LUA script for Android. And Android has a mechanism to compress file for publishing purpose.
Has anyone experienced this before? Is there a way to make such file readable?
Is there any method / program to decompress files extraced from .apk assets (such as png, lua etc)?
851
Viewing the contents of an APK file: Since APK files come in compressed ZIP format, any ZIP decompression tool can open it. So, for viewing the contents of an APK file, all you have to do is rename its extension to . zip and open it. Or, you can open it directly through an open dialogue box of a zip application.
Lua runs on all flavors of Unix and Windows, on mobile devices (running Android, iOS, BREW, Symbian, Windows Phone), on embedded microprocessors (such as ARM and Rabbit, for applications like Lego MindStorms), on IBM mainframes, etc.
This can be done by sandboxing the code. If you just want to remove a Lua table, set to nil all references to it and let the table be garbage collected automatically or manually.
APK files are basically ZIP files similar to the JAR files used to package Java libraries. An APK file contains app code in the DEX file format, native libraries, resources, assets, etc. It must be digitally signed with a certificate to allow installation on an Android device.
The entropy of the data in that file is very high (Shannon entropy of approximately 7.98, where 8 is the theoretical maximum). I compared this to the entropy of a zipped, or 7zipped text file, and got entropies of more like 6 to 7.
The high entropy, combined with the fact that it doesn't seem to have any identifiable header bytes suggests to me that it is probably encrypted.
If I were you, I would look for a symmetric encryption key embedded in the app.
If you're interested, here's the python script I used to calculate the entropy:
import sys
import math
print('Calculating entropy of: {}'.format(sys.argv[1]))
with open(sys.argv[1], 'rb') as fp:
data = fp.read()
# Trim off droi.lua
data = data[:-8]
# Calculate the frequency of each byte value in the file
frequencies = []
for b in range(256):
ctr = 0
for byte in data:
if byte == b:
ctr += 1
frequencies.append(float(ctr) / len(data))
# Shannon entropy
ent = 0.0
for freq in frequencies:
if freq > 0:
ent = ent + freq * math.log(freq, 2)
ent = -ent
print('Shannon entropy:')
print(ent)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
