A fast and practical tool to decrypt string obfuscation used by Promon Shield–protected Android apps, making static analysis significantly easier.
This tool works by parsing smali opcode patterns and reconstructing runtime string logic, allowing decryption of both static and dynamically passed strings.
- 🚀 10x+ faster than earlier versions (heavily optimized)
- 🔓 Decrypts
String.intern()-based obfuscation - 🧠 Handles runtime / dynamically passed strings
- 📦 Works directly on APK files
- Uses apktool to decompile APK into smali
- Scans smali for known Promon Shield string patterns
- Reconstructs string logic using Python
- Replaces encrypted strings with decrypted constants
- Rebuilds the APK using apktool
- Python 3.8+
- Java 8+ (required for apktool)
You must download apktool JAR and place it in the same folder as the script.
The jar must be in the same directory as main.py.
Install dependencies:
pip install -r requirements.txtpython main.py -a target.apk -o deobfuscated.apkpython main.py --help
Just because I couldn’t bypass Frida detection and decided to do this instead 😄
I'm a noobie script kiddie :(
- Reverse engineering Promon-protected apps
- Static analysis without runtime instrumentation
- Understanding app logic hidden behind encrypted strings
- Malware research / security analysis
This project is intended for educational and research purposes only. Use it only on apps you own or have permission to analyze.
Contributions are welcome!
If you discover:
- New string patterns
- New opcode flows
- Performance improvements
Please submit a PR 🙏 ILY <3
- Me
Happy Reversing 😉