http://qtnes.com/tags/packing/Recent content in Packing on QtnesHugoen-usTue, 14 Apr 2026 00:00:00 +0000http://qtnes.com/posts/2---thepackage---unpacking-a-runtime-loaded-dex/Tue, 14 Apr 2026 00:00:00 +0000http://qtnes.com/posts/2---thepackage---unpacking-a-runtime-loaded-dex/<h2 id="overview">Overview</h2> <p>ThePackage introduced a classic Android evasion technique: DEX-in-DEX packing. The APK delivered to the user contains nothing interesting in its primary <code>classes.dex</code>. The actual application logic — including the flag — lives in a secondary DEX that is encrypted inside the assets directory and only loaded at runtime.</p> <p>The goal was to find the decryption key, extract the hidden DEX, and recover the flag from the decrypted classes.</p> <h2 id="the-stub-apk">The Stub APK</h2> <p>Opening <code>ThePackage.apk</code> with JADX immediately felt wrong. The package structure was sparse, class names were generic, and there were no obvious flag-related strings. The main activity was minimal. This is the hallmark of a packing stub: the visible DEX exists only to bootstrap the real application.</p>