I recently came across an Android APK that was protected by an obfuscator made by the Chinese tech company Tencent, called Legu. Thankfully, there was a repo available to reverse the obfuscation, but it was out-of-date with respect to the encryption. Specifically, the repo said it supported up to 4.0.1.18, and the version I was seeing was 4.0.1.31. Also, the dependencies were pretty difficult to use.

The TLDR is that I reverse engineered the new encryption scheme (it's now using ChaCha20) and the new key derivation scheme (a multi step process involving two hardcoded keys being altered in subtle ways, and one decoy key not used at all), and updated and published a fork at [https://github.com/YSaxon/legu_unpacker_2023].

But you won't always find the version you need there, if only because Tencent is likely to continue to update the keys. So I wrote up the process of reverse engineering the encryption, so that it can always be updated in the future.

You can find that writeup here