From 57b9a45871f7a53b68588e7eeee12b9aac6bfdba Mon Sep 17 00:00:00 2001 From: Adam Date: Sun, 2 Aug 2015 21:46:24 -0400 Subject: [PATCH] appears to work --- src/main/java/info/sigterm/deob/Deob.java | 65 ++++++++++--------- .../attributes/code/instructions/BiPush.java | 16 ++++- .../attributes/code/instructions/SiPush.java | 16 ++++- .../deob/deobfuscators/ConstantParameter.java | 32 +++++---- 4 files changed, 85 insertions(+), 44 deletions(-) diff --git a/src/main/java/info/sigterm/deob/Deob.java b/src/main/java/info/sigterm/deob/Deob.java index 07a0bb2db9..e8caba48b6 100644 --- a/src/main/java/info/sigterm/deob/Deob.java +++ b/src/main/java/info/sigterm/deob/Deob.java @@ -45,19 +45,19 @@ public class Deob ClassGroup group = loadJar(args[0]); long bstart, bdur; -// bstart = System.currentTimeMillis(); -// new RenameUnique().run(group); -// bdur = System.currentTimeMillis() - bstart; -// System.out.println("rename unique took " + bdur/1000L + " seconds"); + bstart = System.currentTimeMillis(); + new RenameUnique().run(group); + bdur = System.currentTimeMillis() - bstart; + System.out.println("rename unique took " + bdur/1000L + " seconds"); -// // remove except RuntimeException -// bstart = System.currentTimeMillis(); -// new RuntimeExceptions().run(group); -// // the blocks of runtime exceptions may contain interesting things like other obfuscations we identify later, but now that -// // it can't be reached by the execution phase, those things become confused. so remove blocks here. -// new UnusedBlocks().run(group); -// bdur = System.currentTimeMillis() - bstart; -// System.out.println("runtime exception took " + bdur/1000L + " seconds"); + // remove except RuntimeException + bstart = System.currentTimeMillis(); + new RuntimeExceptions().run(group); + // the blocks of runtime exceptions may contain interesting things like other obfuscations we identify later, but now that + // it can't be reached by the execution phase, those things become confused. so remove blocks here. + new UnusedBlocks().run(group); + bdur = System.currentTimeMillis() - bstart; + System.out.println("runtime exception took " + bdur/1000L + " seconds"); // remove unused methods bstart = System.currentTimeMillis(); @@ -65,35 +65,38 @@ public class Deob bdur = System.currentTimeMillis() - bstart; System.out.println("unused methods took " + bdur/1000L + " seconds"); -// // remove illegal state exceptions, frees up some parameters -// bstart = System.currentTimeMillis(); -// new IllegalStateExceptions().run(group); -// bdur = System.currentTimeMillis() - bstart; -// System.out.println("illegal state exception took " + bdur/1000L + " seconds"); + // remove illegal state exceptions, frees up some parameters + bstart = System.currentTimeMillis(); + new IllegalStateExceptions().run(group); + bdur = System.currentTimeMillis() - bstart; + System.out.println("illegal state exception took " + bdur/1000L + " seconds"); // remove constant logically dead parameters + bstart = System.currentTimeMillis(); new ConstantParameter().run(group); + bdur = System.currentTimeMillis() - bstart; + System.out.println("constant param took " + bdur/1000L + " seconds"); // // // remove unhit blocks -// bstart = System.currentTimeMillis(); -// new UnusedBlocks().run(group); -// bdur = System.currentTimeMillis() - bstart; -// System.out.println("unused blocks took " + bdur/1000L + " seconds"); -// -// // remove unused parameters -// bstart = System.currentTimeMillis(); -// new UnusedParameters().run(group); -// bdur = System.currentTimeMillis() - bstart; -// System.out.println("unused blocks took " + bdur/1000L + " seconds"); + bstart = System.currentTimeMillis(); + new UnusedBlocks().run(group); + bdur = System.currentTimeMillis() - bstart; + System.out.println("unused blocks took " + bdur/1000L + " seconds"); + + // remove unused parameters + bstart = System.currentTimeMillis(); + new UnusedParameters().run(group); + bdur = System.currentTimeMillis() - bstart; + System.out.println("unused blocks took " + bdur/1000L + " seconds"); // remove jump obfuscation //new Jumps().run(group); // remove unused fields -// bstart = System.currentTimeMillis(); -// new UnusedFields().run(group); -// bdur = System.currentTimeMillis() - bstart; -// System.out.println("unused fields took " + bdur/1000L + " seconds"); + bstart = System.currentTimeMillis(); + new UnusedFields().run(group); + bdur = System.currentTimeMillis() - bstart; + System.out.println("unused fields took " + bdur/1000L + " seconds"); //new ModularArithmeticDeobfuscation().run(group); diff --git a/src/main/java/info/sigterm/deob/attributes/code/instructions/BiPush.java b/src/main/java/info/sigterm/deob/attributes/code/instructions/BiPush.java index 57f0467309..448ae3a688 100644 --- a/src/main/java/info/sigterm/deob/attributes/code/instructions/BiPush.java +++ b/src/main/java/info/sigterm/deob/attributes/code/instructions/BiPush.java @@ -3,16 +3,18 @@ package info.sigterm.deob.attributes.code.instructions; import info.sigterm.deob.attributes.code.Instruction; import info.sigterm.deob.attributes.code.InstructionType; import info.sigterm.deob.attributes.code.Instructions; +import info.sigterm.deob.attributes.code.instruction.types.PushConstantInstruction; import info.sigterm.deob.execution.Frame; import info.sigterm.deob.execution.InstructionContext; import info.sigterm.deob.execution.Stack; import info.sigterm.deob.execution.StackContext; +import info.sigterm.deob.pool.PoolEntry; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; -public class BiPush extends Instruction +public class BiPush extends Instruction implements PushConstantInstruction { private byte b; @@ -45,4 +47,16 @@ public class BiPush extends Instruction frame.addInstructionContext(ins); } + + @Override + public PoolEntry getConstant() + { + return new info.sigterm.deob.pool.Integer(b); + } + + @Override + public void setConstant(PoolEntry entry) + { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } } diff --git a/src/main/java/info/sigterm/deob/attributes/code/instructions/SiPush.java b/src/main/java/info/sigterm/deob/attributes/code/instructions/SiPush.java index cd5b8e0d37..eb9f8f36a2 100644 --- a/src/main/java/info/sigterm/deob/attributes/code/instructions/SiPush.java +++ b/src/main/java/info/sigterm/deob/attributes/code/instructions/SiPush.java @@ -3,16 +3,18 @@ package info.sigterm.deob.attributes.code.instructions; import info.sigterm.deob.attributes.code.Instruction; import info.sigterm.deob.attributes.code.InstructionType; import info.sigterm.deob.attributes.code.Instructions; +import info.sigterm.deob.attributes.code.instruction.types.PushConstantInstruction; import info.sigterm.deob.execution.Frame; import info.sigterm.deob.execution.InstructionContext; import info.sigterm.deob.execution.Stack; import info.sigterm.deob.execution.StackContext; +import info.sigterm.deob.pool.PoolEntry; import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.IOException; -public class SiPush extends Instruction +public class SiPush extends Instruction implements PushConstantInstruction { private short s; @@ -45,4 +47,16 @@ public class SiPush extends Instruction frame.addInstructionContext(ins); } + + @Override + public PoolEntry getConstant() + { + return new info.sigterm.deob.pool.Integer(s); + } + + @Override + public void setConstant(PoolEntry entry) + { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } } diff --git a/src/main/java/info/sigterm/deob/deobfuscators/ConstantParameter.java b/src/main/java/info/sigterm/deob/deobfuscators/ConstantParameter.java index 040785c940..209625fb13 100644 --- a/src/main/java/info/sigterm/deob/deobfuscators/ConstantParameter.java +++ b/src/main/java/info/sigterm/deob/deobfuscators/ConstantParameter.java @@ -516,7 +516,6 @@ public class ConstantParameter implements Deobfuscator InstructionContext ctx = op.compCtx; // comparison Instruction ins = ctx.getInstruction(); boolean branch = op.branch; - assert branch; Instructions instructions = ins.getInstructions(); @@ -528,23 +527,34 @@ public class ConstantParameter implements Deobfuscator int idx = instructions.getInstructions().indexOf(ins); if (idx == -1) continue; // already removed? - - JumpingInstruction jumpIns = (JumpingInstruction) ins; - assert jumpIns.getJumps().size() == 1; - Instruction to = jumpIns.getJumps().get(0); + + Instruction to; + if (branch) + { + JumpingInstruction jumpIns = (JumpingInstruction) ins; + assert jumpIns.getJumps().size() == 1; + to = jumpIns.getJumps().get(0); + } + else + { + // just go to next instruction + to = instructions.getInstructions().get(idx + 1); + } // move things that jump here to instead jump to 'to' for (Instruction fromI : ins.from) { - + assert fromI.jump.contains(ins); + + fromI.jump.remove(ins); + fromI.replace(ins, to); } + ins.from.clear(); - instructions.remove(ctx.getInstruction()); + instructions.remove(ins); - //assert branch; - - //if (branch) - { + if (branch) + { // insert goto instructions.getInstructions().add(idx, new Goto(instructions, to)); }