ra/runelite
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Move deobfuscation methods to their own files

Browse Source
This commit is contained in:
Adam
2015-06-13 14:24:04 -04:00
parent 3140a51f3f
commit 6cac8c1cc9
9 changed files with 385 additions and 284 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/info/sigterm/deob/ClassGroup.java
View File

@@ -27,7 +27,7 @@ public class ClassGroup
public ClassFile findClass(String name) public ClassFile findClass(String name)
{ {
// XXX handle arrays // XXX handle arrays?
for (ClassFile c : classes) for (ClassFile c : classes)
if (c.getName().equals(name)) if (c.getName().equals(name))
return c; return c;
@@ -48,6 +48,12 @@ public class ClassGroup
public void buildCallGraph() public void buildCallGraph()
{ {
for (ClassFile c : classes)
for (Method m : c.getMethods().getMethods())
{
m.callsTo.clear();
m.callsFrom.clear();
}
for (ClassFile c : classes) for (ClassFile c : classes)
c.buildCallGraph(); c.buildCallGraph();
} }

317
src/main/java/info/sigterm/deob/Deob.java
View File

@@ -1,5 +1,10 @@
package info.sigterm.deob; package info.sigterm.deob;
import info.sigterm.deob.deobfuscators.Jumps;
import info.sigterm.deob.deobfuscators.RuntimeExceptions;
import info.sigterm.deob.deobfuscators.UnusedBlocks;
import info.sigterm.deob.deobfuscators.UnusedMethods;
import info.sigterm.deob.deobfuscators.UnusedParameters;
import info.sigterm.deob.execution.Execution; import info.sigterm.deob.execution.Execution;
import info.sigterm.deob.execution.Frame; import info.sigterm.deob.execution.Frame;
import info.sigterm.deob.pool.NameAndType; import info.sigterm.deob.pool.NameAndType;
@@ -29,10 +34,36 @@ import java.util.jar.Manifest;
public class Deob public class Deob
{ {
public static void main(String[] args) throws IOException public static void main(String[] args) throws IOException
{
ClassGroup group = loadJar(args[0]);
// remove except RuntimeException
new RuntimeExceptions().run(group);
// remove code blocks that used to be the runtime exception handlers
new UnusedBlocks().run(group);
// remove unused methods
new UnusedMethods().run(group);
// remove unused parameters
new UnusedParameters().run(group);
// remove jump obfuscation
new Jumps().run(group);
//group.buildClassGraph();
//group.buildInstructionGraph();
//group.buildCallGraph();
saveJar(group, args[1]);
}
private static ClassGroup loadJar(String jarfile) throws IOException
{ {
ClassGroup group = new ClassGroup(); ClassGroup group = new ClassGroup();
JarFile jar = new JarFile(args[0]); JarFile jar = new JarFile(jarfile);
for (Enumeration<JarEntry> it = jar.entries(); it.hasMoreElements();) for (Enumeration<JarEntry> it = jar.entries(); it.hasMoreElements();)
{ {
JarEntry entry = it.nextElement(); JarEntry entry = it.nextElement();
@@ -44,21 +75,13 @@ public class Deob
group.addClass(entry.getName(), new DataInputStream(is)); group.addClass(entry.getName(), new DataInputStream(is));
} }
jar.close(); jar.close();
group.buildClassGraph();
group.buildInstructionGraph();
group.buildCallGraph();
checkCallGraph(group); return group;
removeExceptionObfuscation(group); }
checkBlockGraph(group);
private static void saveJar(ClassGroup group, String jarfile) throws IOException
Execution e = execute(group); {
JarOutputStream jout = new JarOutputStream(new FileOutputStream(jarfile), new Manifest());
checkParameters(e, group);
checkBlockGraphJump(group);
JarOutputStream jout = new JarOutputStream(new FileOutputStream(args[1]), new Manifest());
for (ClassFile cf : group.getClasses()) for (ClassFile cf : group.getClasses())
{ {
@@ -74,268 +97,4 @@ public class Deob
jout.close(); jout.close();
} }
private static Execution execute(ClassGroup group) throws IOException
{
Execution e = new Execution(group);
int count = 0, fcount = 0;
for (ClassFile cf : group.getClasses())
for (Method method : cf.getMethods().getMethods())
{
if (method.getCode() == null)
continue;
Frame f = new Frame(e, method);
e.frames.add(f);
fcount += e.run();
++count;
}
System.out.println("Processed " + count + " methods and " + fcount + " paths");
return e;
}
private static void checkCallGraph(ClassGroup group)
{
int i = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : new ArrayList<>(cf.getMethods().getMethods()))
{
/* assume obfuscated names are <= 2 chars */
if (m.getName().length() > 2)
continue;
if (!m.isUsed())
{
cf.getMethods().removeMethod(m);
++i;
}
}
}
System.out.println("Removed " + i + " methods");
}
private static void removeExceptionObfuscation(ClassGroup group)
{
int i = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : new ArrayList<>(cf.getMethods().getMethods()))
{
Code c = m.getCode();
if (c == null)
continue;
for (info.sigterm.deob.attributes.code.Exception e : new ArrayList<>(c.getExceptions().getExceptions()))
{
if (e.getCatchType() != null && e.getCatchType().getName().equals("java/lang/RuntimeException"))
{
c.getExceptions().remove(e);
++i;
}
}
}
}
System.out.println("Removed " + i + " exception handlers");
}
private static void checkBlockGraph(ClassGroup group)
{
int i = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : new ArrayList<>(cf.getMethods().getMethods()))
{
if (m.getCode() == null)
continue;
Instructions ins = m.getCode().getInstructions();
int count = 0;
for (Block b : new ArrayList<>(ins.getBlocks()))
{
// first block is the entrypoint, so its always used
if (count++ == 0)
continue;
if (b.begin.from.isEmpty() && b.begin.exce.isEmpty())
{
ins.remove(b);
++i;
}
}
}
}
System.out.println("Removed " + i + " unused blocks");
}
private static int checkBlockGraphOnce(ClassGroup group)
{
int count = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : new ArrayList<>(cf.getMethods().getMethods()))
{
if (m.getCode() == null)
continue;
Instructions ins = m.getCode().getInstructions();
ins.buildBlocks();
ins.buildJumpGraph();
List<Block> blocks = ins.getBlocks();
for (int i = 0; i < blocks.size(); ++i)
{
Block block = blocks.get(i);
Block prev = i > 0 ? blocks.get(i - 1) : null;
// only one thing jumps here
if (block.begin.from.size() == 1 && prev != null && prev.end.isTerminal())
{
Instruction from = block.begin.from.get(0); // this instruction jumps to block
if (from.block == block)
continue;
if (from instanceof Goto || from instanceof GotoW)
{
++count;
List<Instruction> ilist = ins.getInstructions();
// remove instructions
for (Instruction in : block.instructions)
ilist.remove(in);
int index = ilist.indexOf(from);
assert from.block != block;
from.block = null;
// move instructions which jump here to jump to block.begin
for (Instruction in : from.from)
{
assert in.jump.contains(from);
assert !in.jump.contains(block.begin);
in.jump.remove(from);
in.jump.add(block.begin);
block.begin.from.add(in);
}
from.from.clear();
// .replace ins
for (Instruction in : ilist)
in.replace(from, block.begin);
for (info.sigterm.deob.attributes.code.Exception e : m.getCode().getExceptions().getExceptions())
e.replace(from, block.begin);
ins.remove(from); // remove jump
// insert instructions from block where jump was
for (Instruction in : block.instructions)
ilist.add(index++, in);
}
}
}
}
}
return count;
}
private static void checkBlockGraphJump(ClassGroup g)
{
int count = 0;
int passes = 0;
int i;
do
{
i = checkBlockGraphOnce(g);
count += i;
++passes;
}
while (i > 0);
System.out.println("Inlined " + count + " jumps in " + passes + " passes");
}
private static int[] checkParametersOnce(Execution execution, ClassGroup group)
{
// removing parameters shifts the others around which is annoying.
// if more than one is unused, we'll just remove the one
// and do the others on another pass
int count = 0;
int collide = 0;
int overrides = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : cf.getMethods().getMethods())
{
int offset = m.isStatic() ? 0 : 1;
NameAndType nat = m.getNameAndType();
Signature signature = nat.getDescriptor();
for (int variableIndex = 0, lvtIndex = offset;
variableIndex < signature.size();
lvtIndex += signature.getTypeOfArg(variableIndex++).getSlots())
{
List<? extends Instruction> lv = m.findLVTInstructionsForVariable(lvtIndex);
if (lv == null)
continue;
// XXX instead of checking if the lvt index is never accessed,
// check execution frames and see if it is never read prior to being
// written to, and if so, then remove the parameter, but don't re index
// the lvt table.
if (!lv.isEmpty())
continue;
if (!m.getOverriddenMethods().isEmpty())
{
++overrides;
continue;
}
Signature newSig = new Signature(m.getDescriptor());
newSig.remove(variableIndex);
Method otherMethod = cf.getMethods().findMethod(new NameAndType(m.getName(), newSig));
if (otherMethod != null)
{
// sometimes removing an unused parameter will cause a signature collision with another function,
// just ignore it atm (there seems to be very few)
++collide;
continue;
}
m.removeParameter(execution, variableIndex, lvtIndex);
++count;
break;
}
}
}
return new int[] { count, collide, overrides };
}
private static void checkParameters(Execution execution, ClassGroup group)
{
int count = 0;
int collide = 0;
int override = 0;
int[] i;
do
{
i = checkParametersOnce(execution, group);
count += i[0];
collide = i[1]; // the next pass may be able to reduce the collisions
override = i[2];
}
while (i[0] > 0);
System.out.println("Removed " + count + " unused parameters, unable to remove " + collide + " because of signature collisions and " + override + " due to overriding");
}
} }

7
src/main/java/info/sigterm/deob/Method.java
View File

@@ -31,8 +31,8 @@ public class Method
private String name; private String name;
private Signature arguments; private Signature arguments;
private Attributes attributes; private Attributes attributes;
private List<Node> callsTo = new ArrayList<>(), List<Node> callsTo = new ArrayList<>();
callsFrom = new ArrayList<>(); List<Node> callsFrom = new ArrayList<>();
Method(Methods methods) throws IOException Method(Methods methods) throws IOException
{ {
@@ -62,7 +62,7 @@ public class Method
assert callsFrom.isEmpty(); assert callsFrom.isEmpty();
} }
protected void removeParameter(Execution execution, int paramIndex, int lvtIndex) public void removeParameter(Execution execution, int paramIndex, int lvtIndex)
{ {
Set<Instruction> done = new HashSet<>(); Set<Instruction> done = new HashSet<>();
for (Node n : callsFrom) for (Node n : callsFrom)
@@ -197,6 +197,7 @@ public class Method
public void addCallTo(Instruction ins, Method method) public void addCallTo(Instruction ins, Method method)
{ {
assert method != null;
Node node = new Node(this, method, ins); Node node = new Node(this, method, ins);
callsTo.add(node); callsTo.add(node);
method.callsFrom.add(node); method.callsFrom.add(node);

107
src/main/java/info/sigterm/deob/deobfuscators/Jumps.java Normal file
View File

@@ -0,0 +1,107 @@
package info.sigterm.deob.deobfuscators;
import info.sigterm.deob.ClassFile;
import info.sigterm.deob.ClassGroup;
import info.sigterm.deob.Method;
import info.sigterm.deob.attributes.code.Block;
import info.sigterm.deob.attributes.code.Instruction;
import info.sigterm.deob.attributes.code.Instructions;
import info.sigterm.deob.attributes.code.instructions.Goto;
import info.sigterm.deob.attributes.code.instructions.GotoW;
import java.util.ArrayList;
import java.util.List;
public class Jumps
{
private int checkBlockGraphOnce(ClassGroup group)
{
int count = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : new ArrayList<>(cf.getMethods().getMethods()))
{
if (m.getCode() == null)
continue;
Instructions ins = m.getCode().getInstructions();
ins.buildBlocks();
ins.buildJumpGraph();
List<Block> blocks = ins.getBlocks();
for (int i = 0; i < blocks.size(); ++i)
{
Block block = blocks.get(i);
Block prev = i > 0 ? blocks.get(i - 1) : null;
// only one thing jumps here
if (block.begin.from.size() == 1 && prev != null && prev.end.isTerminal())
{
Instruction from = block.begin.from.get(0); // this instruction jumps to block
if (from.block == block)
continue;
if (from instanceof Goto || from instanceof GotoW)
{
++count;
List<Instruction> ilist = ins.getInstructions();
// remove instructions
for (Instruction in : block.instructions)
ilist.remove(in);
int index = ilist.indexOf(from);
assert from.block != block;
from.block = null;
// move instructions which jump here to jump to block.begin
for (Instruction in : from.from)
{
assert in.jump.contains(from);
assert !in.jump.contains(block.begin);
in.jump.remove(from);
in.jump.add(block.begin);
block.begin.from.add(in);
}
from.from.clear();
// .replace ins
for (Instruction in : ilist)
in.replace(from, block.begin);
for (info.sigterm.deob.attributes.code.Exception e : m.getCode().getExceptions().getExceptions())
e.replace(from, block.begin);
ins.remove(from); // remove jump
// insert instructions from block where jump was
for (Instruction in : block.instructions)
ilist.add(index++, in);
}
}
}
}
}
return count;
}
public void run(ClassGroup g)
{
int count = 0;
int passes = 0;
int i;
do
{
i = checkBlockGraphOnce(g);
count += i;
++passes;
}
while (i > 0);
System.out.println("Inlined " + count + " jumps in " + passes + " passes");
}
}

35
src/main/java/info/sigterm/deob/deobfuscators/RuntimeExceptions.java Normal file
View File

@@ -0,0 +1,35 @@
package info.sigterm.deob.deobfuscators;
import info.sigterm.deob.ClassFile;
import info.sigterm.deob.ClassGroup;
import info.sigterm.deob.Method;
import info.sigterm.deob.attributes.Code;
import java.util.ArrayList;
public class RuntimeExceptions
{
public void run(ClassGroup group)
{
int i = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : new ArrayList<>(cf.getMethods().getMethods()))
{
Code c = m.getCode();
if (c == null)
continue;
for (info.sigterm.deob.attributes.code.Exception e : new ArrayList<>(c.getExceptions().getExceptions()))
{
if (e.getCatchType() != null && e.getCatchType().getName().equals("java/lang/RuntimeException"))
{
c.getExceptions().remove(e);
++i;
}
}
}
}
System.out.println("Removed " + i + " exception handlers");
}
}

43
src/main/java/info/sigterm/deob/deobfuscators/UnusedBlocks.java Normal file
View File

@@ -0,0 +1,43 @@
package info.sigterm.deob.deobfuscators;
import info.sigterm.deob.ClassFile;
import info.sigterm.deob.ClassGroup;
import info.sigterm.deob.Method;
import info.sigterm.deob.attributes.code.Block;
import info.sigterm.deob.attributes.code.Instructions;
import java.util.ArrayList;
public class UnusedBlocks
{
public void run(ClassGroup group)
{
int i = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : new ArrayList<>(cf.getMethods().getMethods()))
{
if (m.getCode() == null)
continue;
Instructions ins = m.getCode().getInstructions();
ins.buildBlocks();
int count = 0;
for (Block b : new ArrayList<>(ins.getBlocks()))
{
// first block is the entrypoint, so its always used
if (count++ == 0)
continue;
if (b.begin.from.isEmpty() && b.begin.exce.isEmpty())
{
ins.remove(b);
++i;
}
}
}
}
System.out.println("Removed " + i + " unused blocks");
}
}

34
src/main/java/info/sigterm/deob/deobfuscators/UnusedMethods.java Normal file
View File

@@ -0,0 +1,34 @@
package info.sigterm.deob.deobfuscators;
import info.sigterm.deob.ClassFile;
import info.sigterm.deob.ClassGroup;
import info.sigterm.deob.Method;
import java.util.ArrayList;
public class UnusedMethods
{
public void run(ClassGroup group)
{
group.buildCallGraph();
int i = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : new ArrayList<>(cf.getMethods().getMethods()))
{
/* assume obfuscated names are <= 2 chars */
if (m.getName().length() > 2)
continue;
if (!m.isUsed())
{
cf.getMethods().removeMethod(m);
++i;
}
}
}
System.out.println("Removed " + i + " methods");
}
}

96
src/main/java/info/sigterm/deob/deobfuscators/UnusedParameters.java Normal file
View File

@@ -0,0 +1,96 @@
package info.sigterm.deob.deobfuscators;
import info.sigterm.deob.ClassFile;
import info.sigterm.deob.ClassGroup;
import info.sigterm.deob.Method;
import info.sigterm.deob.attributes.code.Instruction;
import info.sigterm.deob.execution.Execution;
import info.sigterm.deob.pool.NameAndType;
import info.sigterm.deob.signature.Signature;
import java.util.List;
public class UnusedParameters
{
private int[] checkParametersOnce(Execution execution, ClassGroup group)
{
// removing parameters shifts the others around which is annoying.
// if more than one is unused, we'll just remove the one
// and do the others on another pass
int count = 0;
int collide = 0;
int overrides = 0;
for (ClassFile cf : group.getClasses())
{
for (Method m : cf.getMethods().getMethods())
{
int offset = m.isStatic() ? 0 : 1;
NameAndType nat = m.getNameAndType();
Signature signature = nat.getDescriptor();
for (int variableIndex = 0, lvtIndex = offset;
variableIndex < signature.size();
lvtIndex += signature.getTypeOfArg(variableIndex++).getSlots())
{
List<? extends Instruction> lv = m.findLVTInstructionsForVariable(lvtIndex);
if (lv == null)
continue;
// XXX instead of checking if the lvt index is never accessed,
// check execution frames and see if it is never read prior to being
// written to, and if so, then remove the parameter, but don't re index
// the lvt table.
if (!lv.isEmpty())
continue;
if (!m.getOverriddenMethods().isEmpty())
{
++overrides;
continue;
}
Signature newSig = new Signature(m.getDescriptor());
newSig.remove(variableIndex);
Method otherMethod = cf.getMethods().findMethod(new NameAndType(m.getName(), newSig));
if (otherMethod != null)
{
// sometimes removing an unused parameter will cause a signature collision with another function,
// just ignore it atm (there seems to be very few)
++collide;
continue;
}
m.removeParameter(execution, variableIndex, lvtIndex);
++count;
break;
}
}
}
return new int[] { count, collide, overrides };
}
public void run(ClassGroup group)
{
Execution execution = new Execution(group);
execution.run();
int count = 0;
int collide = 0;
int override = 0;
int[] i;
do
{
i = checkParametersOnce(execution, group);
count += i[0];
collide = i[1]; // the next pass may be able to reduce the collisions
override = i[2];
}
while (i[0] > 0);
System.out.println("Removed " + count + " unused parameters, unable to remove " + collide + " because of signature collisions and " + override + " due to overriding");
}
}

22
src/main/java/info/sigterm/deob/execution/Execution.java
View File

@@ -1,6 +1,9 @@
package info.sigterm.deob.execution; package info.sigterm.deob.execution;
import info.sigterm.deob.ClassFile;
import info.sigterm.deob.ClassGroup; import info.sigterm.deob.ClassGroup;
import info.sigterm.deob.Method;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@@ -15,7 +18,24 @@ public class Execution
this.group = group; this.group = group;
} }
public int run() public void run()
{
int count = 0, fcount = 0;
for (ClassFile cf : group.getClasses())
for (Method method : cf.getMethods().getMethods())
{
if (method.getCode() == null)
continue;
Frame f = new Frame(this, method);
frames.add(f);
fcount += this.runFrames();
++count;
}
System.out.println("Processed " + count + " methods and " + fcount + " paths");
}
private int runFrames()
{ {
int fcount = 0; int fcount = 0;