ra/runelite
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Working on doing arith deob during exec

Browse Source
This commit is contained in:
Adam
2015-08-23 18:22:51 -04:00
parent 32cbb0f805
commit 7ac2b0e977
6 changed files with 135 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/net/runelite/deob/attributes/code/instructions/GetField.java
View File

@@ -53,7 +53,7 @@ public class GetField extends Instruction implements GetFieldInstruction
Encryption encryption = frame.getExecution().getEncryption(); Encryption encryption = frame.getExecution().getEncryption();
net.runelite.deob.Field f = getMyField(); net.runelite.deob.Field f = getMyField();
if (f != null) if (encryption != null && f != null)
{ {
Pair pair = encryption.getField(f); Pair pair = encryption.getField(f);
if (pair != null) if (pair != null)

39
src/main/java/net/runelite/deob/attributes/code/instructions/IMul.java
View File

@@ -3,6 +3,10 @@ package net.runelite.deob.attributes.code.instructions;
import net.runelite.deob.attributes.code.Instruction; import net.runelite.deob.attributes.code.Instruction;
import net.runelite.deob.attributes.code.InstructionType; import net.runelite.deob.attributes.code.InstructionType;
import net.runelite.deob.attributes.code.Instructions; import net.runelite.deob.attributes.code.Instructions;
import net.runelite.deob.attributes.code.instruction.types.PushConstantInstruction;
import net.runelite.deob.deobfuscators.arithmetic.DMath;
import net.runelite.deob.deobfuscators.arithmetic.Encryption;
import net.runelite.deob.execution.Execution;
import net.runelite.deob.execution.Frame; import net.runelite.deob.execution.Frame;
import net.runelite.deob.execution.InstructionContext; import net.runelite.deob.execution.InstructionContext;
import net.runelite.deob.execution.Stack; import net.runelite.deob.execution.Stack;
@@ -26,6 +30,41 @@ public class IMul extends Instruction
ins.pop(one, two); ins.pop(one, two);
Encryption encryption = frame.getExecution().getEncryption();
if (encryption != null)
{
if (one.encryption != 0)
{
assert two.encryption == 0;
PushConstantInstruction pci = (PushConstantInstruction) two.getPushed().getInstruction();
int other = (int) pci.getConstant().getObject();
// 'one' is encrypted and we want to decrypt it by dividing by one.encryption
int o = other * DMath.modInverse(one.encryption);
System.out.println(other + " -> " + o);
encryption.change(pci, o);
// if (one.encryption == other)
// {
// System.out.println("decrr");
// }
}
else if (two.encryption != 0)
{
PushConstantInstruction pci = (PushConstantInstruction) one.getPushed().getInstruction();
int other = (int) pci.getConstant().getObject();
int o = other * DMath.modInverse(two.encryption);
System.out.println(other + " -> " + o);
encryption.change(pci, o);
}
}
StackContext ctx = new StackContext(ins, int.class); StackContext ctx = new StackContext(ins, int.class);
stack.push(ctx); stack.push(ctx);

61
src/main/java/net/runelite/deob/attributes/code/instructions/PutStatic.java
View File

@@ -16,6 +16,10 @@ import net.runelite.deob.pool.NameAndType;
import java.io.DataInputStream; import java.io.DataInputStream;
import java.io.DataOutputStream; import java.io.DataOutputStream;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import net.runelite.deob.attributes.code.instruction.types.PushConstantInstruction;
import net.runelite.deob.deobfuscators.arithmetic.Encryption;
import net.runelite.deob.deobfuscators.arithmetic.Pair;
public class PutStatic extends Instruction implements SetFieldInstruction public class PutStatic extends Instruction implements SetFieldInstruction
{ {
@@ -46,6 +50,63 @@ public class PutStatic extends Instruction implements SetFieldInstruction
StackContext object = stack.pop(); StackContext object = stack.pop();
ins.pop(object); ins.pop(object);
Encryption encryption = frame.getExecution().getEncryption();
net.runelite.deob.Field myField = getMyField();
if (encryption != null && myField != null)
{
Pair pair = encryption.getField(myField);
InstructionContext ctx = object.getPushed();
if (ctx.getInstruction() instanceof ISub)
{
List<StackContext> stackCtx = ctx.getPops();
StackContext one = stackCtx.get(0), two = stackCtx.get(1);
if (one.getPushed().getInstruction() instanceof IMul)
{
ctx = one.getPushed();
}
else if (two.getPushed().getInstruction() instanceof IMul)
{
ctx = two.getPushed();
}
}
if (ctx.getInstruction() instanceof IMul && pair != null)
{
List<StackContext> stackCtx = ctx.getPops();
StackContext one = stackCtx.get(0), two = stackCtx.get(1);
if (one.getPushed().getInstruction() instanceof PushConstantInstruction)
{
PushConstantInstruction pci = (PushConstantInstruction) one.getPushed().getInstruction();
int value = (int) pci.getConstant().getObject();
// field is encrypted with pair
// divide value by setter
value = value * pair.getter;
encryption.change(pci, value);
}
else if (two.getPushed().getInstruction() instanceof PushConstantInstruction)
{
PushConstantInstruction pci = (PushConstantInstruction) two.getPushed().getInstruction();
int value = (int) pci.getConstant().getObject();
// field is encrypted with pair
// divide value by setter
value = value * pair.getter;
encryption.change(pci, value);
}
else
assert false;
}
}
frame.addInstructionContext(ins); frame.addInstructionContext(ins);
} }

20
src/main/java/net/runelite/deob/deobfuscators/arithmetic/Encryption.java
View File

@@ -2,11 +2,14 @@ package net.runelite.deob.deobfuscators.arithmetic;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Map.Entry;
import net.runelite.deob.Field; import net.runelite.deob.Field;
import net.runelite.deob.attributes.code.instruction.types.PushConstantInstruction;
public class Encryption public class Encryption
{ {
private Map<Field, Pair> fields = new HashMap<>(); private Map<Field, Pair> fields = new HashMap<>();
private Map<PushConstantInstruction, Integer> changes = new HashMap<>();
public Pair getField(Field field) public Pair getField(Field field)
{ {
@@ -22,4 +25,21 @@ public class Encryption
return null; return null;
//return fields.get(field); //return fields.get(field);
} }
public void change(PushConstantInstruction pci, int value)
{
assert !changes.containsKey(pci) || changes.get(pci) == value;
changes.put(pci, value);
}
public void doChange()
{
for (Entry<PushConstantInstruction, Integer> e : changes.entrySet())
{
PushConstantInstruction pci = e.getKey();
int value = e.getValue();
pci.setConstant(new net.runelite.deob.pool.Integer(value));
}
}
} }

12
src/main/java/net/runelite/deob/deobfuscators/arithmetic/ModArith.java
View File

@@ -178,12 +178,18 @@ public class ModArith implements Deobfuscator
execution = new Execution(group); execution = new Execution(group);
execution.populateInitialMethods(); execution.populateInitialMethods();
Encryption encr = new Encryption();
execution.setEncryption(encr);
execution.run(); execution.run();
findUses(); encr.doChange();
Field f = group.findClass("class41").findField("field1170"); // findUses();
calculate(f); //
// Field f = group.findClass("class41").findField("field1170");
// calculate(f);
} }
} }

5
src/main/java/net/runelite/deob/execution/Execution.java
View File

@@ -34,6 +34,11 @@ public class Execution
return encryption; return encryption;
} }
public void setEncryption(Encryption encryption)
{
this.encryption = encryption;
}
public void populateInitialMethods() public void populateInitialMethods()
{ {
for (ClassFile cf : group.getClasses()) for (ClassFile cf : group.getClasses())