try-catch attempted method desc interpretation in rules, improve superblaubeere obfuscation detection message

Janmm14 · ItzSomebody · commit 2b8949dc5dac · 2022-07-07T23:57:49.000-07:00
diff --git a/src/main/java/com/javadeobfuscator/deobfuscator/rules/dasho/RuleStringDecryptor.java b/src/main/java/com/javadeobfuscator/deobfuscator/rules/dasho/RuleStringDecryptor.java
@@ -39,7 +39,16 @@ public String test(Deobfuscator deobfuscator) {
             for (MethodNode methodNode : classNode.methods) {
                 boolean isDashO = true;
 
-                Type[] argTypes = Type.getArgumentTypes(methodNode.desc);
+                Type[] argTypes;
+                try {
+                    argTypes = Type.getArgumentTypes(methodNode.desc);
+                } catch (IllegalArgumentException ex) {
+                    if (deobfuscator.getConfig().isDebugRulesAnalyzer()) {
+                        String message = "Encountered illegal method desc at " + classNode.name + " " + methodNode.name + methodNode.desc;
+                        new IllegalArgumentException(message, ex).printStackTrace();
+                    }
+                    continue;
+                }
 
                 isDashO = isDashO && TransformerHelper.hasArgumentTypes(argTypes, Type.INT_TYPE, Type.getObjectType("java/lang/String"));
                 isDashO = isDashO && TransformerHelper.containsInvokeVirtual(methodNode, "java/lang/String", "toCharArray", "()[C");
diff --git a/src/main/java/com/javadeobfuscator/deobfuscator/rules/special/RuleSuperblaubeereObfuscation.java b/src/main/java/com/javadeobfuscator/deobfuscator/rules/special/RuleSuperblaubeereObfuscation.java
@@ -2,7 +2,9 @@
 
 import java.util.Collection;
 import java.util.Collections;
+import java.util.EnumSet;
 
+import com.google.common.base.Joiner;
 import com.javadeobfuscator.deobfuscator.Deobfuscator;
 import com.javadeobfuscator.deobfuscator.rules.Rule;
 import com.javadeobfuscator.deobfuscator.transformers.Transformer;
@@ -18,12 +20,31 @@
 
 public class RuleSuperblaubeereObfuscation implements Rule {
 
+	private static final Joiner COMMA_JOINER = Joiner.on(", ");
+
 	@Override
 	public String getDescription() {
 		return "Superblaubeere obfuscator uses a variety of methods. It can obfuscate numbers, add redundant ifs, encrypt strings, pool numbers & strings into an " +
 			   "array per class and obfuscate method calls with invokedynamic instructions.";
 	}
 
+	private enum Detection {
+		NUMBER_POOL("number pool"),
+		STRING_ENC("string encryption"),
+		STRING_POOL("string pool"),
+		INVOKEDYN("invokedynamic");
+		private final String msg;
+
+		Detection(String msg) {
+			this.msg = msg;
+		}
+
+		@Override
+		public String toString() {
+			return msg;
+		}
+	}
+
 	@Override
 	public String test(Deobfuscator deobfuscator) {
 		for (ClassNode classNode : deobfuscator.getClasses().values()) {
@@ -35,6 +56,7 @@ public String test(Deobfuscator deobfuscator) {
 			if (first == null) {
 				continue;
 			}
+			EnumSet<Detection> detections = EnumSet.noneOf(Detection.class);
 			// Number pool
 			numberPool:
 			{
@@ -57,7 +79,8 @@ public String test(Deobfuscator deobfuscator) {
 				for (MethodNode method : classNode.methods) {
 					for (AbstractInsnNode ain : method.instructions.toArray()) {
 						if (TransformerHelper.isGetStatic(ain, classNode.name, field.name, field.desc) && Utils.isInteger(ain.getNext())) {
-							return "Found potential number pool in class " + classNode.name;
+							detections.add(Detection.NUMBER_POOL);
+							break numberPool;
 						}
 					}
 				}
@@ -87,7 +110,8 @@ public String test(Deobfuscator deobfuscator) {
 				for (MethodNode method : classNode.methods) {
 					for (AbstractInsnNode ain : method.instructions.toArray()) {
 						if (TransformerHelper.isGetStatic(ain, classNode.name, field.name, field.desc) && Utils.isInteger(ain.getNext())) {
-							return "Found potential string encryption in class " + classNode.name;
+							detections.add(Detection.STRING_ENC);
+							break stringEncrypt;
 						}
 					}
 				}
@@ -130,7 +154,8 @@ public String test(Deobfuscator deobfuscator) {
 				for (MethodNode method : classNode.methods) {
 					for (AbstractInsnNode ain : method.instructions.toArray()) {
 						if (TransformerHelper.isGetStatic(ain, classNode.name, field.name, field.desc) && Utils.isInteger(ain.getNext())) {
-							return "Found potential string pool in class " + classNode.name;
+							detections.add(Detection.STRING_POOL);
+							break stringPool;
 						}
 					}
 				}
@@ -174,10 +199,14 @@ public String test(Deobfuscator deobfuscator) {
 				for (MethodNode method : classNode.methods) {
 					for (AbstractInsnNode ain : method.instructions.toArray()) {
 						if (TransformerHelper.isInvokeDynamic(ain, null, null, classNode.name, bootstrap.name, bootstrap.desc, 0)) {
-							return "Found potential invokedynamic obfuscation in class " + classNode.name;
+							detections.add(Detection.INVOKEDYN);
+							break invokedyn;
 						}
 					}
 				}
+				if (!detections.isEmpty()) {
+					return "Found potential " + COMMA_JOINER.join(detections) + " in class " + classNode.name;
+				}
 			}
 		}
 		return null;
diff --git a/src/main/java/com/javadeobfuscator/deobfuscator/rules/stringer/RuleStringDecryptorV3.java b/src/main/java/com/javadeobfuscator/deobfuscator/rules/stringer/RuleStringDecryptorV3.java
@@ -36,8 +36,18 @@ public String getDescription() {
     public String test(Deobfuscator deobfuscator) {
         for (ClassNode classNode : deobfuscator.getClasses().values()) {
             for (MethodNode methodNode : classNode.methods) {
-                if (!TransformerHelper.basicType(methodNode.desc).equals("(Ljava/lang/Object;III)Ljava/lang/Object;")
-                	|| !Modifier.isStatic(methodNode.access) || methodNode.instructions == null) {
+                String basicType;
+                try {
+                    basicType = TransformerHelper.basicType(methodNode.desc);
+                } catch (IllegalArgumentException ex) {
+                    if (deobfuscator.getConfig().isDebugRulesAnalyzer()) {
+                        String message = "Encountered illegal method desc at " + classNode.name + " " + methodNode.name + methodNode.desc;
+                        new IllegalArgumentException(message, ex).printStackTrace();
+                    }
+                    continue;
+                }
+                if (!basicType.equals("(Ljava/lang/Object;III)Ljava/lang/Object;")
+                    || !Modifier.isStatic(methodNode.access) || methodNode.instructions == null) {
                     continue;
                 }
 

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,9 @@`
`2`	`2`
`3`	`3`	`import java.util.Collection;`
`4`	`4`	`import java.util.Collections;`
	`5`	`+import java.util.EnumSet;`
`5`	`6`
	`7`	`+import com.google.common.base.Joiner;`
`6`	`8`	`import com.javadeobfuscator.deobfuscator.Deobfuscator;`
`7`	`9`	`import com.javadeobfuscator.deobfuscator.rules.Rule;`
`8`	`10`	`import com.javadeobfuscator.deobfuscator.transformers.Transformer;`
`@@ -18,12 +20,31 @@`
`18`	`20`
`19`	`21`	`public class RuleSuperblaubeereObfuscation implements Rule {`
`20`	`22`
	`23`	`+ private static final Joiner COMMA_JOINER = Joiner.on(", ");`
	`24`	`+`
`21`	`25`	`@Override`
`22`	`26`	`public String getDescription() {`
`23`	`27`	`return "Superblaubeere obfuscator uses a variety of methods. It can obfuscate numbers, add redundant ifs, encrypt strings, pool numbers & strings into an " +`
`24`	`28`	`"array per class and obfuscate method calls with invokedynamic instructions.";`
`25`	`29`	`}`
`26`	`30`
	`31`	`+ private enum Detection {`
	`32`	`+ NUMBER_POOL("number pool"),`
	`33`	`+ STRING_ENC("string encryption"),`
	`34`	`+ STRING_POOL("string pool"),`
	`35`	`+ INVOKEDYN("invokedynamic");`
	`36`	`+ private final String msg;`
	`37`	`+`
	`38`	`+ Detection(String msg) {`
	`39`	`+ this.msg = msg;`
	`40`	`+ }`
	`41`	`+`
	`42`	`+ @Override`
	`43`	`+ public String toString() {`
	`44`	`+ return msg;`
	`45`	`+ }`
	`46`	`+ }`
	`47`	`+`
`27`	`48`	`@Override`
`28`	`49`	`public String test(Deobfuscator deobfuscator) {`
`29`	`50`	`for (ClassNode classNode : deobfuscator.getClasses().values()) {`
`@@ -35,6 +56,7 @@ public String test(Deobfuscator deobfuscator) {`
`35`	`56`	`if (first == null) {`
`36`	`57`	`continue;`
`37`	`58`	`}`
	`59`	`+ EnumSet<Detection> detections = EnumSet.noneOf(Detection.class);`
`38`	`60`	`// Number pool`
`39`	`61`	`numberPool:`
`40`	`62`	`{`
`@@ -57,7 +79,8 @@ public String test(Deobfuscator deobfuscator) {`
`57`	`79`	`for (MethodNode method : classNode.methods) {`
`58`	`80`	`for (AbstractInsnNode ain : method.instructions.toArray()) {`
`59`	`81`	`if (TransformerHelper.isGetStatic(ain, classNode.name, field.name, field.desc) && Utils.isInteger(ain.getNext())) {`
`60`		`- return "Found potential number pool in class " + classNode.name;`
	`82`	`+ detections.add(Detection.NUMBER_POOL);`
	`83`	`+ break numberPool;`
`61`	`84`	`}`
`62`	`85`	`}`
`63`	`86`	`}`
`@@ -87,7 +110,8 @@ public String test(Deobfuscator deobfuscator) {`
`87`	`110`	`for (MethodNode method : classNode.methods) {`
`88`	`111`	`for (AbstractInsnNode ain : method.instructions.toArray()) {`
`89`	`112`	`if (TransformerHelper.isGetStatic(ain, classNode.name, field.name, field.desc) && Utils.isInteger(ain.getNext())) {`
`90`		`- return "Found potential string encryption in class " + classNode.name;`
	`113`	`+ detections.add(Detection.STRING_ENC);`
	`114`	`+ break stringEncrypt;`
`91`	`115`	`}`
`92`	`116`	`}`
`93`	`117`	`}`
`@@ -130,7 +154,8 @@ public String test(Deobfuscator deobfuscator) {`
`130`	`154`	`for (MethodNode method : classNode.methods) {`
`131`	`155`	`for (AbstractInsnNode ain : method.instructions.toArray()) {`
`132`	`156`	`if (TransformerHelper.isGetStatic(ain, classNode.name, field.name, field.desc) && Utils.isInteger(ain.getNext())) {`
`133`		`- return "Found potential string pool in class " + classNode.name;`
	`157`	`+ detections.add(Detection.STRING_POOL);`
	`158`	`+ break stringPool;`
`134`	`159`	`}`
`135`	`160`	`}`
`136`	`161`	`}`
`@@ -174,10 +199,14 @@ public String test(Deobfuscator deobfuscator) {`
`174`	`199`	`for (MethodNode method : classNode.methods) {`
`175`	`200`	`for (AbstractInsnNode ain : method.instructions.toArray()) {`
`176`	`201`	`if (TransformerHelper.isInvokeDynamic(ain, null, null, classNode.name, bootstrap.name, bootstrap.desc, 0)) {`
`177`		`- return "Found potential invokedynamic obfuscation in class " + classNode.name;`
	`202`	`+ detections.add(Detection.INVOKEDYN);`
	`203`	`+ break invokedyn;`
`178`	`204`	`}`
`179`	`205`	`}`
`180`	`206`	`}`
	`207`	`+ if (!detections.isEmpty()) {`
	`208`	`+ return "Found potential " + COMMA_JOINER.join(detections) + " in class " + classNode.name;`
	`209`	`+ }`
`181`	`210`	`}`
`182`	`211`	`}`
`183`	`212`	`return null;`