Update ZKM, Stringer, DeadCodeRemover

Author: samczsun

src/main/java/com/javadeobfuscator/deobfuscator/transformers/Transformer.java

@@ -22,13 +22,13 @@
 import com.javadeobfuscator.deobfuscator.Deobfuscator;
 import com.javadeobfuscator.deobfuscator.config.TransformerConfig;
 import com.javadeobfuscator.deobfuscator.exceptions.*;
-import org.objectweb.asm.ClassReader;
+import org.objectweb.asm.*;
 import org.objectweb.asm.tree.ClassNode;
 import org.objectweb.asm.tree.MethodNode;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-public abstract class Transformer<T extends TransformerConfig> {
+public abstract class Transformer<T extends TransformerConfig> implements Opcodes {
 
     protected Map<String, ClassNode> classes;
     protected Map<String, ClassNode> classpath;

src/main/java/com/javadeobfuscator/deobfuscator/transformers/general/peephole/DeadCodeRemover.java

@@ -16,44 +16,40 @@
 
 package com.javadeobfuscator.deobfuscator.transformers.general.peephole;
 
-import com.javadeobfuscator.deobfuscator.analyzer.MethodAnalyzer;
-import com.javadeobfuscator.deobfuscator.analyzer.frame.Frame;
-import com.javadeobfuscator.deobfuscator.config.TransformerConfig;
-import org.objectweb.asm.tree.AbstractInsnNode;
-import com.javadeobfuscator.deobfuscator.transformers.Transformer;
-import com.javadeobfuscator.deobfuscator.utils.Utils;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.atomic.AtomicInteger;
+import com.javadeobfuscator.deobfuscator.config.*;
+import com.javadeobfuscator.deobfuscator.transformers.*;
+import com.javadeobfuscator.deobfuscator.utils.*;
+import org.objectweb.asm.tree.*;
+import org.objectweb.asm.tree.analysis.*;
 
 public class DeadCodeRemover extends Transformer<TransformerConfig> {
     @Override
     public boolean transform() throws Throwable {
-        AtomicInteger deadInstructions = new AtomicInteger();
-        classNodes().forEach(classNode -> {
-            classNode.methods.stream().filter(methodNode -> methodNode.instructions.getFirst() != null).forEach(methodNode -> {
-                if (methodNode.name.startsWith("DECRYPTOR_METHOD"))
-                    return;
-
-                Map<AbstractInsnNode, List<Frame>> f = MethodAnalyzer.analyze(classNode, methodNode).getFrames();
-                Iterator<AbstractInsnNode> iterator = methodNode.instructions.iterator();
-                while (iterator.hasNext()) {
-                    AbstractInsnNode next = iterator.next();
-                    if (Utils.isInstruction(next) && f.get(next) == null) {
-                        iterator.remove();
-                        deadInstructions.incrementAndGet();
-                    }
+        int deadInstructions = 0;
+        for (ClassNode classNode : classes.values()) {
+            for (MethodNode methodNode : classNode.methods) {
+                if (methodNode.instructions.getFirst() == null) continue;
+
+                InstructionModifier modifier = new InstructionModifier();
+
+                Frame<BasicValue>[] frames = new Analyzer<>(new BasicInterpreter()).analyze(classNode.name, methodNode);
+                for (int i = 0; i < methodNode.instructions.size(); i++) {
+                    if (!Utils.isInstruction(methodNode.instructions.get(i))) continue;
+                    if (frames[i] != null) continue;
+
+                    modifier.remove(methodNode.instructions.get(i));
+                    deadInstructions++;
                 }
 
+                modifier.apply(methodNode);
+
                 // empty try catch nodes are illegal
                 if (methodNode.tryCatchBlocks != null) {
                     methodNode.tryCatchBlocks.removeIf(tryCatchBlockNode -> Utils.getNext(tryCatchBlockNode.start) == Utils.getNext(tryCatchBlockNode.end));
                 }
-            });
-        });
-        System.out.println("Removed " + deadInstructions.get() + " dead instructions");
-        return deadInstructions.get() > 0;
+            }
+        }
+        logger.info("Removed {} dead instructions", deadInstructions);
+        return deadInstructions > 0;
     }
 }

src/main/java/com/javadeobfuscator/deobfuscator/transformers/stringer/InvokedynamicTransformer.java

@@ -73,7 +73,7 @@ private int findInvokeDynamic() {
                     AbstractInsnNode abstractInsnNode = methodNode.instructions.get(i);
                     if (abstractInsnNode instanceof InvokeDynamicInsnNode) {
                         InvokeDynamicInsnNode dyn = (InvokeDynamicInsnNode) abstractInsnNode;
-                        if (dyn.bsmArgs[0] instanceof String) {
+                        if (dyn.bsmArgs.length > 0 && dyn.bsmArgs[0] instanceof String) {
                             total.incrementAndGet();
                         }
                     }

src/main/java/com/javadeobfuscator/deobfuscator/transformers/zelix/string/EnhancedStringEncryptionTransformer.java

@@ -16,33 +16,34 @@
 
 package com.javadeobfuscator.deobfuscator.transformers.zelix.string;
 
+import com.fasterxml.jackson.annotation.*;
+import com.google.common.base.*;
 import com.javadeobfuscator.deobfuscator.config.*;
 import com.javadeobfuscator.deobfuscator.exceptions.*;
-import com.javadeobfuscator.deobfuscator.executor.values.*;
 import com.javadeobfuscator.deobfuscator.matcher.*;
 import com.javadeobfuscator.deobfuscator.transformers.*;
 import com.javadeobfuscator.deobfuscator.utils.*;
 import com.javadeobfuscator.javavm.*;
 import com.javadeobfuscator.javavm.exceptions.*;
 import com.javadeobfuscator.javavm.mirrors.*;
 import com.javadeobfuscator.javavm.values.*;
-import com.javadeobfuscator.javavm.values.JavaArray;
 import org.objectweb.asm.*;
 import org.objectweb.asm.tree.*;
 import org.objectweb.asm.tree.analysis.*;
 import org.objectweb.asm.tree.analysis.Frame;
 
 import java.util.*;
-import java.util.stream.*;
+import java.util.function.Supplier;
 
 /**
  * This is a transformer for the enhanced version of Zelix string encryption
  */
-public class EnhancedStringEncryptionTransformer extends Transformer<TransformerConfig> implements Opcodes {
+@TransformerConfig.ConfigOptions(configClass = EnhancedStringEncryptionTransformer.Config.class)
+public class EnhancedStringEncryptionTransformer extends Transformer<EnhancedStringEncryptionTransformer.Config> implements Opcodes {
     private static final InstructionPattern DECRYPT_PATTERN = new InstructionPattern(
             new LoadIntStep(),
             new LoadIntStep(),
-            new InvocationStep(INVOKESTATIC, null, null, "(II)Ljava/lang/String;", false)
+            new CapturingStep(new InvocationStep(INVOKESTATIC, null, null, "(II)Ljava/lang/String;", false), "invoke")
     );
 
     @Override
@@ -54,25 +55,74 @@ public boolean transform() throws Throwable, WrongTransformerException {
             try {
                 vm.initialize(JavaClass.forName(vm, classNode.name));
             } catch (VMException e) {
+                JavaClass.forName(vm, classNode.name).setInitializationState(JavaClass.InitializationState.INITIALIZED, null); // of course we initialized it
                 logger.debug("Exception while initializing {}, should be fine", classNode.name);
                 logger.debug(vm.exceptionToString(e));
             } catch (Throwable e) {
+                JavaClass.forName(vm, classNode.name).setInitializationState(JavaClass.InitializationState.INITIALIZED, null); // of course we initialized it
                 logger.debug("(Severe) Exception while initializing {}, should be fine", classNode.name, e);
             }
+
             for (MethodNode methodNode : new ArrayList<>(classNode.methods)) {
                 InstructionModifier modifier = new InstructionModifier();
 
+                // If we want the slow version, memoize the analysis
+                Supplier<Frame<SourceValue>[]> framesSupplier = Suppliers.memoize(() -> {
+                    try {
+                        return new Analyzer<>(new SourceInterpreter()).analyze(classNode.name, methodNode);
+                    } catch (AnalyzerException e) {
+                        oops("unexpected analyzer exception", e);
+                        return null;
+                    }
+                })::get;
+
                 for (AbstractInsnNode insnNode : TransformerHelper.instructionIterator(methodNode)) {
-                    InstructionMatcher matcher = DECRYPT_PATTERN.matcher(insnNode);
-                    if (!matcher.find()) continue;
+                    AbstractInsnNode invocation;
+                    MethodNode decryptNode;
+
+                    if (!getConfig().isSlowlyDetermineMagicNumbers()) {
+                        InstructionMatcher matcher = DECRYPT_PATTERN.matcher(insnNode);
+                        if (!matcher.find()) continue;
+
+                        decryptNode = new MethodNode(ASM6, ACC_PUBLIC | ACC_STATIC, "Decryptor", "()Ljava/lang/String;", null, null);
+                        InsnList decryptInsns = new InsnList();
+                        for (AbstractInsnNode matched : matcher.getCapturedInstructions("all")) {
+                            decryptInsns.add(matched.clone(null));
+                        }
+                        decryptInsns.add(new InsnNode(ARETURN));
+                        decryptNode.instructions = decryptInsns;
+                        invocation = matcher.getCapturedInstruction("invoke");
+                    } else {
+                        if (insnNode.getOpcode() != INVOKESTATIC) continue;
+
+                        MethodInsnNode methodInsnNode = (MethodInsnNode) insnNode;
+                        if (!methodInsnNode.desc.equals("(II)Ljava/lang/String;")) continue;
+
+                        Frame<SourceValue>[] frames = framesSupplier.get();
+                        if (frames == null) continue;
+
+                        Frame<SourceValue> frame = frames[methodNode.instructions.indexOf(insnNode)];
+                        if (frame == null) continue;
+
+                        SourceValue cst1 = frame.getStack(frame.getStackSize() - 2);
+                        SourceValue cst2 = frame.getStack(frame.getStackSize() - 1);
+                        if (cst1.insns.size() != 1) continue;
+                        if (cst2.insns.size() != 1) continue;
 
-                    MethodNode decryptNode = new MethodNode(ASM6, ACC_PUBLIC | ACC_STATIC, "Decryptor", "()Ljava/lang/String;", null, null);
-                    InsnList decryptInsns = new InsnList();
-                    for (AbstractInsnNode matched : matcher.getCapturedInstructions("all")) {
-                        decryptInsns.add(matched.clone(null));
+                        AbstractInsnNode insn1 = cst1.insns.iterator().next();
+                        AbstractInsnNode insn2 = cst2.insns.iterator().next();
+                        if (insn1.getOpcode() != SIPUSH) continue;
+                        if (insn2.getOpcode() != SIPUSH) continue;
+
+                        decryptNode = new MethodNode(ASM6, ACC_PUBLIC | ACC_STATIC, "Decryptor", "()Ljava/lang/String;", null, null);
+                        InsnList decryptInsns = new InsnList();
+                        decryptInsns.add(insn1.clone(null));
+                        decryptInsns.add(insn2.clone(null));
+                        decryptInsns.add(methodInsnNode.clone(null));
+                        decryptInsns.add(new InsnNode(ARETURN));
+                        decryptNode.instructions = decryptInsns;
+                        invocation = methodInsnNode;
                     }
-                    decryptInsns.add(new InsnNode(ARETURN));
-                    decryptNode.instructions = decryptInsns;
 
                     JavaWrapper result;
 
@@ -95,8 +145,7 @@ public boolean transform() throws Throwable, WrongTransformerException {
                     String decrypted = vm.convertJavaObjectToString(result);
                     logger.info("Decrypted string in {} {}{}: {}", classNode.name, methodNode.name, methodNode.desc, decrypted);
 
-                    modifier.removeAll(matcher.getCapturedInstructions("all"));
-                    modifier.replace(matcher.getCapturedInstructions("all").get(0), new LdcInsnNode(decrypted));
+                    modifier.replace(invocation, new InsnNode(POP2), new LdcInsnNode(decrypted));
                 }
 
                 modifier.apply(methodNode);
@@ -106,4 +155,22 @@ public boolean transform() throws Throwable, WrongTransformerException {
         vm.shutdown();
         return false;
     }
+
+    public static class Config extends TransformerConfig {
+
+        @JsonProperty("slowly-determine-magic-numbers")
+        private boolean slowlyDetermineMagicNumbers;
+
+        public Config() {
+            super(EnhancedStringEncryptionTransformer.class);
+        }
+
+        public boolean isSlowlyDetermineMagicNumbers() {
+            return slowlyDetermineMagicNumbers;
+        }
+
+        public void setSlowlyDetermineMagicNumbers(boolean slowlyDetermineMagicNumbers) {
+            this.slowlyDetermineMagicNumbers = slowlyDetermineMagicNumbers;
+        }
+    }
 }

src/main/java/com/javadeobfuscator/deobfuscator/utils/InstructionModifier.java

@@ -16,9 +16,7 @@
 
 package com.javadeobfuscator.deobfuscator.utils;
 
-import org.objectweb.asm.tree.AbstractInsnNode;
-import org.objectweb.asm.tree.InsnList;
-import org.objectweb.asm.tree.MethodNode;
+import org.objectweb.asm.tree.*;
 
 import java.util.Collections;
 import java.util.HashMap;
@@ -42,9 +40,11 @@ public void prepend(AbstractInsnNode original, InsnList append) {
         prepends.put(original, append);
     }
 
-    public void replace(AbstractInsnNode original, AbstractInsnNode replacement) {
+    public void replace(AbstractInsnNode original, AbstractInsnNode... insns) {
         InsnList singleton = new InsnList();
-        singleton.add(replacement);
+        for (AbstractInsnNode replacement : insns) {
+            singleton.add(replacement);
+        }
         replacements.put(original, singleton);
     }