search

CalebFenton / simplify

Android virtual machine and deobfuscator
Other
4.41k stars 438 forks source link

Unable to deobfuscate the sample app #146

Open geunhayou66 opened 3 years ago

geunhayou66 commented 3 years ago

Hello. I've applied simplify to the sample app on your github.

Used command is as follow:

And then, I found out obfuscated-app_simple.apk.

After siging obfuscated-app_simple.apk, I tried to install it on Android Virtual Device. AVD environment: Oreo 8.1 on Google Pixel 2XL

However, the deobfuscated sample app didn't work... (The sample app before using simplify works well.) image

So, I checked log data. --------- beginning of main 08-27 05:20:34.451 6074 6074 W zygote : Unexpected CPU variant for X86 using defaults: x86 08-27 05:20:34.530 6074 6074 I zygote : Rejecting re-init on previously-failed class java.lang.Class<org.cf.obfuscated.MainActivity>: java.lang.NoClassDefFoundError: Failed resolution of: Landroid/support/v7/app/AppCompatActivity; 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.VMClassLoader.findLoadedClass(java.lang.ClassLoader, java.lang.String) (VMClassLoader.java:-2) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.ClassLoader.findLoadedClass(java.lang.String) (ClassLoader.java:738) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String, boolean) (ClassLoader.java:363) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String) (ClassLoader.java:312) 08-27 05:20:34.530 6074 6074 I zygote : at android.app.Activity android.app.Instrumentation.newActivity(java.lang.ClassLoader, java.lang.String, android.content.Intent) (Instrumentation.java:1174) 08-27 05:20:34.530 6074 6074 I zygote : at android.app.Activity android.app.ActivityThread.performLaunchActivity(android.app.ActivityThread$ActivityClientRecord, android.content.Intent) (ActivityThread.java:2669) 08-27 05:20:34.530 6074 6074 I zygote : at void android.app.ActivityThread.handleLaunchActivity(android.app.ActivityThread$ActivityClientRecord, android.content.Intent, java.lang.String) (ActivityThread.java:2856) 08-27 05:20:34.530 6074 6074 I zygote : at void android.app.ActivityThread.-wrap11(android.app.ActivityThread, android.app.ActivityThread$ActivityClientRecord, android.content.Intent, java.lang.String) (ActivityThread.java:-1) 08-27 05:20:34.530 6074 6074 I zygote : at void android.app.ActivityThread$H.handleMessage(android.os.Message) (ActivityThread.java:1589) 08-27 05:20:34.530 6074 6074 I zygote : at void android.os.Handler.dispatchMessage(android.os.Message) (Handler.java:106) 08-27 05:20:34.530 6074 6074 I zygote : at void android.os.Looper.loop() (Looper.java:164) 08-27 05:20:34.530 6074 6074 I zygote : at void android.app.ActivityThread.main(java.lang.String[]) (ActivityThread.java:6494) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Object java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (Method.java:-2) 08-27 05:20:34.530 6074 6074 I zygote : at void com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run() (RuntimeInit.java:438) 08-27 05:20:34.530 6074 6074 I zygote : at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:807) 08-27 05:20:34.530 6074 6074 I zygote : Caused by: java.lang.ClassNotFoundException: Didn't find class "android.support.v7.app.AppCompatActivity" on path: DexPathList[[zip file "/data/app/org.cf.obfuscated-GWtxi5sJZmV_zOOYsQ-lsw==/base.apk"],nativeLibraryDirectories=[/data/app/org.cf.obfuscated-GWtxi5sJZmV_zOOYsQ-lsw==/lib/x86, /system/lib, /vendor/lib]] 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class dalvik.system.BaseDexClassLoader.findClass(java.lang.String) (BaseDexClassLoader.java:125) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String, boolean) (ClassLoader.java:379) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String) (ClassLoader.java:312) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.VMClassLoader.findLoadedClass(java.lang.ClassLoader, java.lang.String) (VMClassLoader.java:-2) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.ClassLoader.findLoadedClass(java.lang.String) (ClassLoader.java:738) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String, boolean) (ClassLoader.java:363) 08-27 05:20:34.530 6074 6074 I zygote : at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String) (ClassLoader.java:312) 08-27 05:20:34.530 6074 6074 I zygote : at android.app.Activity android.app.Instrumentation.newActivity(java.lang.ClassLoader, java.lang.String, android.content.Intent) (Instrumentation.java:1174) 08-27 05:20:34.530 6074 6074 I zygote : at android.app.Activity android.app.ActivityThread.performLaunchActivity(android.app.ActivityThread$ActivityClientRecord, android.content.Intent) (ActivityThread.java:2669) 08-27 05:20:34.531 6074 6074 I zygote : at void android.app.ActivityThread.handleLaunchActivity(android.app.ActivityThread$ActivityClientRecord, android.content.Intent, java.lang.String) (ActivityThread.java:2856) 08-27 05:20:34.531 6074 6074 I zygote : at void android.app.ActivityThread.-wrap11(android.app.ActivityThread, android.app.ActivityThread$ActivityClientRecord, android.content.Intent, java.lang.String) (ActivityThread.java:-1) 08-27 05:20:34.531 6074 6074 I zygote : at void android.app.ActivityThread$H.handleMessage(android.os.Message) (ActivityThread.java:1589) 08-27 05:20:34.531 6074 6074 I zygote : at void android.os.Handler.dispatchMessage(android.os.Message) (Handler.java:106) 08-27 05:20:34.531 6074 6074 I zygote : at void android.os.Looper.loop() (Looper.java:164) 08-27 05:20:34.531 6074 6074 I zygote : at void android.app.ActivityThread.main(java.lang.String[]) (ActivityThread.java:6494) 08-27 05:20:34.531 6074 6074 I zygote : at java.lang.Object java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (Method.java:-2) 08-27 05:20:34.531 6074 6074 I zygote : at void com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run() (RuntimeInit.java:438) 08-27 05:20:34.531 6074 6074 I zygote : at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:807) 08-27 05:20:34.531 6074 6074 I zygote : 08-27 05:20:34.531 6074 6074 D AndroidRuntime: Shutting down VM --------- beginning of crash 08-27 05:20:34.531 6074 6074 E AndroidRuntime: FATAL EXCEPTION: main 08-27 05:20:34.531 6074 6074 E AndroidRuntime: Process: org.cf.obfuscated, PID: 6074 08-27 05:20:34.531 6074 6074 E AndroidRuntime: java.lang.RuntimeException: Unable to instantiate activity ComponentInfo{org.cf.obfuscated/org.cf.obfuscated.MainActivity}: java.lang.ClassNotFoundException: Didn't find class "org.cf.obfuscated.MainActivity" on path: DexPathList[[zip file "/data/app/org.cf.obfuscated-GWtxi5sJZmV_zOOYsQ-lsw==/base.apk"],nativeLibraryDirectories=[/data/app/org.cf.obfuscated-GWtxi5sJZmV_zOOYsQ-lsw==/lib/x86, /system/lib, /vendor/lib]] 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2679) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2856) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.app.ActivityThread.-wrap11(Unknown Source:0) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1589) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:106) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.os.Looper.loop(Looper.java:164) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.app.ActivityThread.main(ActivityThread.java:6494) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:807) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: Caused by: java.lang.ClassNotFoundException: Didn't find class "org.cf.obfuscated.MainActivity" on path: DexPathList[[zip file "/data/app/org.cf.obfuscated-GWtxi5sJZmV_zOOYsQ-lsw==/base.apk"],nativeLibraryDirectories=[/data/app/org.cf.obfuscated-GWtxi5sJZmV_zOOYsQ-lsw==/lib/x86, /system/lib, /vendor/lib]] 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:125) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at java.lang.ClassLoader.loadClass(ClassLoader.java:379) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at java.lang.ClassLoader.loadClass(ClassLoader.java:312) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.app.Instrumentation.newActivity(Instrumentation.java:1174) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2669) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: ... 9 more 08-27 05:20:34.531 6074 6074 E AndroidRuntime: Suppressed: java.lang.NoClassDefFoundError: Failed resolution of: Landroid/support/v7/app/AppCompatActivity; 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at java.lang.VMClassLoader.findLoadedClass(Native Method) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at java.lang.ClassLoader.findLoadedClass(ClassLoader.java:738) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at java.lang.ClassLoader.loadClass(ClassLoader.java:363) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: ... 12 more 08-27 05:20:34.531 6074 6074 E AndroidRuntime: Caused by: java.lang.ClassNotFoundException: Didn't find class "android.support.v7.app.AppCompatActivity" on path: DexPathList[[zip file "/data/app/org.cf.obfuscated-GWtxi5sJZmV_zOOYsQ-lsw==/base.apk"],nativeLibraryDirectories=[/data/app/org.cf.obfuscated-GWtxi5sJZmV_zOOYsQ-lsw==/lib/x86, /system/lib, /vendor/lib]] 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:125) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at java.lang.ClassLoader.loadClass(ClassLoader.java:379) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: at java.lang.ClassLoader.loadClass(ClassLoader.java:312) 08-27 05:20:34.531 6074 6074 E AndroidRuntime: ... 15 more

Can you help me? Why the sample app doesn't work?

CalebFenton commented 3 years ago

Thanks for the well written report. I've looked into this, found 20 unrelated problems and fixed them, and diagnosed a telling side-effect of the root problem. Namely, the android.support.v7 classes don't exist in the simplified dex. My guess is that I'm overly aggressively excluding the support library to improve optimization speed (i.e. so you don't have to exclude it specifically every time) and perhaps those classes aren't making it to the final DEX.

Should be a simple fix. An easy work around would be to manually put the classes back in yourself.

The reason I've never noticed this is because I use this for malware analysis and never try and run the simplified sample.