search

CalebFenton / simplify

Android virtual machine and deobfuscator
Other
4.47k stars 441 forks source link

Exceeded execution time issues when optimizing #98

Open enovella opened 6 years ago

enovella commented 6 years ago

Sample:

com.winglungbank.p2p.zip (rename .zip to .apk)

Goals:

Command 1:

$ java -jar simplify/build/libs/simplify.jar -it "MedlJni\;(.*)" 
 /tmp/com.winglungbank.p2p.apk.unpack/classes.dex

Logging 1:

[3088 / 3236] Processing top level class Lcom/gemalto/android/root/internal/MedlJni;
(1 / 3) Executing top level method: Lcom/gemalto/android/root/internal/MedlJni;->a(III)Ljava/lang/String;
15:21:30.939 WARN  ExecutionContext - org.cf.smalivm.MaxExecutionTimeExceededException: Exceeded execution time in Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V
Aborting execution; exception: org.cf.smalivm.MaxAddressVisitsExceededException: Exceeded max address visits @16 ExecutionNode{signature=Lcom/gemalto/android/root/internal/MedlJni;->a(III)Ljava/lang/String;, op=int-to-byte r8, r3, @=16} in Lcom/gemalto/android/root/internal/MedlJni;->a(III)Ljava/lang/String;
Skipping optimization of Lcom/gemalto/android/root/internal/MedlJni;->a(III)Ljava/lang/String;; null execution graph
(2 / 3) Executing top level method: Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V
15:30:15.613 WARN  ExecutionContext - org.cf.smalivm.MaxExecutionTimeExceededException: Exceeded execution time in Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V
Aborting execution; exception: org.cf.smalivm.MaxExecutionTimeExceededException: Exceeded execution time in Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V
Skipping optimization of Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V; null execution graph
[3 / 3] Skipping top level method without implementation: Lcom/gemalto/android/root/internal/MedlJni;->goMedlJni(Ljava/lang/String;Ljava/lang/String;)[B
[3089 / 3236] Processing top level class Lcom/jetco/jetcop2pbankwallet/jetcoactivity/MainActivity$32;

Command 2:

$ java -jar simplify/build/libs/simplify.jar -it "MedlJni\;(.*)"  --max-method-visits 2000000  --max-call-depth 100 --max-address-visits20000 /tmp/com.winglungbank.p2p.apk.unpack/classes.dex

Logging 2:

(1 / 3) Executing top level method: Lcom/gemalto/android/root/internal/MedlJni;->a(III)Ljava/lang/String;
16:30:04.239 WARN  ExecutionContext - org.cf.smalivm.MaxExecutionTimeExceededException: Exceeded execution time in Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V
Aborting execution; exception: org.cf.smalivm.MaxExecutionTimeExceededException: Exceeded execution time in Lcom/gemalto/android/root/internal/MedlJni;->a(III)Ljava/lang/String;
Skipping optimization of Lcom/gemalto/android/root/internal/MedlJni;->a(III)Ljava/lang/String;; null execution graph
(2 / 3) Executing top level method: Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V
16:40:04.305 WARN  ExecutionContext - org.cf.smalivm.MaxExecutionTimeExceededException: Exceeded execution time in Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V
Aborting execution; exception: org.cf.smalivm.MaxExecutionTimeExceededException: Exceeded execution time in Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V
Skipping optimization of Lcom/gemalto/android/root/internal/MedlJni;-><clinit>()V; null execution graph
[3 / 3] Skipping top level method without implementation: Lcom/gemalto/android/root/internal/MedlJni;->goMedlJni(Ljava/lang/String;Ljava/lang/String;)[B
[3089 / 3236] Processing top level class Lcom/jetco/jetcop2pbankwallet/jetcoactivity/MainActivity$32;
[3090 / 3236] Processing top level class Lcom/jetco/p2psdk/a/q;
....
Simplification complete:
    total classes = 3236
    total methods = 0
    optimized methods = 2
    failed methods = 2
    run time = 1227078 ms
Total optimizations:

Writing output to classes_simple.dex

Any suggestion to overcome this? @CalebFenton

CalebFenton commented 6 years ago

If it's not crashing, just hitting an execution limit, it's usually because of an "unknown" predicate leading to an infinite loop. There's no real solution to this (Halting) problem.

You can bump up the limits, that sometimes helps, but it may just be impossible because there's a conditional dependent on file system or network state.

enovella commented 6 years ago

As discussed with @CalebFenton over Slack, incrementing the execution time didn't help much.

--max-execution-time <N> the default is 300 (5m) so try 600

Simplification complete:
    total classes = 3236
    total methods = 0
    optimized methods = 2
    failed methods = 2
    run time = 848566 ms
Total optimizations:

Writing output to classes_simple.dex
enovella commented 6 years ago

Hi @CalebFenton,

any progress on this issue? It seems to be very recurrent and frequent issue every time I use simplify to deobfuscate dex files.

Cheers

CalebFenton commented 6 years ago

Hitting these types of errors in my experience means everything is working and you're just hitting the halting problem (which is very impossible to solve). Basically, any time you have a loop where the terminating condition relies on a variable which may be unknown, simplify will never know when to exit the loop.

I haven't closed this issue because I still want to look into this app to see if it exposes any bugs which might be contributing to the halting issue.

You could help out by pasting code you think should be deobfuscated, and I can try and tell you why it may be a halting issue.

enovella commented 5 years ago

Tested only in a function but the latest version did a good job :+1: 

Total optimizations:
    constantized ifs = 3
    constantized ops = 13
    dead assignments removed = 27
    dead ops removed = 103
    dead results removed = 5
    nops removed = 1
    peephole optmizations = 2
    unreflected fields = 0
    unreflected methods = 1
    useless gotos removed = 2
Writing output to classes_simple.dex