Ignore class references obfuscated classes. References are not obfuscated

[HotYounger]

Ignore class references confused class, references are not confused. You can't find it and crash. Please repair it.

command: python -m obfuscapk.cli -o ClassRename -o Rebuild -i -p -w F:\Obfuscapk-master\src\Code -d out.apk testOBF.apk

testOBF.apk link: http://182.150.24.92:12380/owncloud/remote.php/webdav/Andu/%E4%B8%8A%E6%9E%B6%E4%BA%A7%E5%93%812/11%E6%9C%882/ZH/testOBF.apk

[HotYounger]

Testobf. apk is the obfuscated package, you can decompile the a.logutils class to find it, you can also run the APP directly

[ClaudiuGeorgiu]

Ignore class references confused class, references are not confused. You can't find it and crash.

Hi, sorry but I don't understand the issue, can you elaborate more? Also the link you provided requires credentials (by the way, the original apk would be more useful to reproduce the problem instead of the obfuscated apk). Thanks.

[HotYounger]

Update the link: http://182.150.24.92:12380/owncloud/index.php/s/i7Bs5b8fImXlYsR Testobf. apk is the obfuscated package, you can decompile it to see the a.logutils class, An unscrambled class has a class that calls the scrambled class, and this reference does not participate in the scrambled class (see: r4a8a08ty.rd2a57dty class, a.Logutils class,).  

------------------ 原始邮件 ------------------ 发件人: "ClaudiuGeorgiu/Obfuscapk" @.>; 发送时间: 2021年11月2日(星期二) 晚上6:18 @.>; @.**@.>; 主题: Re: [ClaudiuGeorgiu/Obfuscapk] Ignore class references obfuscated classes. References are not obfuscated (Issue #116)

Ignore class references confused class, references are not confused. You can't find it and crash.

Hi, sorry but I don't understand the issue, can you elaborate more? Also the link you provided requires credentials (by the way, the original apk would be more useful to reproduce the problem instead of the obfuscated apk). Thanks.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[HotYounger]

Hello, do you see the problem I'm talking about？

  a.Logutils is to keep the class unconfused, and all other classes are to be confused, .

This time you are given two more APKs and you decompile the APK to see the problem

------------------ 原始邮件 ------------------ 发件人: "ClaudiuGeorgiu/Obfuscapk" @.>; 发送时间: 2021年11月2日(星期二) 晚上6:18 @.>; @.**@.>; 主题: Re: [ClaudiuGeorgiu/Obfuscapk] Ignore class references obfuscated classes. References are not obfuscated (Issue #116)

Ignore class references confused class, references are not confused. You can't find it and crash.

Hi, sorry but I don't understand the issue, can you elaborate more? Also the link you provided requires credentials (by the way, the original apk would be more useful to reproduce the problem instead of the obfuscated apk). Thanks.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[ClaudiuGeorgiu]

I downloaded the apk file you provided, I installed it on an emulator and it worked without issues. Also I wasn't able to find any logutils class/method in the decompiled app.

[HotYounger]

In the email attachment, I sent you two apk

------------------ 原始邮件 ------------------ 发件人: "ClaudiuGeorgiu/Obfuscapk" @.>; 发送时间: 2021年11月4日(星期四) 凌晨3:07 @.>; @.**@.>; 主题: Re: [ClaudiuGeorgiu/Obfuscapk] Ignore class references obfuscated classes. References are not obfuscated (Issue #116)

I downloaded the apk file you provided, I installed it on an emulator and it worked without issues. Also I wasn't able to find any logutils class/method in the decompiled app.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[HotYounger]

Hello friend, do you find the problem? Last time I sent it to you as an email attachment, have you received it

------------------ 原始邮件 ------------------ 发件人: "ClaudiuGeorgiu/Obfuscapk" @.>; 发送时间: 2021年11月4日(星期四) 凌晨3:07 @.>; @.**@.>; 主题: Re: [ClaudiuGeorgiu/Obfuscapk] Ignore class references obfuscated classes. References are not obfuscated (Issue #116)

I downloaded the apk file you provided, I installed it on an emulator and it worked without issues. Also I wasn't able to find any logutils class/method in the decompiled app.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[ClaudiuGeorgiu]

Hello friend, do you find the problem? Last time I sent it to you as an email attachment, have you received it

Hi, I didn't receive any attachment via email. If you want to provide an apk with the problem, please upload it here in the GitHub issue or provide a link where to download it.

[HotYounger]

This is the APK before the confusion link: http://182.150.24.92:12380/owncloud/index.php/s/GjtPQ6fwlVC7Ypc This is apK after the confusion link: http://182.150.24.92:12380/owncloud/index.php/s/DC5PEEyjj6z3xIE

[HotYounger]

It has been sent to your Github This is the APK before the confusion link: http://182.150.24.92:12380/owncloud/index.php/s/GjtPQ6fwlVC7Ypc This is apK after the confusion link: http://182.150.24.92:12380/owncloud/index.php/s/DC5PEEyjj6z3xIE

------------------ 原始邮件 ------------------ 发件人: "ClaudiuGeorgiu/Obfuscapk" @.>; 发送时间: 2021年11月8日(星期一) 晚上8:17 @.>; @.**@.>; 主题: Re: [ClaudiuGeorgiu/Obfuscapk] Ignore class references obfuscated classes. References are not obfuscated (Issue #116)

Hello friend, do you find the problem? Last time I sent it to you as an email attachment, have you received it

Hi, I didn't receive any attachment via email. If you want to provide an apk with the problem, please upload it here in the GitHub issue or provide a link where to download it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[ClaudiuGeorgiu]

Hi @HotYounger, it wasn't easy but I finally understood the issue:

• class a.LogUtils contains a method LogERROR that calls LogInt (from class b.z) and LogString (from class c.app);
• class a.LogUtils is ignored during obfuscation, classes b.z and c.app are obfuscated so they are renamed;
• when LogERROR from class a.LogUtils is invoked, it can't find LogInt and LogString methods anymore since the classes containing them were renamed, so the app crashes.

The issue here is the -i parameter: it was designed for ignoring known third party libraries, under the assumption that usually a library is confined in its own package (e.g., a library com.library usually won't invoke code outside this package, unless it's invoking code from another library - but in this case the other library can be ignored too). The problem is that when a package name is ignored (with -i, --ignore-libs or --ignore-packages-file), it is ignored for all the obfuscation operations, it's like saying "don't ever touch the code inside this package", so obfuscation actions from other packages do not propagate to ignored packages. Back to your app, when classes b.z and c.app are renamed, they are renamed everywhere except in a.LogUtils class (since package a is ignored).

So, how to fix this? Unfortunately, there is no easy solution. As I wrote earlier, the ignore feature was designed with third party libraries in mind (for which it mostly works). One could group into a specific package all the stuff that has to be ignored during obfuscation, without calling external code from there, but this is of course not practical. The best solution would be to review the ignore logic in Obfuscapk and to propagate obfuscation operations even into ignored packages, but it's not something trivial to do, sorry. I'm going to leave this issue open until we find a better solution, thanks for reporting!

[HotYounger]

I think it can be solved. When a class needs to be confused, you can just search and replace the renamed name globally, but it will take more time.

------------------ 原始邮件 ------------------ 发件人: "ClaudiuGeorgiu/Obfuscapk" @.>; 发送时间: 2021年11月9日(星期二) 凌晨3:39 @.>; @.**@.>; 主题: Re: [ClaudiuGeorgiu/Obfuscapk] Ignore class references obfuscated classes. References are not obfuscated (Issue #116)

Hi @HotYounger, it wasn't easy but I finally understood the issue:

class a.LogUtils contains a method LogERROR that calls LogInt (from class b.z) and LogString (from class c.app);

class a.LogUtils is ignored during obfuscation, classes b.z and c.app are obfuscated so they are renamed;

when LogERROR from class a.LogUtils is invoked, it can't find LogInt and LogString methods anymore since the classes containing them were renamed, so the app crashes.

The issue here is the -i parameter: it was designed for ignoring known third party libraries, under the assumption that usually a library is confined in its own package (e.g., a library com.library usually won't invoke code outside this package, unless it's invoking code from another library - but in this case the other library can be ignored too). The problem is that when a package name is ignored (with -i, --ignore-libs or --ignore-packages-file), it is ignored for all the obfuscation operations, it's like saying "don't ever touch the code inside this package", so obfuscation actions from other packages do not propagate to ignored packages. Back to your app, when classes b.z and c.app are renamed, they are renamed everywhere except in a.LogUtils class (since package a is ignored).

So, how to fix this? Unfortunately, there is no easy solution. As I wrote earlier, the ignore feature was designed with third party libraries in mind (for which it mostly works). One could group into a specific package all the stuff that has to be ignored during obfuscation, without calling external code from there, but this is of course not practical. The best solution would be to review the ignore logic in Obfuscapk and to propagate obfuscation operations even into ignored packages, but it's not something trivial to do, sorry. I'm going to leave this issue open until we find a better solution, thanks for reporting!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.