ZKM Des Cipher String Obfuscation

GraxCode / threadtear

Multifunctional java deobfuscation tool suite

GNU General Public License v3.0

889 stars 121 forks source link

ZKM Des Cipher String Obfuscation #10

Open DarkyCat opened 4 years ago

DarkyCat commented 4 years ago

can't deobuscate jar file. Obfuscation is similar to zkm. jar file: https://workupload.com/file/bFVafRnQCEd

GraxCode commented 4 years ago

This looks like latest ZKM with string obfuscation using DES cipher. Will maybe do this, but currently don't know how to generate string obf with DES cipher samples. Maybe it's ZKM 12+ only, idk.

GraxCode commented 4 years ago

You can use "remove unnecessary try catch blocks" though if you want a better overview.

GraxCode commented 4 years ago

I need more samples to make a deobfuscator for this one. Edit: not needed anymore.

chrisbog94 commented 4 years ago

I've got a handful of ZKM 13 samples if you'd like. Looking to deob these.

GraxCode commented 4 years ago

The problem with newer ZKM files is that it uses method parameters as decryption values that are stored before method invocation (at the references), and it also combines resource and string obfuscation.

ViRb3 commented 4 years ago

Should be partially unblocked when ArgumentInliner is merged from #23.