I have observed two cases of weird code decompilation which I wanted to ask about. The code is decompiled apk using apktool 2.4.1 on Windows 10 and both questions have to do with figuring out if this is legal in smali language and how to deal with this logically and programmatically (with a parser).
The first issue is having multiple same field definitions in a single smali class. I have the following situation:
.class public final Likev2/network/sdk/network/tools/VpnBuilderHelper;
.super Ljava/lang/Object;
annotations
.annotation system Ldalvik/annotation/MemberClasses;
value = {
Likev2/network/sdk/network/tools/VpnBuilderHelper$a;
}
.end annotation
instance fields
.field public a:Landroid/net/VpnService$Builder;
.field public final a:Landroid/net/VpnService;
.field public a:Likev2/network/sdk/network/tools/VpnBuilderHelper$a;
.field public b:Likev2/network/sdk/network/tools/VpnBuilderHelper$a;
direct methods
.method public constructor (Landroid/net/VpnService;)V
.locals 0
If you observe the first three instance fields, all three have the same name 'a'. They also have different types. Initially, I was thinking that this might be the case of hiding the members from superclasses, but the superclass of this one is plain Object.
How would this be interpreted?
2. The second issue is having the character '-' as the first character in the name of a method. The code in question is this one:
...
virtual methods
.method public final -deprecated_javaName()Ljava/lang/String;
.locals 1
The method name in question here is '-deprecated_javaName'. Is this a legal name, considering '-' character? I've searched on Google and found only one place that this name is mentioned, and this is in the following code: https://jar-download.com/artifacts/com.squareup.okhttp3/okhttp/4.2.2/source-code/okhttp3/CipherSuite.kt
If you take a look, it seems this is deprecated and renamed Kotlin function:
I'm parsing smali with a custom antlr script, which sets function names to always start with a letter and fails on this character.
If anyone can shed some light What is going on with these two smali peculiarities and how to properly handle their parsing I would greatly appreciate it.
JesusFreke
commented
4 years ago
Hello everyone,
I have observed two cases of weird code decompilation which I wanted to ask about. The code is decompiled apk using apktool 2.4.1 on Windows 10 and both questions have to do with figuring out if this is legal in smali language and how to deal with this logically and programmatically (with a parser).
annotations
.annotation system Ldalvik/annotation/MemberClasses; value = { Likev2/network/sdk/network/tools/VpnBuilderHelper$a; } .end annotation
instance fields
.field public a:Landroid/net/VpnService$Builder;
.field public final a:Landroid/net/VpnService;
.field public a:Likev2/network/sdk/network/tools/VpnBuilderHelper$a;
.field public b:Likev2/network/sdk/network/tools/VpnBuilderHelper$a;
direct methods
.method public constructor(Landroid/net/VpnService;)V
.locals 0
...
...
virtual methods
.method public final -deprecated_javaName()Ljava/lang/String; .locals 1
.end method ...
... @JvmName("-deprecated_javaName") @Deprecated( message = "moved to val", replaceWith = ReplaceWith(expression = "javaName"), level = DeprecationLevel.ERROR) fun javaName(): String = javaName ...