NeRdTheNed
commented
1 year ago This is unlikely to work, as these method names are generated by calling String.format("_%s", UUID.randomUUID().toString().replaceAll("-", "")), creating and using a new random UUID for the method name on infection. Additionally, files can be infected without generating one of these "helper methods" (the payload can be directly added to \
The stage0 example shown at https://github.com/fractureiser-investigation/fractureiser#stage0-infected-mod-jars displays the decompiled code of a method named
_1685f49242dd46ef9c553d8af1a4e0bb(). Would it be possible to write a regex for similarly-named methods and reliably detect stage0 in mods infected in this manner?