Open Janmm14 opened 2 years ago
I think deobfuscation is out of scope of Krakatau, its killer feature is robustness and fairness, so it can decompile even non-java langs compiled into JVM bytecode.
I remember there used to be plenty of Java deobfuscators.
Loop unrolling would be straightforward to do in principle - the problem is that most of the time it would make things worse. You basically need a way to "guess" when to do it.
Those deobfuscators, one of which I'm also maintaining a little bit, usually don't have such advanced peephole optimizations and often rely on bytecode patterns. I thought that maybe it'd be possible for Krakatau to handle this part because it does other optimizations already. I guess loop unrolling would need to be tried in some branch and then some detection if it removes the loop or so in the end.
But I can accept if this is deemed out-of-scope. In that case I'll need to find some motivation to improve my understanding of ow2's asm analyzer at some point. I mean the code between or inside these loops is readable, so its just an annoyance.
By the way, do you know if there are any examples of this obfuscation in a freely available app? Having a sample to test with would be really helpful.
https://github.com/java-deobfuscator/deobfuscator/issues/748 At least I couldn't find it being sold or offered for download somewhere when I googled so I gave that the benefit of the doubt that he followed the rule set on the issues there which is to not infringe copyright.
Edit: This is the jar I took above bytecode from: deob03.zip
By the way, do you know if there are any examples of this obfuscation in a freely available app?
At least I couldn't find it
Bozar is open source. You can find some samples of it along with others on SkidSuite's obfuscation demo samples.
In the original obfuscation the long j is not set to 0, but I can easily edit the bytecode so that its a 0.
I think it should be possible to optimize these never-looping-loops relatively easy, but I'm struggling with such generic bytecode analysis. bytecode of sample above:
other sample of similar never looping thing:
185
Edit: maybe that whole thing is also in another non-looping-loop: