Error while decrypting Allatori string. Are you sure you're deobfuscating something obfuscated by Allatori?

[ciclonite]

Hi, I'm trying to deobfuscate a file jar.

The detection: [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Loading classpath [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Loading input [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Detecting known obfuscators [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - RuleStringDecryptor: Allatori's string decryption is very simple, accepting an encrypted string and outputting a decrypted string [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Found possible string decryption class kingDavid/D [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Recommend transformers: [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - (Choose one transformer. If there are multiple, it's recommended to try the transformer listed first) [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - com.javadeobfuscator.deobfuscator.transformers.allatori.StringEncryptionTransformer [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - com.javadeobfuscator.deobfuscator.transformers.allatori.string.StringEncryptionTransformer [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - All detectors have been run. If you do not see anything listed, check if your file only contains name obfuscation. [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Do note that some obfuscators do not have detectors. So i've create a file with this transformer :

• • com.javadeobfuscator.deobfuscator.transformers.allatori.StringEncryptionTransformer

But the result is :

Error while decrypting Allatori string. Are you sure you're deobfuscating something obfuscated by Allatori? kingDavid/k ALLATORIxDEMO(Ljava/lang/String;)Ljava/net/Socket; kingDavid/D ALLATORIxDEMO(Ljava/lang/String;)Ljava/lang/String; com.javadeobfuscator.deobfuscator.executor.exceptions.ExecutionException: getField failed @ kingDavid/D ALLATORIxDEMO(Ljava/lang/String;)Ljava/lang/String; at com.javadeobfuscator.deobfuscator.executor.providers.DelegatingProvider.getField(DelegatingProvider.java:74) at com.javadeobfuscator.deobfuscator.executor.MethodExecutor.execute(MethodExecutor.java:1007) at com.javadeobfuscator.deobfuscator.executor.MethodExecutor.execute(MethodExecutor.java:76) at com.javadeobfuscator.deobfuscator.transformers.allatori.StringEncryptionTransformer.transform(StringEncryptionTransformer.java:165) at com.javadeobfuscator.deobfuscator.Deobfuscator.runFromConfig(Deobfuscator.java:477) at com.javadeobfuscator.deobfuscator.Deobfuscator.start(Deobfuscator.java:434) at com.javadeobfuscator.deobfuscator.DeobfuscatorMain.run(DeobfuscatorMain.java:106) at com.javadeobfuscator.deobfuscator.DeobfuscatorMain.run(DeobfuscatorMain.java:99) at com.javadeobfuscator.deobfuscator.DeobfuscatorMain.main(DeobfuscatorMain.java:36) [Allatori] [StringEncryptionTransformer] Decrypted 0 encrypted strings [Allatori] [StringEncryptionTransformer] Removed 0 decryption methods [Allatori] [StringEncryptionTransformer] Done Any tips it's appreciated. Thanks!

[Janmm14]

i would guess the obfuscation is not allatori then

[ciclonite]

Ok thanks for reply, but why it detect Allatori obfuscation?

[Janmm14]

the detection is just a guess and other obfuscation or in theory also some legitimate methods could trigger it. allatori string obfuscation is not trying to read fields (but thats what the method tries to do when emulated), but the detection here is not verifying the suspected method does not have certain instructions.