Issue with HideAccessObfuscationTransformer

[Dev380]

Here is the output from my terminal when trying to deobfuscate with this transformer. Detecting works fine.

❯ java -Xss128M -cp rt.jar -jar deobfuscator.jar --config config.yml
[main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Loading classpath
[main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Loading input
[main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Computing callers
[main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Transforming
[main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Running com.javadeobfuscator.deobfuscator.transformers.stringer.HideAccessObfuscationTransformer
[Stringer] [HideAccessTransformer] Starting
[Stringer] [HideAccessTransformer] Found 1 decryptors

Deobfuscation failed. Please open a ticket on GitHub and provide the following error:
com.javadeobfuscator.deobfuscator.executor.exceptions.NoSuchMethodHandlerException: Could not find invoker for java/lang/Object xcx/jpd/if get(Ljava/lang/Object;)Ljava/lang/Object; @ essentials/lib/Startup$LoadNegro R(Ljava/lang/Object;SZS)Ljava/lang/String;
    at com.javadeobfuscator.deobfuscator.executor.MethodExecutor.execute(MethodExecutor.java:1240)
    at com.javadeobfuscator.deobfuscator.executor.MethodExecutor.execute(MethodExecutor.java:76)
    at com.javadeobfuscator.deobfuscator.executor.defined.MappedMethodProvider.invokeMethod(MappedMethodProvider.java:54)
    at com.javadeobfuscator.deobfuscator.executor.providers.DelegatingProvider.invokeMethod(DelegatingProvider.java:35)
    at com.javadeobfuscator.deobfuscator.executor.MethodExecutor.execute(MethodExecutor.java:1383)
    at com.javadeobfuscator.deobfuscator.executor.MethodExecutor.execute(MethodExecutor.java:76)
    at com.javadeobfuscator.deobfuscator.transformers.stringer.HideAccessObfuscationTransformer.lambda$transform$1(HideAccessObfuscationTransformer.java:125)
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
    at com.javadeobfuscator.deobfuscator.transformers.stringer.HideAccessObfuscationTransformer.transform(HideAccessObfuscationTransformer.java:120)
    at com.javadeobfuscator.deobfuscator.Deobfuscator.runFromConfig(Deobfuscator.java:475)
    at com.javadeobfuscator.deobfuscator.Deobfuscator.start(Deobfuscator.java:432)
    at com.javadeobfuscator.deobfuscator.DeobfuscatorMain.run(DeobfuscatorMain.java:106)
    at com.javadeobfuscator.deobfuscator.DeobfuscatorMain.run(DeobfuscatorMain.java:99)
    at com.javadeobfuscator.deobfuscator.DeobfuscatorMain.main(DeobfuscatorMain.java:36)

The cp rt.jar option was added because I saw other issues saying this is required for this deobfuscation setting. input.zip The above is the file I'm trying it with. I don't know if uploading this is allowed. I'm 99% sure this is malware (hence reason for decompilation) and I know that the non virus parts are all open source as far as I'm aware.

[Dev380]

PS xcx.jpd contains the files of interest.

[Janmm14]

@Dev380 No you add the path to rt.jar into the config.yml like so:

path:
 - "C:/Program Files/Java/jdk{version}/jre/lib/rt.jar"

Do NOT add it as -cp or sth to the java command.

You can find this in the wiki: https://github.com/java-deobfuscator/deobfuscator/wiki/Getting-Started#using-a-configuration-file

Maybe you also want to try out the deobfuscator-gui.

[Dev380]

@Janmm14 I tried it with that, however the same error popped up :(

[Janmm14]

@Dev380 Can you tell me which superclass xcx/jpd/if has?

[Dev380]

The issue is fixed now because I realized the manifest file said it used stringer, so I removed the string obfuscation first.