No recommended transformers

[Mellvin1994]

Hi, can you help me with this? no recommended transformers shown for RuleSuspiciousClinit

[main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Loading classpath [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Loading input [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Detecting known obfuscators [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - RuleSourceFileAttribute: Some obfuscators don't remove the SourceFile attribute by default. This information can be recovered, and is very useful [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Found possible SourceFile attribute on carLambo/HBrowserNativeApis: oa [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Recommend transformers: [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - (Choose one transformer. If there are multiple, it's recommended to try the transformer listed first) [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - com.javadeobfuscator.deobfuscator.transformers.normalizer.SourceFileClassNormalizer [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - RuleSuspiciousClinit: Zelix Klassmaster typically embeds decryption code in . This sample may have been obfuscated with Zelix Klassmaster [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Found suspicious in carLambo/F [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Recommend transformers: [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - (Choose one transformer. If there are multiple, it's recommended to try the transformer listed first) [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - None [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - RuleEnhancedStringEncryption: Zelix Klassmaster has several modes of string encryption. This mode is similar to the simple mode, but adds an additional layer of decryption by calling a method with signature (II)Ljava/lang/String; [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Found potential enhanced string encrypted class carLambo/F [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Recommend transformers: [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - (Choose one transformer. If there are multiple, it's recommended to try the transformer listed first) [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - com.javadeobfuscator.deobfuscator.transformers.zelix.StringEncryptionTransformer [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - com.javadeobfuscator.deobfuscator.transformers.zelix.string.EnhancedStringEncryptionTransformer [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - RuleStringDecryptor: Allatori's string decryption is very simple, accepting an encrypted string and outputting a decrypted string [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Found possible string decryption class carLambo/n [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - Recommend transformers: [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - (Choose one transformer. If there are multiple, it's recommended to try the transformer listed first) [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - com.javadeobfuscator.deobfuscator.transformers.allatori.StringEncryptionTransformer [main] INFO com.javadeobfuscator.deobfuscator.Deobfuscator - com.javadeobfuscator.deobfuscator.transformers.allatori.string.StringEncryptionTransformer

[Janmm14]

The "recommended transformers" list is hardcoded for each rule. RuleSuspiciousClinit does not have any recommened transformers, all it does is detecting suspicious code in clinit which just hints that ZKM (Zelix KlassMaster) is being used.

Make sure to ignore the RuleSourceFileAttribute here and not use SourceFileClassNormalizer.

From each list of transformers, choose the first one only (If there are multiple, it's recommended to try the transformer listed first). Inspect the output. If its not like you expected, try to change the order of the transformers. Usually for ZKM the StringEncryptionTransformerneeds to be first.