search

riboseinc / retrace

retrace is a versatile security vulnerability / bug discovery tool through monitoring and modifying the behavior of compiled binaries on Linux, OpenBSD/FreeBSD/NetBSD (shared object) and macOS (dynamic library).
Other
61 stars 19 forks source link

Thread.UncaughtExceptionHandler.uncaughtException(...) is not deobfuscated #431

Closed pplithium closed 1 year ago

pplithium commented 1 year ago

When an obfuscated exception is thrown using Thread.UncaughtExceptionHandler.uncaughtException() method, the exception is not decoded. Due to limitations, we cannot use throw new ObfuscatedException("msg")

To reproduce:

Build a project with:

public class ObfuscatedException extends RuntimeException{
    public ObfuscatedException(String msg) {
        super(msg);
    }
}

an obfuscated exception class, and throw this exception using:

Thread.UncaughtExceptionHandler handler = Thread.getDefaultUncaughtExceptionHandler();
ObfuscatedException obfuscatedException = new ObfuscatedException("message");
handler.uncaughtException(Thread.currentThread(), obfuscatedException);

Provide the mapping file and crash log to retrace:

retrace mapping.txt crash.txt

Actual result:

2023-11-23 12:11:44.418 31080-31080 AndroidRuntime          pid-31080                            E  FATAL EXCEPTION: main
                                                                                                    Process: com.example, PID: 31080
                                                                                                    p2.a: message
                                                                                                        at com.example.MainActivity.onCreate(MainActivity.java:18)
                                                                                                        at android.app.Activity.performCreate(Activity.java:8944)
                                                                                                        at android.app.Activity.performCreate(Activity.java:8913)
                                                                                                        at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1456)
                                                                                                        at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:4146)
                                                                                                        at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:4322)
                                                                                                        at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:103)
                                                                                                        at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:139)
                                                                                                        at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:96)
                                                                                                        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2685)
                                                                                                        at android.os.Handler.dispatchMessage(Handler.java:106)
                                                                                                        at android.os.Looper.loopOnce(Looper.java:230)
                                                                                                        at android.os.Looper.loop(Looper.java:319)
                                                                                                        at android.app.ActivityThread.main(ActivityThread.java:8893)
                                                                                                        at java.lang.reflect.Method.invoke(Method.java)
                                                                                                        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:608)
                                                                                                        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1103)

Expected Result:

2023-11-23 12:11:44.418 31080-31080 AndroidRuntime          pid-31080                            E  FATAL EXCEPTION: main
                                                                                                    Process: com.example, PID: 31080
                                                                                                    com.example.ObfuscatedException: message
                                                                                                        at com.example.MainActivity.onCreate(MainActivity.java:18)
                                                                                                        at android.app.Activity.performCreate(Activity.java:8944)
                                                                                                        at android.app.Activity.performCreate(Activity.java:8913)
                                                                                                        at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1456)
                                                                                                        at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:4146)
                                                                                                        at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:4322)
                                                                                                        at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:103)
                                                                                                        at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:139)
                                                                                                        at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:96)
                                                                                                        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2685)
                                                                                                        at android.os.Handler.dispatchMessage(Handler.java:106)
                                                                                                        at android.os.Looper.loopOnce(Looper.java:230)
                                                                                                        at android.os.Looper.loop(Looper.java:319)
                                                                                                        at android.app.ActivityThread.main(ActivityThread.java:8893)
                                                                                                        at java.lang.reflect.Method.invoke(Method.java)
                                                                                                        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:608)
                                                                                                        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1103)