search

skylot / jadx

Dex to Java decompiler
Apache License 2.0
41.99k stars 4.9k forks source link

[core] Invalid array decompilation #2289

Closed axelkar closed 2 months ago

axelkar commented 2 months ago

Issue details

The following obfuscated Smali code turns into this invalid Java code:

char[] cArr = {(char) (cArr[5] ^ 24), (char) (cArr[5] ^ 27), (char) (cArr[1] ^ 17), (char) (cArr[0] ^ 29), (char) (cArr[1] ^ 27), (char) ((-22412) ^ (-22497)), (char) (cArr[4] ^ 2)};

Is there a possibility for Jadx to deobfuscate/evaluate the code, in addition to correctly decompiling it? It'd be very useful to see the result somewhere.

Relevant log output or stacktrace

No response

Provide sample and class/method full name

    const/16 v2, 0x7

    new-array v1, v2, [C

    const/16 v3, -0x578c

    xor-int/lit16 v3, v3, -0x57e1

    int-to-char v3, v3

    const v2, 0x5

    aput-char v3, v1, v2

    const v2, 0x5

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x18

    int-to-char v3, v3

    const v2, 0x0

    aput-char v3, v1, v2

    const v2, 0x5

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x1b

    int-to-char v3, v3

    const v2, 0x1

    aput-char v3, v1, v2

    const v2, 0x1

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x1b

    int-to-char v3, v3

    const v2, 0x4

    aput-char v3, v1, v2

    const v2, 0x1

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x11

    int-to-char v3, v3

    const v2, 0x2

    aput-char v3, v1, v2

    const v2, 0x4

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x2

    int-to-char v3, v3

    const v2, 0x6

    aput-char v3, v1, v2

    const v2, 0x0

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x1d

    int-to-char v3, v3

    const v2, 0x3

    aput-char v3, v1, v2

Results in the char array spankki

Jadx version

1.5.0

skylot commented 2 months ago

@axelkar fixed, please check latest unstable build.

Is there a possibility for Jadx to deobfuscate/evaluate the code

This requires some kind of byte code interpretation, and this is a very complex task. I was hoping that https://github.com/CalebFenton/simplify project will implement this, but it looks abandon now, and I am not sure at which state it stop, anyway, you can try it.

iznaka commented 2 months ago

You should use JEB Pro (or even the demo) for this kind of complicated or obfuscated code.