JMD-master fails to deob Allatori

[Tsopic]

example.jar (43 KB) https://mega.co.nz/#!rtxT1KqR!Ocw0hg8n0UM2_o_X7PSA9QwEFLo7cTJJVQL1Bp5ph_w

I hope you fix this. Best regards, Tsopic

[yocontra]

Can you post the command you're running with arguments?

[Tsopic]

-jar "JMD path" "jar path" Allatori true

[yocontra]

Have you tried using the generic string deobfuscator?

[Tsopic]

yup, didn't really help, only corrupted the jar, and made some other slight changes.

[yocontra]

Hmm... Well the tools aren't 100% not going to corrupt the JAR but they should at least decrypt the strings. So the Allatori one not only corrupts the JAR but fails to decrypt?

[Tsopic]

Umm, It doesn't give the deobed jar whatsoever.

[yocontra]

Can you show me the logs? It would be helpful if you just gave me all of the info up front so I don't have to keep asking questions

[Tsopic]

Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Tsopic>cd C:\JMD-master\JMD-master

C:\JMD-master\JMD-master>java -jar JMD.jar "C:\example.jar" allatori true Java Multi-Purpose Deobfuscator Please Visit RECoders.org for updates and info Version 1.6 Created by Contra. Please read LICENSE.txt Tons of code from skoalman, super_, ollie, popcorn89, the prophecy, and saevion [AllatoriTransformer]Allatori Deobfuscator [AllatoriTransformer]Starting Encrypted String Removal... Exception in thread "main" java.lang.NullPointerException at net.contra.jmd.transformers.allatori.AllatoriTransformer.replaceStrin gs(AllatoriTransformer.java:140) at net.contra.jmd.transformers.allatori.AllatoriTransformer.transform(Al latoriTransformer.java:121) at net.contra.jmd.Deobfuscator.main(Deobfuscator.java:47)

C:\JMD-master\JMD-master>

[me0wday]

+1 havn't had much luck with any recent allatori obfuscations, can sometimes successfully run generic string deobfuscator however strings will not actually be deobbed.

Same error as above, can post some more examples.

edit: on a side note, I still love these java projects

[yocontra]

Sorry guys I haven't touched this project or written any Java in ~2 years - wouldn't even know where to jump back in. Unless somebody else wants to have a look and fix it (nullpointers are usually pretty easy) then it will probably stay broken

[me0wday]

That's alright, it's interesting because it really is one of a kind, there arent'/weren't any deobfuscators that worked as well as this one. I'll get the error log for Allatori and String Deob for you in case anyone else wants to look as well. Honestly this has always been far ahead of me.

[Tsopic]

:S Remember u from recoders.org times, u were able to crack and reverseengineer almost everything, even Nexus bot :D Its sad to hear that you no longer writing java.

But Good luck in your other projects, and keep it real :D

[mx1000]

public void replaceStrings() throws TargetLostException { for (ClassGen cg : this.cgs.values()) { int replaced = 0; for (Method method : cg.getMethods()) { MethodGen mg = new MethodGen(method, cg.getClassName(), cg.getConstantPool()); InstructionList list = mg.getInstructionList(); if (list == null) { continue; } InstructionHandle[] handles = list.getInstructionHandles(); for (int i = 1; i < handles.length; i++) { if (((handles[i].getInstruction() instanceof INVOKESTATIC)) && ((handles[(i - 1)].getInstruction() instanceof LDC))) { INVOKESTATIC methodCall = (INVOKESTATIC)handles[i].getInstruction(); if (methodCall.getClassName(cg.getConstantPool()).contains(this.ALLATORI_CLASS.getClassName())) { LDC encryptedLDC = (LDC)handles[(i - 1)].getInstruction(); String encryptedString = encryptedLDC.getValue(cg.getConstantPool()).toString(); String decryptedString; String decryptedString; if (this.isStrong) decryptedString = decodeContext(encryptedString, cg.getClassName(), method.getName()); else { decryptedString = decode(encryptedString); } this.logger.debug(encryptedString + " -> " + decryptedString + " in " + cg.getClassName() + "." + method.getName()); int stringRef = cg.getConstantPool().addString(decryptedString); LDC lc = new LDC(stringRef); NOP nop = new NOP(); handles[i].setInstruction(lc); handles[(i - 1)].setInstruction(nop); replaced++; } } } mg.setInstructionList(list); mg.setMaxLocals(); mg.setMaxStack(); cg.replaceMethod(method, mg.getMethod()); } if (replaced > 0) this.logger.debug("decrypted " + replaced + " strings in class " + cg.getClassName()); } }

More specific : if (methodCall.getClassName(cg.getConstantPool()).contains(this.ALLATORI_CLASS.getClassName())) {

Called by the transforms method (which is obvious).

public void transform() throws TargetLostException { this.logger.log("Starting Encrypted String Removal..."); replaceStrings(); this.logger.log("Deobfuscation Finished! Dumping jar..."); GenericMethods.dumpJar(this.JAR_NAME, this.cgs.values()); this.logger.log("Operation Completed."); }

Idk how to fix it, though I look into it.

[yocontra]

lol this is giving me nostalgia with people from RSCB being here

It seems to me like something on that line is null. Can't be methodCall because I check if it exists before assigning to it. It's either this.ALLATORI_CLASS or cg so just log and find out

[yocontra]

@Tsopic yeah I got busy doing legit work though - much more money in that

[mx1000]

@Contra , flipping bitcoins is good money.

Like stocks :P

Anyways, feel free to sigunup at http://dynamac.org Would be nice seeing you there, they have a 'cracker' section. Its not much but marneus is developer and he is actually quite capable.

[mx1000]

Wtf bs I am talking anyways... l

[GHzGangster]

Yup... I'm from RSCB as well. It was really fun while it lasted, I learned a lot from cracking and even more since. Contra's GitHub is the only remaining RSCB-related thing that I know of (other than the attempted revival from some member), but it's nice to see some other guys that remember the forums. If anyone knows of some place similar, let me know. Anyways... glad to see that you've been doing well, Eric.

Back on topic, I might look into the deobfuscator again, but there isn't much that I would use it on, certainly nothing RS-related. My hobby nowadays is emulating a dead online game server, but I'll try and do something about this sometime, it's always been a bit messy.

[yocontra]

Yeah after the RS botting scene died down there isn't much java worth deobfuscating