Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[core] Invalid array decompilation #2289

Closed
axelkar opened this issue Sep 28, 2024 · 2 comments
Closed

[core] Invalid array decompilation #2289

axelkar opened this issue Sep 28, 2024 · 2 comments
Labels
bug Core Issues in jadx-core module

Comments

@axelkar
Copy link

axelkar commented Sep 28, 2024

Issue details

The following obfuscated Smali code turns into this invalid Java code:

char[] cArr = {(char) (cArr[5] ^ 24), (char) (cArr[5] ^ 27), (char) (cArr[1] ^ 17), (char) (cArr[0] ^ 29), (char) (cArr[1] ^ 27), (char) ((-22412) ^ (-22497)), (char) (cArr[4] ^ 2)};

Is there a possibility for Jadx to deobfuscate/evaluate the code, in addition to correctly decompiling it? It'd be very useful to see the result somewhere.

Relevant log output or stacktrace

No response

Provide sample and class/method full name

    const/16 v2, 0x7

    new-array v1, v2, [C

    const/16 v3, -0x578c

    xor-int/lit16 v3, v3, -0x57e1

    int-to-char v3, v3

    const v2, 0x5

    aput-char v3, v1, v2

    const v2, 0x5

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x18

    int-to-char v3, v3

    const v2, 0x0

    aput-char v3, v1, v2

    const v2, 0x5

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x1b

    int-to-char v3, v3

    const v2, 0x1

    aput-char v3, v1, v2

    const v2, 0x1

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x1b

    int-to-char v3, v3

    const v2, 0x4

    aput-char v3, v1, v2

    const v2, 0x1

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x11

    int-to-char v3, v3

    const v2, 0x2

    aput-char v3, v1, v2

    const v2, 0x4

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x2

    int-to-char v3, v3

    const v2, 0x6

    aput-char v3, v1, v2

    const v2, 0x0

    aget-char v3, v1, v2

    xor-int/lit16 v3, v3, 0x1d

    int-to-char v3, v3

    const v2, 0x3

    aput-char v3, v1, v2

Results in the char array spankki

Jadx version

1.5.0
@axelkar axelkar added bug Core Issues in jadx-core module labels Sep 28, 2024
skylot added a commit that referenced this issue Sep 28, 2024
@skylot
fix: improve checks for restore new filled array (#2289)
681f8a9
@skylot
Copy link
Owner

skylot commented Sep 28, 2024

@axelkar fixed, please check latest unstable build.

Is there a possibility for Jadx to deobfuscate/evaluate the code

This requires some kind of byte code interpretation, and this is a very complex task.
I was hoping that https://github.com/CalebFenton/simplify project will implement this, but it looks abandon now, and I am not sure at which state it stop, anyway, you can try it.

@skylot skylot closed this as completed Sep 28, 2024
@iznaka
Copy link

iznaka commented Sep 28, 2024

You should use JEB Pro (or even the demo) for this kind of complicated or obfuscated code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Core Issues in jadx-core module
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skylot @axelkar @iznaka