diff --git a/examples/AS2DeobfuscatorSample.java b/examples/AS2DeobfuscatorSample.java index bd22bd4cb..c4fee3cca 100644 --- a/examples/AS2DeobfuscatorSample.java +++ b/examples/AS2DeobfuscatorSample.java @@ -1,166 +1,10 @@ -import com.jpexs.decompiler.flash.action.Action; +import com.jpexs.decompiler.flash.SWF; import com.jpexs.decompiler.flash.action.ActionList; -import com.jpexs.decompiler.flash.action.ActionLocalData; -import com.jpexs.decompiler.flash.action.swf4.ActionAdd; -import com.jpexs.decompiler.flash.action.swf4.ActionEquals; -import com.jpexs.decompiler.flash.action.swf4.ActionGetVariable; -import com.jpexs.decompiler.flash.action.swf4.ActionIf; -import com.jpexs.decompiler.flash.action.swf4.ActionJump; -import com.jpexs.decompiler.flash.action.swf4.ActionNot; -import com.jpexs.decompiler.flash.action.swf4.ActionPush; -import com.jpexs.decompiler.flash.action.swf4.ActionSetVariable; -import com.jpexs.decompiler.flash.action.swf4.ActionSubtract; -import com.jpexs.decompiler.flash.action.swf5.ActionAdd2; -import com.jpexs.decompiler.flash.action.swf5.ActionDefineFunction; -import com.jpexs.decompiler.flash.action.swf5.ActionDefineLocal; -import com.jpexs.decompiler.flash.action.swf5.ActionReturn; -import com.jpexs.decompiler.flash.ecma.EcmaScript; import com.jpexs.decompiler.flash.helpers.SWFDecompilerListener; -import com.jpexs.decompiler.graph.Graph; -import com.jpexs.decompiler.graph.GraphTargetItem; -import com.jpexs.decompiler.graph.TranslateException; -import java.util.ArrayList; -import java.util.EmptyStackException; -import java.util.List; -import java.util.Stack; public class AS2DeobfuscatorSample implements SWFDecompilerListener { @Override - public void actionListParsed(ActionList actions) { - combinePushs(actions); - if (removeFakeFunction(actions)) { - while (removeObfuscationIfs(actions)); - } - } - - private void combinePushs(ActionList actions) { - for (int i = 0; i < actions.size() - 1; i++) { - Action action = actions.get(i); - Action action2 = actions.get(i + 1); - if (action instanceof ActionPush && action2 instanceof ActionPush) { - ActionPush push = (ActionPush) action; - ActionPush push2 = (ActionPush) action2; - push.values.addAll(push2.values); - actions.remove(i + 1); - i--; - } - } - } - - private boolean removeObfuscationIfs(ActionList actions) { - if (actions.size() == 0) { - return false; - } - - for (int i = 0; i < actions.size(); i++) { - int idx = i; - List output = new ArrayList(); - ActionLocalData localData = new ActionLocalData(); - Stack stack = new Stack<>(); - - try { - int lastOkIdx = -1; - while (true) { - Action action = actions.get(idx); - - action.translate(localData, stack, output, Graph.SOP_USE_STATIC, ""); - - if (!(action instanceof ActionPush || - action instanceof ActionAdd || - action instanceof ActionAdd2 || - action instanceof ActionSubtract || - action instanceof ActionDefineLocal || - action instanceof ActionJump || - action instanceof ActionGetVariable || - action instanceof ActionSetVariable || - action instanceof ActionEquals || - action instanceof ActionNot || - action instanceof ActionIf)) { - break; - } - - idx++; - - if (action instanceof ActionJump) { - ActionJump jump = (ActionJump) action; - long address = jump.getAddress() + jump.getTotalActionLength() + jump.getJumpOffset(); - idx = actions.indexOf(actions.getByAddress(address)); - } - - if (action instanceof ActionIf) { - ActionIf aif = (ActionIf) action; - if (EcmaScript.toBoolean(stack.peek().getResult())) { - long address = aif.getAddress() + aif.getTotalActionLength() + aif.getJumpOffset(); - idx = actions.indexOf(actions.getByAddress(address)); - } - stack.pop(); - } - - if (localData.variables.size() == 1 && stack.empty()) { - lastOkIdx = idx; - - // - } - } - - if (lastOkIdx != -1) { - int a = 1; - } - } catch (EmptyStackException | TranslateException | InterruptedException ex) { - } - } - - return false; - } - - private boolean removeFakeFunction(ActionList actions) { - /* - DefineFunction "fakeName" 0 { - Push 1777 - Return - } - */ - - for (int i = 0; i < actions.size() - 2; i++) { - Action action = actions.get(i); - if (action instanceof ActionDefineFunction) { - Action action2 = actions.get(i + 1); - Action action3 = actions.get(i + 2); - if (action2 instanceof ActionPush && action3 instanceof ActionReturn) { - ActionDefineFunction def = (ActionDefineFunction) action; - ActionPush push = (ActionPush) action2; - if (def.paramNames.isEmpty() && push.values.size() == 1) { - Object pushValueObj = push.values.get(0); - if (pushValueObj instanceof Long) { - String functionName = def.functionName; - long pushValue = (Long) pushValueObj; - for (int j = 0; j < 3; j++) { - actions.removeAction(i); - } - - for (int j = 0; j < actions.size() - 1; j++) { - action = actions.get(j); - if (action instanceof ActionPush) { - push = (ActionPush) action; - int pushValuesCount = push.values.size(); - if (pushValuesCount >= 2 - && push.values.get(pushValuesCount - 1).equals(functionName)) { - push.values.remove(pushValuesCount - 1); - push.values.remove(pushValuesCount - 2); - push.values.add(pushValue); - actions.removeAction(j + 1); - } - } - } - - return true; - } - } - } - } - } - - return false; + public void actionListParsed(ActionList actions, SWF swf) { } } diff --git a/src/com/jpexs/decompiler/flash/SWF.java b/src/com/jpexs/decompiler/flash/SWF.java index b58e40b24..3c2e5176f 100644 --- a/src/com/jpexs/decompiler/flash/SWF.java +++ b/src/com/jpexs/decompiler/flash/SWF.java @@ -24,10 +24,10 @@ import com.jpexs.decompiler.flash.abc.ClassPath; import com.jpexs.decompiler.flash.abc.RenameType; import com.jpexs.decompiler.flash.abc.ScriptPack; import com.jpexs.decompiler.flash.action.Action; -import com.jpexs.decompiler.flash.action.Deobfuscation; import com.jpexs.decompiler.flash.action.ActionGraphSource; import com.jpexs.decompiler.flash.action.ActionList; import com.jpexs.decompiler.flash.action.ActionLocalData; +import com.jpexs.decompiler.flash.action.Deobfuscation; import com.jpexs.decompiler.flash.action.model.ConstantPool; import com.jpexs.decompiler.flash.action.model.DirectValueActionItem; import com.jpexs.decompiler.flash.action.model.FunctionActionItem; diff --git a/src/com/jpexs/decompiler/flash/action/ActionDeobfuscator.java b/src/com/jpexs/decompiler/flash/action/ActionDeobfuscator.java index a6c9b3394..a93cebaf1 100644 --- a/src/com/jpexs/decompiler/flash/action/ActionDeobfuscator.java +++ b/src/com/jpexs/decompiler/flash/action/ActionDeobfuscator.java @@ -16,6 +16,9 @@ */ package com.jpexs.decompiler.flash.action; +import com.jpexs.decompiler.flash.DisassemblyListener; +import com.jpexs.decompiler.flash.SWF; +import com.jpexs.decompiler.flash.SWFInputStream; import com.jpexs.decompiler.flash.action.special.ActionStore; import com.jpexs.decompiler.flash.action.swf4.ActionAdd; import com.jpexs.decompiler.flash.action.swf4.ActionEquals; @@ -26,18 +29,19 @@ import com.jpexs.decompiler.flash.action.swf4.ActionNot; import com.jpexs.decompiler.flash.action.swf4.ActionPush; import com.jpexs.decompiler.flash.action.swf4.ActionSetVariable; import com.jpexs.decompiler.flash.action.swf4.ActionSubtract; +import com.jpexs.decompiler.flash.action.swf4.ConstantIndex; import com.jpexs.decompiler.flash.action.swf5.ActionAdd2; import com.jpexs.decompiler.flash.action.swf5.ActionConstantPool; import com.jpexs.decompiler.flash.action.swf5.ActionDefineFunction; import com.jpexs.decompiler.flash.action.swf5.ActionDefineLocal; import com.jpexs.decompiler.flash.action.swf5.ActionReturn; import com.jpexs.decompiler.flash.ecma.EcmaScript; -import com.jpexs.decompiler.flash.exporters.modes.ScriptExportMode; import com.jpexs.decompiler.flash.helpers.SWFDecompilerListener; import com.jpexs.decompiler.graph.Graph; import com.jpexs.decompiler.graph.GraphSourceItemContainer; import com.jpexs.decompiler.graph.GraphTargetItem; import com.jpexs.decompiler.graph.TranslateException; +import java.io.IOException; import java.util.ArrayList; import java.util.EmptyStackException; import java.util.HashMap; @@ -46,6 +50,8 @@ import java.util.List; import java.util.Map; import java.util.Set; import java.util.Stack; +import java.util.logging.Level; +import java.util.logging.Logger; /** * @@ -53,14 +59,17 @@ import java.util.Stack; */ public class ActionDeobfuscator implements SWFDecompilerListener { + private final int executionLimit = 30000; + @Override - public void actionListParsed(ActionList actions) { + public void actionListParsed(ActionList actions, SWF swf) { combinePushs(actions); removeFakeFunction(actions); removeUnreachableActions(actions); removeObfuscationIfs(actions); removeUnreachableActions(actions); removeZeroJumps(actions); + rereadActionList(actions, swf); // this call will fix the contant pool assigments } private void combinePushs(ActionList actions) { @@ -79,6 +88,18 @@ public class ActionDeobfuscator implements SWFDecompilerListener { } } + private boolean rereadActionList(ActionList actions, SWF swf) { + byte[] actionBytes = Action.actionsToBytes(actions, true, SWF.DEFAULT_VERSION); + try { + SWFInputStream rri = new SWFInputStream(swf, actionBytes); + ActionList newActions = ActionListReader.readActionList(new ArrayList(), rri, SWF.DEFAULT_VERSION, 0, actionBytes.length, "", false); + actions.setActions(newActions); + } catch (IOException | InterruptedException ex) { + Logger.getLogger(ActionDeobfuscator.class.getName()).log(Level.SEVERE, null, ex); + } + return true; + } + private boolean removeUnreachableActions(ActionList actions) { Set reachableActions = new HashSet<>(); Set processedActions = new HashSet<>(); @@ -177,18 +198,23 @@ public class ActionDeobfuscator implements SWFDecompilerListener { int lastOkIdx = -1; int lastOkInstructionsProcessed = -1; int instructionsProcessed = 0; - Map variables = new HashMap<>(); + Map lastOkVariables = new HashMap<>(); Set defines = new HashSet<>(); + ActionConstantPool lastOkConstantPool = null; ActionConstantPool constantPool = null; while (true) { Action action = actions.get(idx); instructionsProcessed++; - System.out.print(action.getASMSource(actions, new ArrayList(), ScriptExportMode.PCODE)); + if (instructionsProcessed > executionLimit) { + break; + } + + /*System.out.print(action.getASMSource(actions, new ArrayList(), ScriptExportMode.PCODE)); for (int j = 0; j < stack.size(); j++) { System.out.print(" '" + stack.get(j).getResult() + "'"); } - System.out.println(); + System.out.println();*/ if (action instanceof ActionConstantPool) { constantPool = (ActionConstantPool) action; @@ -218,6 +244,20 @@ public class ActionDeobfuscator implements SWFDecompilerListener { break; } + if (action instanceof ActionPush) { + ActionPush push = (ActionPush) action; + boolean ok = true; + for (Object value : push.values) { + if (value instanceof ConstantIndex) { + ok = false; + break; + } + } + if (!ok) { + break; + } + } + /*for (String variable : localData.variables.keySet()) { System.out.println(Helper.byteArrToString(variable.getBytes())); }*/ @@ -248,17 +288,18 @@ public class ActionDeobfuscator implements SWFDecompilerListener { if (/*localData.variables.size() == 1 && */stack.empty()) { lastOkIdx = idx; lastOkInstructionsProcessed = instructionsProcessed; - variables.clear(); + lastOkConstantPool = constantPool; + lastOkVariables.clear(); for (String variableName : localData.variables.keySet()) { Object value = localData.variables.get(variableName).getResult(); - variables.put(variableName, value); + lastOkVariables.put(variableName, value); } } } if (lastOkIdx != -1) { int newIstructionCount = constantPool != null ? 2 : 1; - newIstructionCount += 2 * variables.size(); + newIstructionCount += 2 * lastOkVariables.size(); if (newIstructionCount < lastOkInstructionsProcessed) { Action target = actions.get(lastOkIdx); @@ -269,8 +310,8 @@ public class ActionDeobfuscator implements SWFDecompilerListener { prevAction = constantPool; } - for (String variableName : variables.keySet()) { - Object value = variables.get(variableName); + for (String variableName : lastOkVariables.keySet()) { + Object value = lastOkVariables.get(variableName); ActionPush push = new ActionPush(variableName); push.values.add(value); push.setAddress(prevAction.getAddress()); diff --git a/src/com/jpexs/decompiler/flash/action/ActionList.java b/src/com/jpexs/decompiler/flash/action/ActionList.java index 56b958704..b8c895374 100644 --- a/src/com/jpexs/decompiler/flash/action/ActionList.java +++ b/src/com/jpexs/decompiler/flash/action/ActionList.java @@ -33,6 +33,7 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; +import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; @@ -48,6 +49,11 @@ public class ActionList extends ArrayList { public ActionList(Collection actions) { super(actions); } + + public void setActions(List list) { + clear(); + addAll(list); + } public void removeAction(int index) { ActionListReader.removeAction(this, index, SWF.DEFAULT_VERSION, true); diff --git a/src/com/jpexs/decompiler/flash/action/ActionListReader.java b/src/com/jpexs/decompiler/flash/action/ActionListReader.java index f8958bb48..e85888457 100644 --- a/src/com/jpexs/decompiler/flash/action/ActionListReader.java +++ b/src/com/jpexs/decompiler/flash/action/ActionListReader.java @@ -95,7 +95,7 @@ public class ActionListReader { @Override public ActionList call() throws IOException, InterruptedException { - return readActionList(listeners, sis, version, ip, endIp, path); + return readActionList(listeners, sis, version, ip, endIp, path, Configuration.autoDeobfuscate.get()); } }, Configuration.decompilationTimeoutSingleMethod.get(), TimeUnit.SECONDS); @@ -123,11 +123,12 @@ public class ActionListReader { * @param ip * @param endIp * @param path + * @param deobfuscate * @return List of actions * @throws IOException * @throws java.lang.InterruptedException */ - private static ActionList readActionList(List listeners, SWFInputStream sis, int version, int ip, int endIp, String path) throws IOException, InterruptedException { + public static ActionList readActionList(List listeners, SWFInputStream sis, int version, int ip, int endIp, String path, boolean deobfuscate) throws IOException, InterruptedException { ConstantPool cpool = new ConstantPool(); // Map of the actions. Use TreeMap to sort the keys in ascending order @@ -166,7 +167,7 @@ public class ActionListReader { if (SWFDecompilerPlugin.listener != null) { try { - SWFDecompilerPlugin.listener.actionListParsed(actions); + SWFDecompilerPlugin.listener.actionListParsed(actions, sis.getSwf()); actions = fixActionList(actions, null, version); } catch (Throwable e) { @@ -175,9 +176,9 @@ public class ActionListReader { } } - if (Configuration.autoDeobfuscate.get()) { + if (deobfuscate) { try { - new ActionDeobfuscator().actionListParsed(actions); + new ActionDeobfuscator().actionListParsed(actions, sis.getSwf()); /*actions = deobfuscateActionList(listeners, actions, version, 0, path); updateActionLengths(actions, version); removeZeroJumps(actions, version);*/ diff --git a/src/com/jpexs/decompiler/flash/gui/Main.java b/src/com/jpexs/decompiler/flash/gui/Main.java index c9817a4ba..0bc7e531d 100644 --- a/src/com/jpexs/decompiler/flash/gui/Main.java +++ b/src/com/jpexs/decompiler/flash/gui/Main.java @@ -29,7 +29,6 @@ import com.jpexs.decompiler.flash.configuration.Configuration; import com.jpexs.decompiler.flash.console.CommandLineArgumentParser; import com.jpexs.decompiler.flash.console.ContextMenuTools; import com.jpexs.decompiler.flash.gui.proxy.ProxyFrame; -import com.jpexs.decompiler.flash.helpers.EmptySWFDecompilerListener; import com.jpexs.decompiler.flash.helpers.SWFDecompilerPlugin; import com.jpexs.decompiler.flash.tags.base.FontTag; import com.jpexs.decompiler.flash.treeitems.SWFList; diff --git a/src/com/jpexs/decompiler/flash/helpers/EmptySWFDecompilerListener.java b/src/com/jpexs/decompiler/flash/helpers/EmptySWFDecompilerListener.java index 205f21248..09db64215 100644 --- a/src/com/jpexs/decompiler/flash/helpers/EmptySWFDecompilerListener.java +++ b/src/com/jpexs/decompiler/flash/helpers/EmptySWFDecompilerListener.java @@ -16,6 +16,7 @@ */ package com.jpexs.decompiler.flash.helpers; +import com.jpexs.decompiler.flash.SWF; import com.jpexs.decompiler.flash.action.ActionList; /** @@ -25,7 +26,7 @@ import com.jpexs.decompiler.flash.action.ActionList; public class EmptySWFDecompilerListener implements SWFDecompilerListener { @Override - public void actionListParsed(ActionList actions) { + public void actionListParsed(ActionList actions, SWF swf) { throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. } diff --git a/src/com/jpexs/decompiler/flash/helpers/SWFDecompilerListener.java b/src/com/jpexs/decompiler/flash/helpers/SWFDecompilerListener.java index f5de8bb2f..c623c9212 100644 --- a/src/com/jpexs/decompiler/flash/helpers/SWFDecompilerListener.java +++ b/src/com/jpexs/decompiler/flash/helpers/SWFDecompilerListener.java @@ -16,6 +16,7 @@ */ package com.jpexs.decompiler.flash.helpers; +import com.jpexs.decompiler.flash.SWF; import com.jpexs.decompiler.flash.action.ActionList; /** @@ -24,5 +25,5 @@ import com.jpexs.decompiler.flash.action.ActionList; */ public interface SWFDecompilerListener { - void actionListParsed(ActionList actions); + void actionListParsed(ActionList actions, SWF swf); }