From f7ffe7f1afb8276072a7fd3706225af975d2c3cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jindra=20Pet=C5=99=C3=ADk?= Date: Sat, 27 Mar 2021 20:50:54 +0100 Subject: [PATCH] Fixed: AS3 jump deobfuscator - fix for try..catch clauses --- CHANGELOG.md | 1 + .../deobfuscation/AVM2DeobfuscatorJumps.java | 45 ++++--- .../ActionScript3AssembledDecompileTest.java | 23 ++++ .../as3_assembled-0/as3_assembled-0.main.abc | Bin 6444 -> 6744 bytes .../as3_assembled-0.main.asasm | 1 + .../tests/TestTryWhile.class.asasm | 123 ++++++++++++++++++ .../tests/TestTryWhile.script.asasm | 29 +++++ 7 files changed, 206 insertions(+), 16 deletions(-) create mode 100644 libsrc/ffdec_lib/testdata/as3_assembled/abc/as3_assembled-0/tests/TestTryWhile.class.asasm create mode 100644 libsrc/ffdec_lib/testdata/as3_assembled/abc/as3_assembled-0/tests/TestTryWhile.script.asasm diff --git a/CHANGELOG.md b/CHANGELOG.md index 087f8bbc1..6d65366f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file. - [#1670] Parent component/window of dialogs not properly set - AS decompilation - Gotos handling vs and/or - AS decompilation - certain combinations of ifs and switch +- AS3 jump deobfuscator - fix for try..catch clauses ## [14.3.1] - 2021-03-25 ### Fixed diff --git a/libsrc/ffdec_lib/src/com/jpexs/decompiler/flash/abc/avm2/deobfuscation/AVM2DeobfuscatorJumps.java b/libsrc/ffdec_lib/src/com/jpexs/decompiler/flash/abc/avm2/deobfuscation/AVM2DeobfuscatorJumps.java index 310292683..12ea068d7 100644 --- a/libsrc/ffdec_lib/src/com/jpexs/decompiler/flash/abc/avm2/deobfuscation/AVM2DeobfuscatorJumps.java +++ b/libsrc/ffdec_lib/src/com/jpexs/decompiler/flash/abc/avm2/deobfuscation/AVM2DeobfuscatorJumps.java @@ -31,9 +31,8 @@ import java.util.Map; /** * - * AVM2 Deobfuscator removing single assigned local registers. + * AVM2 Deobfuscator replacing jumps/ifs targeting other jumps. * - * Example: var a = true; var b = false; ... if(a){ ...ok }else{ not executed } * * @author JPEXS */ @@ -57,22 +56,36 @@ public class AVM2DeobfuscatorJumps extends SWFDecompilerAdapter { for (int i = 0; i < code.code.size(); i++) { AVM2Instruction ins = code.code.get(i); if (ins.definition instanceof JumpIns) { + long srcAddr = ins.getAddress(); long targetAddr = ins.getTargetAddress(); - { - //We do not want exception start to be redirected somewhere else - if (exceptionStarts.contains(i)) { - continue; - } - for (int r : refs.get(i)) { - if (r >= 0) { //Not Exception start/end - AVM2Instruction srcIns = code.code.get(r); - if ((srcIns.definition instanceof JumpIns) || ((srcIns.definition instanceof IfTypeIns) && (r != i - 1))) { - int oldop = srcIns.operands[0]; - srcIns.operands[0] = (int) (targetAddr - (srcIns.getAddress() + srcIns.getBytesLength())); - if (srcIns.operands[0] != oldop) { - found = true; - } + //source and target must be in the same try..catch block + boolean exceptionMismatch = false; + for (int e = 0; e < body.exceptions.length; e++) { + boolean sourceMatch = srcAddr >= body.exceptions[e].start && srcAddr < body.exceptions[e].end; + boolean targetMatch = targetAddr >= body.exceptions[e].start && targetAddr < body.exceptions[e].end; + if (sourceMatch != targetMatch) { + exceptionMismatch = true; + break; + } + } + if (!exceptionMismatch) { + continue; + } + + //We do not want exception start to be redirected somewhere else + if (exceptionStarts.contains(i)) { + continue; + } + for (int r : refs.get(i)) { + if (r >= 0) { //Not Exception start/end + AVM2Instruction srcIns = code.code.get(r); + + if ((srcIns.definition instanceof JumpIns) || ((srcIns.definition instanceof IfTypeIns) && (r != i - 1))) { + int oldop = srcIns.operands[0]; + srcIns.operands[0] = (int) (targetAddr - (srcIns.getAddress() + srcIns.getBytesLength())); + if (srcIns.operands[0] != oldop) { + found = true; } } } diff --git a/libsrc/ffdec_lib/test/com/jpexs/decompiler/flash/as3decompile/ActionScript3AssembledDecompileTest.java b/libsrc/ffdec_lib/test/com/jpexs/decompiler/flash/as3decompile/ActionScript3AssembledDecompileTest.java index b02623e6f..b464e472b 100644 --- a/libsrc/ffdec_lib/test/com/jpexs/decompiler/flash/as3decompile/ActionScript3AssembledDecompileTest.java +++ b/libsrc/ffdec_lib/test/com/jpexs/decompiler/flash/as3decompile/ActionScript3AssembledDecompileTest.java @@ -333,6 +333,29 @@ public class ActionScript3AssembledDecompileTest extends ActionScript3DecompileT false); } + @Test + public void testTryWhile() { + decompileMethod("assembled", "testTryWhile", "try\r\n" + + "{\r\n" + + "var c:String = \"aa\";\r\n" + + "while(c)\r\n" + + "{\r\n" + + "if(b)\r\n" + + "{\r\n" + + "break;\r\n" + + "}\r\n" + + "c = c.Object;\r\n" + + "}\r\n" + + "}\r\n" + + "catch(e:Error)\r\n" + + "{\r\n" + + "browserMode = false;\r\n" + + "return;\r\n" + + "}\r\n" + + "trace(\"finish\");\r\n", + false); + } + @Test public void testUnnamedException() { decompileMethod("assembled", "testUnnamedException", "var _loc5_:int = 5;\r\n" diff --git a/libsrc/ffdec_lib/testdata/as3_assembled/abc/as3_assembled-0/as3_assembled-0.main.abc b/libsrc/ffdec_lib/testdata/as3_assembled/abc/as3_assembled-0/as3_assembled-0.main.abc index 930971d3ad8c7920e1f3e440ef40649ae297de70..782886fa7251894f56b320ed7fa01ff84565e9ac 100644 GIT binary patch delta 2309 zcmZ9M+f$pz6~NEg@3P+tkUj}?sW1kN5FmXLA2(xTo0~BLe338MU~I4?5QfA+0{DIb z6E|(sHj~Ugbo$aZX?l6cG}FmLXY!W+K=#ybrw?uOlulkkUi;#nMZ-h-Y0kI5@0_zo zXZM`lPdoqKZP}0pdj9aC6=RtH(8<*p`NhrRIu^{0wUy%PhJH4`y!z*l*RZN`vbeE1 zxqg3YY57)B`dN_Syo|FQh6(vc_D_xF^YUFSR#{P4U%R_eTtBKkquP$#a zef|&aBdt2HNl`ZXz8C8ukEih7M935BwARC&VNYnm0Q#Latk7~e9T5gZx}qXlj4noR zMwg;*$P#an|Kg^<$4FaN=*^H7`aOn!iV;f&tkgv0R~Y#%b zERKf8s_dFTwLfU?eVE?wDJu*wGF`JmdxLLW-nH)a7)hmjh8(*&()$yVpO9SOIL5J+ zi&ZYxIQ|%UO6Q)(90kXRvQD&ZUF58evxA(~bJoCFBWH&=YvL@%S+j5$cV@U~<9LoE z=lF3JMZccCzL2csmN1g%nw3NTK6v(HZ?k&zxJ3?}l2nwiFI4 z>^;Q9DdwwZe(Hv&MC|uUVr z0!B*icNB9sxsbDlu#L!B$O-B92Cp`j+|oGY-obzcP|C)^t^}Cv%5^SwlosRJE|vk% zG$uU0k~`bIukKcAogrFHCASDU=H^bjxs00|cXMNIF6HKK$tT_u;hq=S9wb+bTs0M8 zUAa!n7vA1bBAHK+sdC?RTbXXidSB7pP?(eN`O=Zzd2R;)M1dEqrtPzddGq;;f{{Hc zOTHR&Q~A9izwsRlyIB`96fUwK?vAp}$m4eW2(57{@zRYM^F}W1Ji~&K*!Dh8u3&bA z<c95+Upux8URrPO(wV`p9PxD2g+|zeirCG@OBoljuvtWun*`Imj8N1Ib4;j z+L@duhdIxv2j&f%qKP?lTv8Q`*n(FFpw0pNKd)cg71Rgryh-Mynt_fe@-57X5J z2r#Ik+0+)>sKQ;B!J5?NY5F^RvYg;y#Z|bMY_H<~mi7ILzb^Bj;=h);Pw|&!9#;IP zGUw$lYQAtrNJHz%l!uA(aE6A4F@TZ%l|5Fe?9SUj^eK-qt@%8!)!- zwx-;cWFSNvKp||d*80NTnfDfqF*K|EbRN&_uWx5>ee=_Sx}|2h7HXlR2{CxN>!Vi= z7j|vuDxJ$+zp$q%VWkN=cjOnLC~nG^p>*;#S?hKK_9w4jD`T@`4pB)OQyu1IIKQ9K z6P3||OoyXr$no$9z26Uy1Y5r|cH_>iIV+jBc3Yg4Ig!i@`E_`}TvZe1q!URuY=HGG zT}9$sylT1gH#cS z#d9l~8vS2UcZUA2rRG{%mRd4(7NcAWREG?v%=RvmYgu(Qo>y1n1<(x0@0a4~UMZ%g K!*xqB%Hn?+@2IB$ delta 2103 zcmai!O>7&-702J3KhR}^wcG0 z=eO_w-kUcwocY)A?*>f^@<7k8J~ERZemq*zX`A7Dp{DqceSe1X*@}KT$zt-fZJe8fX{kCha z#a#QA4)mMTxxF0o$DFvSLwq1%CcH#BQAt!2HEEgMvePu%9h2KDHjjND<2?RDjQ7-&b$V=Y!R9BFMc_CNIC{}}yx5SdRi?fot^E&pUb%zumH zAV=i*OKRVxc7fwGH}7!sHI6Bc?;_9YTs-7xa(p0HMS7>mSqEo_IP2uBi?hR=9pS8- zv!uu{ZuW9K$5C*6lVgtSAs+ZP59GMpFD94>`ov`>o*)y02Imas4#c&vJi|`)7FW6`nuO1K;8OkCFQ> zabHScL|*Xk#NR`<1X{1!&HV?pIWRF0kWOG&P6WFCPt*NcPa{yv%50!VdI8_gQHI(v zYR9R)Ozi}n(PzF*AGDRQ(+4(fCIZIm?l(RU zceBeLpTsngv+S9ZI14}(nL?|(giJ%>@2b1?GvGZ6n*jA<4_EYn55RP@Z_ z;M43H7N?l!6i>q};46SZpbc#l{f3I2mp!ey_8j@m0p<+SyPEoarQeWit(kPDqR(XT z@!3qK>R%~*Sn;o%{IEEoR*P=BMz%Z3+mnB3bz!FWyK6?s1V z$kR}I9a{M)%?yC3i-HL*N-NT1Y%0H7ax^k>@NN;YgC=qw@Ho&xYz)1k z94^TZB2ILP9G3hueyHjeWfM#2G)V&UwFETDI7YS*3H`-|nyZ{I=(aiRi%C;asiRKpO zX*6rTQO1zs7ThmsSnQkT@n0J}uK4#2F3DuuXU-&9XgY;PH{0mW zP}emFP-vF&K$UV``t1RHOP;h-__nOtDO;q+rfB|iO}AC$R+b;zF80Z~-4RlM>9>{f z=3=;GH7WmN_m1nd*YJEdL@y7QcP(duj^J*quokHm*k&gbRWtWu>!ph#tUt!Z+yEc z=k^lMmicb4v$|wv%ck6pj~lmDz*YHKJYQM|^J~;me2s$nlltcK)Ppa2AH1-NR3mNJ z)%~6PDSbQ(+W`OgS?jw17TqH8X87sNs_^;h<7w;I8Va{9pS;I