Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deobfuscation goes crazy #1364

Closed
jpstotz opened this issue Feb 5, 2022 · 4 comments
Closed

Deobfuscation goes crazy #1364

jpstotz opened this issue Feb 5, 2022 · 4 comments
Labels

Comments

@jpstotz
Copy link
Collaborator

jpstotz commented Feb 5, 2022

In the last days I observed multiple times that the deobfuscation goes crazy:

  1. Class names in the AndroidManifest.xml were modified but the class names in the source tree were original. Example:
  • Class name in AndroidManifest.xml: com.sec.android.app.myfiles.external.p011ui.MainActivity
  • Class name in source tree: com.sec.android.app.myfiles.external.ui.MainActivity

The modified class name in AndroidManifest.xml even remained after turning of deobfuscation. Happened with this APK but only if deobfuscation is active when Jadx starts.

  1. Package names are deobfuscated where it is not necessary:
    Package com.google.android.exoplayer2 becomes google.google.android.exoplayer2.

  2. Other strange renamings:
    com.worldturner.medeia.parser.gson.GsonJsonReaderDecoratorKt becomes google.worldturner.medeia.java.math.BigInteger
    In the file I found the comment reason: invalid package.

Point 2 and 3 I observed in this APK

@jpstotz jpstotz added bug Core Issues in jadx-core module labels Feb 5, 2022
@jpstotz jpstotz changed the title Dd Deobfuscation goes crazy Feb 5, 2022
@jpstotz jpstotz removed the Core Issues in jadx-core module label Feb 5, 2022
@jpstotz
Copy link
Collaborator Author

jpstotz commented Feb 5, 2022

@skylot Github was a little bit too fast in saving this issue. I just had started to write it when it somehow got saved...

@skylot
Copy link
Owner

skylot commented Feb 5, 2022

Looks like most issues can be caused by

private static final Map<String, String> DEOBF_MAP = new HashMap<>();

this map is static and never cleared or updated after init 😟

@jpstotz do these crazy things happen only in AndroidManifest.xml or also appear in code?

@jpstotz
Copy link
Collaborator Author

jpstotz commented Feb 5, 2022

do these crazy things happen only in AndroidManifest.xml or also appear in code?

It seems this is not deterministic. At the first time I observed the first problem it was AndroidManifest.xml only I think (I noticed this because I wasn't able to go to the actual class by clicking it in the manifest).
When I now open that APK the class/package has also been renamed.

Problem 2 and 3 I have seen both in code and the source tree of Jadx. For problem 2 & 3 it seems like the deobfuscation places maps the wrong parts of the full qualified class name (my guess form the Kotlin deobfuscation class name source) to non-matching parts of the original class name (like mapping google to the com part of com.google).

@skylot
Copy link
Owner

skylot commented Feb 5, 2022

Ok, I commit two fixes:

  1. Remove static cache from XmlDeobf class, so now manifest show correct names on deobfuscation switch.
  2. Other issues caused by renames from Kotlin metadata. I added more check, and if something renamed it will contain comment with rename reason: 'from Kotlin metadata'. If names became worse, this feature can be disabled in preferences.

@jpstotz please check :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants