Add proper support for multiple passes (running AstDeobfuscator twice changes some code the second time, but it should not)
Fix transforming of long expressions (e.g. a + b + c) - might be covered by the item above?
Fix int var16 = var15 - (-16 - var0.anInt3400); (presumably that's an example of the item above?)
Rewrite simple identities (e.g. 0 - x to -x, x + 0 to x, x * 1 to x and so on)
Improve Fernflower's choice of char/hex/decimal literals
Remove redundant casts
Rewrite > and >= in for loops to < and <=
Rewrite > and >= in while and do/while loops I think I'm going to ignore this for now, as it's probably fairly difficult to figure out whether < or > is more appropriate and it'd be nice for the AST deobfuscator to not change things a human might manually tidy up in the IDE.
Use > and >= in for loops that decrement instead of increment
Rewrite return x ? y : z; in an else block (or an if followed by an else) to use else if instead
Rewrite pre-increments to post-increments where possible
Improve structuring in general (e.g. try to rewrite if and else blocks to avoid almost the entire body of a method being indented, etc.)
Remove use of deprecated methods (e.g. new Integer(...) -> Integer.valueOf(...), newInstance()) (note: in the future we might want to do this at the bytecode level in the bundler instead)
Remaining items:
* [x] Add proper support for multiple passes (running `AstDeobfuscator` twice changes some code the second time, but it should not)
* [x] Fix transforming of long expressions (e.g. `a + b + c`) - might be covered by the item above?
* [x] Fix `int var16 = var15 - (-16 - var0.anInt3400);` (presumably that's an example of the item above?)
* [x] Rewrite simple identities (e.g. `0 - x` to `-x`, `x + 0` to `x`, `x * 1` to `x` and so on)
* [x] Improve Fernflower's choice of char/hex/decimal literals
* [x] Remove redundant casts
* [x] Rewrite `>` and `>=` in `for` loops to `<` and `<=`
* [ ] ~~Rewrite `>` and `>=` in `while` and `do`/`while` loops~~ I think I'm going to ignore this for now, as it's probably fairly difficult to figure out whether `<` or `>` is more appropriate and it'd be nice for the AST deobfuscator to not change things a human might manually tidy up in the IDE.
* [x] Use `>` and `>=` in `for` loops that decrement instead of increment
* [x] Rewrite `return x ? y : z;` in an `else` block (or an `if` followed by an `else`) to use `else if` instead
* [x] Rewrite pre-increments to post-increments where possible
* [x] Improve structuring in general (e.g. try to rewrite `if` and `else` blocks to avoid almost the entire body of a method being indented, etc.)
* [x] Remove use of deprecated methods (e.g. `new Integer(...)` -> `Integer.valueOf(...)`, `newInstance()`) (note: in the future we might want to do this at the bytecode level in the bundler instead)
* [ ] Rewrite `(long) 0` -> `0L`
* [x] Rewrite `(x << 24) & 0xFF000000` -> `(x & 0xFF) << 24`
* [ ] Rewrite `sum >>> 11 & 0xAF400003` -> `sum >>> 11 & 0x3`
* [ ] Rewrite `codeword << -bitPos5` -> `codeword >>> bitPos5` (is that equivalent?) (ditto ` @Pc(79) int local79 = local19 & -bitPos >> 31;`)
gpe
changed title from Implement AST-based deobfuscator to Add AST-based deobfuscator5 years ago
Remaining items:
AstDeobfuscator
twice changes some code the second time, but it should not)a + b + c
) - might be covered by the item above?int var16 = var15 - (-16 - var0.anInt3400);
(presumably that's an example of the item above?)0 - x
to-x
,x + 0
tox
,x * 1
tox
and so on)>
and>=
infor
loops to<
and<=
RewriteI think I'm going to ignore this for now, as it's probably fairly difficult to figure out whether>
and>=
inwhile
anddo
/while
loops<
or>
is more appropriate and it'd be nice for the AST deobfuscator to not change things a human might manually tidy up in the IDE.>
and>=
infor
loops that decrement instead of incrementreturn x ? y : z;
in anelse
block (or anif
followed by anelse
) to useelse if
insteadif
andelse
blocks to avoid almost the entire body of a method being indented, etc.)new Integer(...)
->Integer.valueOf(...)
,newInstance()
) (note: in the future we might want to do this at the bytecode level in the bundler instead)(long) 0
->0L
(x << 24) & 0xFF000000
->(x & 0xFF) << 24
sum >>> 11 & 0xAF400003
->sum >>> 11 & 0x3
codeword << -bitPos5
->codeword >>> bitPos5
(is that equivalent?) (ditto@Pc(79) int local79 = local19 & -bitPos >> 31;
)Implement AST-based deobfuscatorto Add AST-based deobfuscator 5 years agoThe ternary return transform didn't work here - probably needs to run before we swap if/else branches.
If/else nesting in
readZonePacket()
could be improved.