openrs2
/
openrs2
3
1
Fork 3
Code Issues 66 Pull Requests Releases Activity
Labels Milestones
New Issue

Add AST-based deobfuscator #7

Open
opened 5 years ago by gpe · 2 comments
gpe commented 5 years ago
Owner

Remaining items:

  • Add proper support for multiple passes (running AstDeobfuscator twice changes some code the second time, but it should not)
  • Fix transforming of long expressions (e.g. a + b + c) - might be covered by the item above?
  • Fix int var16 = var15 - (-16 - var0.anInt3400); (presumably that's an example of the item above?)
  • Rewrite simple identities (e.g. 0 - x to -x, x + 0 to x, x * 1 to x and so on)
  • Improve Fernflower's choice of char/hex/decimal literals
  • Remove redundant casts
  • Rewrite > and >= in for loops to < and <=
  • Rewrite > and >= in while and do/while loops I think I'm going to ignore this for now, as it's probably fairly difficult to figure out whether < or > is more appropriate and it'd be nice for the AST deobfuscator to not change things a human might manually tidy up in the IDE.
  • Use > and >= in for loops that decrement instead of increment
  • Rewrite return x ? y : z; in an else block (or an if followed by an else) to use else if instead
  • Rewrite pre-increments to post-increments where possible
  • Improve structuring in general (e.g. try to rewrite if and else blocks to avoid almost the entire body of a method being indented, etc.)
  • Remove use of deprecated methods (e.g. new Integer(...) -> Integer.valueOf(...), newInstance()) (note: in the future we might want to do this at the bytecode level in the bundler instead)
  • Rewrite (long) 0 -> 0L
  • Rewrite (x << 24) & 0xFF000000 -> (x & 0xFF) << 24
  • Rewrite sum >>> 11 & 0xAF400003 -> sum >>> 11 & 0x3
  • Rewrite codeword << -bitPos5 -> codeword >>> bitPos5 (is that equivalent?) (ditto @Pc(79) int local79 = local19 & -bitPos >> 31;)
Remaining items: * [x] Add proper support for multiple passes (running `AstDeobfuscator` twice changes some code the second time, but it should not) * [x] Fix transforming of long expressions (e.g. `a + b + c`) - might be covered by the item above? * [x] Fix `int var16 = var15 - (-16 - var0.anInt3400);` (presumably that's an example of the item above?) * [x] Rewrite simple identities (e.g. `0 - x` to `-x`, `x + 0` to `x`, `x * 1` to `x` and so on) * [x] Improve Fernflower's choice of char/hex/decimal literals * [x] Remove redundant casts * [x] Rewrite `>` and `>=` in `for` loops to `<` and `<=` * [ ] ~~Rewrite `>` and `>=` in `while` and `do`/`while` loops~~ I think I'm going to ignore this for now, as it's probably fairly difficult to figure out whether `<` or `>` is more appropriate and it'd be nice for the AST deobfuscator to not change things a human might manually tidy up in the IDE. * [x] Use `>` and `>=` in `for` loops that decrement instead of increment * [x] Rewrite `return x ? y : z;` in an `else` block (or an `if` followed by an `else`) to use `else if` instead * [x] Rewrite pre-increments to post-increments where possible * [x] Improve structuring in general (e.g. try to rewrite `if` and `else` blocks to avoid almost the entire body of a method being indented, etc.) * [x] Remove use of deprecated methods (e.g. `new Integer(...)` -> `Integer.valueOf(...)`, `newInstance()`) (note: in the future we might want to do this at the bytecode level in the bundler instead) * [ ] Rewrite `(long) 0` -> `0L` * [x] Rewrite `(x << 24) & 0xFF000000` -> `(x & 0xFF) << 24` * [ ] Rewrite `sum >>> 11 & 0xAF400003` -> `sum >>> 11 & 0x3` * [ ] Rewrite `codeword << -bitPos5` -> `codeword >>> bitPos5` (is that equivalent?) (ditto ` @Pc(79) int local79 = local19 & -bitPos >> 31;`)
gpe changed title from Implement AST-based deobfuscator to Add AST-based deobfuscator 5 years ago
gpe added the
deobfuscator
 label 4 years ago
gpe added the
feature
 label 4 years ago
gpe commented 4 years ago
Poster
Owner 
	private static String method892(@OriginalArg(1) int arg0) {
		if (arg0 >= 100000) {
			return arg0 < 10000000 ? "<col=ffffff>" + arg0 / 1000 + LocalisedText.aString239 + "</col>" : "<col=00ff80>" + arg0 / 1000000 + LocalisedText.aString49 + "</col>";
		} else {
			return "<col=ffff00>" + arg0 + "</col>";
		}
	}

The ternary return transform didn't work here - probably needs to run before we swap if/else branches.

``` private static String method892(@OriginalArg(1) int arg0) { if (arg0 >= 100000) { return arg0 < 10000000 ? "<col=ffffff>" + arg0 / 1000 + LocalisedText.aString239 + "</col>" : "<col=00ff80>" + arg0 / 1000000 + LocalisedText.aString49 + "</col>"; } else { return "<col=ffff00>" + arg0 + "</col>"; } } ``` The ternary return transform didn't work here - probably needs to run before we swap if/else branches.
gpe commented 3 years ago
Poster
Owner

If/else nesting in readZonePacket() could be improved.

If/else nesting in `readZonePacket()` could be improved.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
bzip2
master
Labels
Apply labels
Clear labels
archive
Related to the archiving service asm
Related to the ASM utility module buffer
Related to the buffer library bug
A bug build
Related to the build infrastructure cache
Related to the cache library compression
Related to the compression module crypto
Related to the cryptography module deobfuscator
Related to deobfuscation (at both the bytecode- and AST-level) or decompilation docs
Related to the documentation stored in the repository feature
A new feature improvement
An improvement to an existing feature, such as refactoring, documenting or adding tests patcher
Related to client patching protocol
Related to the protocol module research
Requires further research before progress can be made util
Related to the common utility module or the YAML module
No Label archive asm buffer bug build cache compression crypto deobfuscator docs feature improvement patcher protocol research util
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: openrs2/openrs2#7
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(<nil>)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes