Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[core] Missing field access assignment #2340

Closed
eybisi opened this issue Nov 7, 2024 · 1 comment
Closed

[core] Missing field access assignment #2340

eybisi opened this issue Nov 7, 2024 · 1 comment
Assignees
Labels
bug Core Issues in jadx-core module

Comments

@eybisi
Copy link
Contributor

eybisi commented Nov 7, 2024

Issue details

dProtect uses somewhat unconvential field access which results in incorrect decompilation.

Instead of normal field access instruction order where sput instruction is at the end after array filled with data:

# direct methods
.method static constructor <clinit>()V
    .locals 4

    const v0, 0x1
    new-array v0, v0, [J
    const/4 v1, 0x0
    const-wide/32 v2, 0x4c78b648
    aput-wide v2, v0, v1
    sput-object v0, Lorg/abc/obfusactiontests/MainActivity;->myArr:[J
    return-void
    nop

.end method

it first moves field into newly generated array register like following:

# direct methods
.method static constructor <clinit>()V
    .locals 4

    const v0, 0x1
    new-array v0, v0, [J
    sput-object v0, Lorg/abc/obfusactiontests/MainActivity;->myArr:[J
    const/4 v1, 0x0
    const-wide/32 v2, 0x4c78b648
    aput-wide v2, v0, v1
    return-void
    nop

.end method

And we get following decompilation which is not complete:

    static {
        myArr = r0;
        long[] jArr = {1282979400};
    }

Instead of:

private static long[] myArr = {1282979400};

I've attached sample for these cases, where app-debug1.zip is a normal access and app-debug2.zip is a dProtect way. Samples also prints myArr via System.out, and both are the same at the runtime.

Also another small issue with arrays, If an array created with bigger size than filled data for example:

# direct methods
.method static constructor <clinit>()V
    .locals 4

    const v0, 0x4
    new-array v0, v0, [J
    const/4 v1, 0x0
    const-wide/32 v2, 0x4c78b648
    aput-wide v2, v0, v1
    sput-object v0, Lorg/abc/obfusactiontests/MainActivity;->myArr:[J
    return-void
    nop

.end method

Jadx decompiles this to following:

private static long[] myArr = {1282979400};

Instead of :

private static long[] myArr = {1282979400,0,0,0};

Jadx produces same output for the cases where length is 1 or 4.

We can fill rest of the array with default element of the array type.

Relevant log output or stacktrace

No response

Provide sample and class/method full name

app-debug2.zip
app-debug1.zip

Jadx version

dev

@eybisi eybisi added bug Core Issues in jadx-core module labels Nov 7, 2024
@skylot skylot self-assigned this Nov 7, 2024
@skylot
Copy link
Owner

skylot commented Nov 7, 2024

Fixed.
@eybisi thank you for report 👍

@skylot skylot closed this as completed Nov 7, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
bug Core Issues in jadx-core module
Projects
None yet
Development

No branches or pull requests

2 participants