#590 Deobfuscation error : get what it was able to read

If you are looking for the decompiler itself, visit https://github.com/jindrapetrik/jpexs-decompiler

10/01/2017 + update 2020: WARNING - support of the decompiler is now VERY LIMITED. There are no active developers. This means we will NOT develop new features and/or fix most of bugs. We left the tracker running in case somebody from community would like to work on it. Sorry for the inconvenience.

List of issues

Author:

moonlightangel

Date created: 06/11/2014, 12:05:01 am

Type: question

Visibility: Everybody

Assigned to:

Labels: Deobfuscation

State: closed Help

Hello, I've got a little question. I know you don't work on deobfuscation anymore. I got a AS3 file that has an obfuscated method, and therefore throws a deobfuscation error. I was wondering if it was possible to print out what it was able to read. Let me explain that. If the deobfuscation fails, it means that somewhere, it wasn't able to read the bytecode and generate AS code result. If an error occurs, it prints a deobfuscation error for the whole method. Is there a way to make it print the "readable" part of the bytecode before the error occurs ? The bytecode is just too hard to read and understand. Hope I was clear enough and thank you in advance.

honfika

08/24/2014, 3:16:47 pm

It is not possible. The source code is not step by step generated from the bytecodes. First a graph should be created from the bytecodes. (And most of the problems are in this step, the text rendering from the graph is much more reliable) Suppose that the bytecodes are: push xx setlocal xx <other> jump or if xx Without the jump the result would be: var xx = yy; With the jump it can be a loop: while (zz) { var xx = yy; } So the first character of the generatad aAS code is diffrent, it is not possible to "get what it was to read" in the AS view. It is possible only in P-Code view. Am I right, JPEXS? +the obfuscators usually (if not ever) starts the obfuscation with the first instrucion.

State: new→upgraded

JPEXS

11/12/2014, 6:47:51 pm

I think it would be very complicated. The algorithm I use for graph generation/deobfuscation resolves jumps based on stack. And the deobfuscation problems are usually caused by empty stack for some reasons. Also the deobfuscation algorithm is buggy and always will be, and I don't have any plans to improve it, because it takes much time withot any usefull result. Sorry. I am closing this, hope you understand.

State: upgraded→closed