Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve StringEncryptTransformer #27

Open
wants to merge 31 commits into
base: main
Choose a base branch
from
Open

Improve StringEncryptTransformer #27

wants to merge 31 commits into from
+390 −111

Conversation

jonesdevelopment
Copy link
Collaborator

@jonesdevelopment jonesdevelopment commented Dec 20, 2024
edited
Loading

  • Improves the encryption and decryption method
    • Optional: Instead of passing the encrypted string to the decryption method, pass a character array

TODO:

  • Pool strings in an array (initialized in a generated method called in <clinit>)
  • Encrypt InvokeDynamicInsnNode bsm strings

@jonesdevelopment jonesdevelopment self-assigned this Dec 20, 2024
@jonesdevelopment jonesdevelopment marked this pull request as draft December 20, 2024 20:54
@jonesdevelopment
Copy link
Collaborator Author

In order to keep the changes only to the string encryption, I've copied the old encryption function and method generator to InvokeDynamicTransformer.

I have tested this with my Minecraft plugin, and it worked fine. More extensive testing is recommended.

@jonesdevelopment
Copy link
Collaborator Author

@SpartanB312 I need some help with replacing invoke dynamic bsm arguments (strings) with a local variable representation (or something else). This way, we can obfuscate invoke dynamic bsms as well as ldcs.

@SpartanB312
Copy link
Owner

Bsm args are actually const pool index, which can't be replaced by localvar or field.

@SpartanB312
Copy link
Owner

You can refer to GOTO obfuscator's string encrypt transformer. It has a method for handling invoice dynamics

@SpartanB312
Copy link
Owner

or replace makeConcatWithConstants with StringBuilder (This is what the compiler did before Java8)

@jonesdevelopment
Copy link
Collaborator Author

You can refer to GOTO obfuscator's string encrypt transformer. It has a method for handling invoice dynamics

I've implemented parts of their system into Grunt's code and it seems to be working. I'm still going to do some more testing.

@jonesdevelopment jonesdevelopment marked this pull request as ready for review December 29, 2024 18:59
@jonesdevelopment
Copy link
Collaborator Author

jonesdevelopment commented Dec 29, 2024
edited
Loading

@SpartanB312 Let me know if this is production ready. I've tested it several times and it works fine.

I'm going to recode the number obfuscation later and make it use a pool too.

@jonesdevelopment
Copy link
Collaborator Author

@SpartanB312 Can you make sure this also works in your environment? I'd like to merge this PR.

@SpartanB312
Copy link
Owner

Let me test more samples later

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SpartanB312 SpartanB312 Awaiting requested review from SpartanB312

Assignees

@jonesdevelopment jonesdevelopment

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonesdevelopment @SpartanB312