11-06-2014, 05:53 PM
(11-06-2014, 04:47 PM)lab27 Wrote:(11-06-2014, 11:58 AM)soulija boy Wrote:(11-06-2014, 08:02 AM)Bibl Wrote:(11-05-2014, 05:59 PM)lab27 Wrote: classic illegal java rewrites (like replacing a loop with a self-vectoring exception table).
what u mean
what u mean
This.
Take a loop, remove the back jump, replace it with a catch handler at the top. That one's fairly easy to handle. Then, wrap the body of the loop in a boolean so it only gets executed every other time via a forward jumping exception handler.
Here's an example:
Code:public static void main(java.lang.String[]);
Code:
0: new #16 // class java/lang/Exception
3: dup
4: invokespecial #14 // Method java/lang/Exception."<init>":()V
7: astore 4
9: getstatic #17 // Field java/lang/System.out:Ljava/io/PrintStream;
12: astore_1
13: ldc #11 // int 10
15: istore_2
16: iconst_0
17: istore_3
18: aconst_null
19: pop
20: iload_3
21: ifne 27
24: aload 4
26: athrow
27: aload_1
28: iload_2
29: dup_x1
30: invokevirtual #24 // Method java/io/PrintStream.print:(I)V
33: ifne 37
36: return
37: aconst_null
38: pop
39: iconst_1
40: iload_3
41: dup
42: ifne 51
45: iinc_w 2, -1
51: isub
52: istore_3
53: aload 4
55: athrow
Exception table:
from to target type
26 27 38 Class java/lang/Exception
19 56 19 Class java/lang/Exception
CFR and Procyon actually make a reasonable job of it, but are still both pretty wildly out. Fernflower gives up completely and goes home.
You can see what the above does, and you can also see how it's a trivial transformation from the original bytecode - an automated obfuscator could use this trick with no work at all, and it's a lot more effective than simple renaming.
(For reference, you can get this test here).
whats the performance for this method, it would be slower i assume?
also is there a paper or something on this concept