Example 61 with Expr
use of org.mapleir.ir.code.Expr in project maple-ir by LLVM-but-worse.
the class FieldRSADecryptionPass method transform.
private void transform(AnalysisContext cxt) {
for (ClassNode cn : cxt.getApplication().iterate()) {
for (MethodNode m : cn.methods) {
ControlFlowGraph cfg = cxt.getIRCache().getFor(m);
for (BasicBlock b : cfg.vertices()) {
for (Stmt stmt : b) {
// String fsKey = "";
if (stmt.getOpcode() == Opcode.FIELD_STORE) {
FieldStoreStmt fs = (FieldStoreStmt) stmt;
// [enc, dec]
Number[] p = pairs.get(key(fs));
if (p != null) {
Expr e = fs.getValueExpression();
e.unlink();
ArithmeticExpr ae = new ArithmeticExpr(new ConstantExpr(p[1], ConstantExpr.computeType(p[1])), e, Operator.MUL);
fs.setValueExpression(ae);
// fsKey = key(fs);
}
}
for (Expr e : stmt.enumerateOnlyChildren()) {
if (e.getOpcode() == FIELD_LOAD) {
CodeUnit par = e.getParent();
FieldLoadExpr fl = (FieldLoadExpr) e;
// [enc, dec]
Number[] p = pairs.get(key(fl));
if (p == null) {
continue;
}
if (par.getOpcode() == ARITHMETIC) {
ArithmeticExpr ae = (ArithmeticExpr) par;
if (ae.getRight().getOpcode() == CONST_LOAD) {
ConstantExpr ce = (ConstantExpr) ae.getRight();
Number cst = (Number) ce.getConstant();
Number res = __mul(cst, p[0], p[0].getClass().equals(Long.class));
// if(!__eq(res, 1, p[0].getClass().equals(Long.class))) {
// System.out.println(cst + " -> " + res);
// System.out.println(" expr: " + fl.getRootParent());
// }
par.overwrite(new ConstantExpr(res, ConstantExpr.computeType(res)), par.indexOf(ce));
continue;
}
}
ArithmeticExpr ae = new ArithmeticExpr(new ConstantExpr(p[0], ConstantExpr.computeType(p[0])), fl.copy(), Operator.MUL);
par.overwrite(ae, par.indexOf(fl));
}
}
}
}
}
}
// for(ClassNode cn : cxt.getClassTree().getClasses().values()) {
// for(MethodNode m : cn.methods) {
// ControlFlowGraph cfg = cxt.getCFGS().getIR(m);
//
// for(BasicBlock b : cfg.vertices()) {
// for(Stmt stmt : b) {
// for(Expr e : stmt.enumerateOnlyChildren()) {
// if(e.getOpcode() == Opcode.ARITHMETIC) {
// ArithmeticExpr ae = (ArithmeticExpr) e;
// if(ae.getRight().getOpcode() == Opcode.CONST_LOAD) {
// ConstantExpr c = (ConstantExpr) ae.getRight();
// Object o = c.getConstant();
//
// if(o instanceof Long || o instanceof Integer) {
// Number n = (Number) o;
// if(__eq(n, 1, ae.getType().equals(Type.LONG_TYPE))) {
// Expr l = ae.getLeft();
// l.unlink();
//
// CodeUnit aePar = ae.getParent();
// aePar.overwrite(l, aePar.indexOf(ae));
// } else if(__eq(n, 0, ae.getType().equals(Type.LONG_TYPE))) {
// c.unlink();
//
// CodeUnit aePar = ae.getParent();
// aePar.overwrite(c, aePar.indexOf(ae));
// }
// }
// }
// }
// }
// }
// }
// }
// }
}
Also used :
FieldStoreStmt(org.mapleir.ir.code.stmt.FieldStoreStmt)
ClassNode(org.objectweb.asm.tree.ClassNode)
FieldLoadExpr(org.mapleir.ir.code.expr.FieldLoadExpr)
BasicBlock(org.mapleir.ir.cfg.BasicBlock)
ConstantExpr(org.mapleir.ir.code.expr.ConstantExpr)
FieldStoreStmt(org.mapleir.ir.code.stmt.FieldStoreStmt)
Stmt(org.mapleir.ir.code.Stmt)
CodeUnit(org.mapleir.ir.code.CodeUnit)
MethodNode(org.objectweb.asm.tree.MethodNode)
ConstantExpr(org.mapleir.ir.code.expr.ConstantExpr)
ArithmeticExpr(org.mapleir.ir.code.expr.ArithmeticExpr)
Expr(org.mapleir.ir.code.Expr)
FieldLoadExpr(org.mapleir.ir.code.expr.FieldLoadExpr)
ArithmeticExpr(org.mapleir.ir.code.expr.ArithmeticExpr)
ControlFlowGraph(org.mapleir.ir.cfg.ControlFlowGraph)
Example 62 with Expr
use of org.mapleir.ir.code.Expr in project maple-ir by LLVM-but-worse.
the class FieldRSADecryptionPass method accept.
@Override
public int accept(AnalysisContext cxt, IPass prev, List<IPass> completed) {
this.cxt = cxt;
for (MethodNode m : cxt.getIRCache().getActiveMethods()) {
ControlFlowGraph cfg = cxt.getIRCache().getFor(m);
for (BasicBlock b : cfg.vertices()) {
for (Stmt stmt : b) {
for (Expr c : stmt.enumerateOnlyChildren()) {
if (c.getOpcode() == ARITHMETIC) {
ArithmeticExpr arith = (ArithmeticExpr) c;
if (arith.getOperator() == Operator.MUL) {
Expr l = arith.getLeft();
Expr r = arith.getRight();
if (r.getOpcode() == CONST_LOAD && l.getOpcode() == FIELD_LOAD) {
FieldLoadExpr fle = (FieldLoadExpr) l;
ConstantExpr constt = (ConstantExpr) r;
Number n = (Number) constt.getConstant();
boolean isLong = (n instanceof Long);
if (__eq(n, 1, isLong) || __eq(n, 0, isLong)) {
continue;
}
if (n instanceof Integer || n instanceof Long) {
cdecs.getNonNull(key(fle)).add(n);
}
}
}
}
}
if (stmt.getOpcode() == FIELD_STORE) {
FieldStoreStmt fss = (FieldStoreStmt) stmt;
Expr val = fss.getValueExpression();
if (bcheck1(val)) {
if (val.getOpcode() == CONST_LOAD) {
ConstantExpr c = (ConstantExpr) val;
if (c.getConstant() instanceof Integer || c.getConstant() instanceof Long) {
Number n = (Number) c.getConstant();
if (large(n, c.getConstant() instanceof Long)) {
cencs.getNonNull(key(fss)).add(n);
}
}
}
continue;
}
ArithmeticExpr ar = (ArithmeticExpr) val;
if (ar.getRight().getOpcode() == CONST_LOAD) {
ConstantExpr c = (ConstantExpr) ar.getRight();
Number n = (Number) c.getConstant();
boolean isLong = c.getConstant() instanceof Long;
if (__eq(n, 1, isLong) || __eq(n, 0, isLong)) {
continue;
}
if (ar.getOperator() == Operator.ADD) {
if (!large(n, isLong)) {
continue;
}
}
cencs.getNonNull(key(fss)).add(n);
}
}
}
for (Stmt stmt : b) {
if (stmt.getOpcode() == FIELD_STORE) {
if (key((FieldStoreStmt) stmt).equals("co.k I")) {
// System.out.println("HERE1: " + stmt);
//
// System.out.println(cfg);
}
handleFss((FieldStoreStmt) stmt);
}
for (Expr e : stmt.enumerateOnlyChildren()) {
if (e.getOpcode() == FIELD_LOAD) {
if (key((FieldLoadExpr) e).equals("co.k I")) {
// System.out.println("HERE2: " + stmt);
}
handleFle(stmt, (FieldLoadExpr) e);
}
}
}
}
}
Set<String> keys = new HashSet<>();
keys.addAll(cencs.keySet());
keys.addAll(cdecs.keySet());
for (String k : keys) {
boolean _longint = k.endsWith("J");
Set<Number> encs = cencs.getNonNull(k);
Set<Number> decs = cdecs.getNonNull(k);
try {
Number[] pair = get_pair(encs, decs, constants.getNonNull(k), _longint);
if (pair.length != 2) {
Set<Number> extended = new HashSet<>(constants.getNonNull(k));
extended.addAll(dangerConstants.getNonNull(k));
pair = get_pair(encs, decs, extended, _longint);
}
if (pair.length != 2) {
// System.out.println("No pair for: " + k);
// System.out.println("Constants: " + constants.getNonNull(k));
// System.out.println("Dconsts : " + dangerConstants.getNonNull(k));
// System.out.println("Encs : " + encs);
// System.out.println("Decs : " + decs);
} else {
pairs.put(k, pair);
// System.out.println("for: " + k + ": " + Arrays.toString(pair));
}
} catch (IllegalStateException e) {
System.err.println();
System.err.println("Constants: " + constants.getNonNull(k));
System.out.println("Dconsts : " + dangerConstants.getNonNull(k));
System.err.println("Encs : " + encs);
System.err.println("Decs : " + decs);
System.err.println("key: " + k);
throw e;
}
}
System.out.printf(" identified %n field encoder/decoder pairs.%n", pairs.size());
transform(cxt);
return pairs.size();
}
Also used :
FieldStoreStmt(org.mapleir.ir.code.stmt.FieldStoreStmt)
FieldLoadExpr(org.mapleir.ir.code.expr.FieldLoadExpr)
BasicBlock(org.mapleir.ir.cfg.BasicBlock)
ConstantExpr(org.mapleir.ir.code.expr.ConstantExpr)
FieldStoreStmt(org.mapleir.ir.code.stmt.FieldStoreStmt)
Stmt(org.mapleir.ir.code.Stmt)
BigInteger(java.math.BigInteger)
MethodNode(org.objectweb.asm.tree.MethodNode)
ConstantExpr(org.mapleir.ir.code.expr.ConstantExpr)
ArithmeticExpr(org.mapleir.ir.code.expr.ArithmeticExpr)
Expr(org.mapleir.ir.code.Expr)
FieldLoadExpr(org.mapleir.ir.code.expr.FieldLoadExpr)
ArithmeticExpr(org.mapleir.ir.code.expr.ArithmeticExpr)
ControlFlowGraph(org.mapleir.ir.cfg.ControlFlowGraph)
HashSet(java.util.HashSet)
Example 63 with Expr
use of org.mapleir.ir.code.Expr in project maple-ir by LLVM-but-worse.
the class FieldRSADecryptionPass method getInsns.
private List<CodeUnit> getInsns(CodeUnit u, Set<CodeUnit> vis) {
List<CodeUnit> list = new ArrayList<>();
if (vis.contains(u)) {
return list;
}
int op = u.getOpcode();
switch(op) {
case INVOKE:
case DYNAMIC_INVOKE:
case ARRAY_LOAD:
case ARRAY_STORE:
case ALLOC_OBJ:
case INIT_OBJ:
case COMPARE:
return list;
}
if (Opcode.opclass(op) == CLASS_JUMP) {
return list;
}
list.add(u);
vis.add(u);
for (Expr e : u.getChildren()) {
list.addAll(getInsns(e, vis));
}
if (!u.isFlagSet(Stmt.FLAG_STMT)) {
Expr e = (Expr) u;
CodeUnit par = e.getParent();
list.addAll(getInsns(par, vis));
}
return list;
}
Also used :
ConstantExpr(org.mapleir.ir.code.expr.ConstantExpr)
ArithmeticExpr(org.mapleir.ir.code.expr.ArithmeticExpr)
Expr(org.mapleir.ir.code.Expr)
FieldLoadExpr(org.mapleir.ir.code.expr.FieldLoadExpr)
ArrayList(java.util.ArrayList)
CodeUnit(org.mapleir.ir.code.CodeUnit)
Example 64 with Expr
use of org.mapleir.ir.code.Expr in project maple-ir by LLVM-but-worse.
the class ConstantExpressionEvaluatorPass method evaluateConditional.
public Boolean evaluateConditional(IPConstAnalysisVisitor vis, ControlFlowGraph cfg, ConditionalJumpStmt cond) {
Expr l = cond.getLeft();
Expr r = cond.getRight();
if (!TypeUtils.isPrimitive(l.getType()) || !TypeUtils.isPrimitive(r.getType())) {
if (l instanceof ConstantExpr && r instanceof ConstantExpr && !TypeUtils.isPrimitive(l.getType()) && !TypeUtils.isPrimitive(r.getType())) {
ConstantExpr left = (ConstantExpr) l;
ConstantExpr right = (ConstantExpr) r;
if (left.getConstant() == null && right.getConstant() == null) {
return cond.getComparisonType() == ConditionalJumpStmt.ComparisonType.EQ;
}
if (cond.getComparisonType() == ConditionalJumpStmt.ComparisonType.EQ) {
if ((left.getConstant() == null) != (right.getConstant() == null)) {
return false;
}
}
return null;
}
return null;
}
LocalValueResolver resolver = new SemiConstantLocalValueResolver(vis);
TaintableSet<ConstantExpr> lSet = evaluator.evalPossibleValues(resolver, l);
TaintableSet<ConstantExpr> rSet = evaluator.evalPossibleValues(resolver, r);
/* can only evaluate branch if all vals are known. */
if (!lSet.isTainted() && !rSet.isTainted()) {
if (lSet.isEmpty() || rSet.isEmpty()) {
System.err.println("oim interested m89");
System.err.println("Empty:");
System.err.println(cfg);
System.err.println("inputs:");
int k = 0;
for (TaintableSet<ConstantExpr> s : vis.constParams.get(cfg)) {
System.err.printf("@%d:: %s%n", k++, s);
}
System.err.println(l + " -> " + lSet);
System.err.println(r + " -> " + rSet);
System.err.println(cfg);
System.exit(1);
throw new RuntimeException();
}
Boolean result = evaluator.evaluatePrimitiveConditional(cond, lSet, rSet);
if (result != null) {
return result;
}
}
return null;
}
Also used :
ConstantExpr(org.mapleir.ir.code.expr.ConstantExpr)
ArithmeticExpr(org.mapleir.ir.code.expr.ArithmeticExpr)
VarExpr(org.mapleir.ir.code.expr.VarExpr)
Expr(org.mapleir.ir.code.Expr)
ConstantExpr(org.mapleir.ir.code.expr.ConstantExpr)
LocalValueResolver(org.mapleir.deob.intraproc.eval.LocalValueResolver)
Example 65 with Expr
use of org.mapleir.ir.code.Expr in project maple-ir by LLVM-but-worse.
the class ConstantExpressionEvaluatorPass method processMethod.
private void processMethod(MethodNode m, IPConstAnalysisVisitor vis, ControlFlowGraph cfg) {
for (BasicBlock b : new HashSet<>(cfg.vertices())) {
for (int i = 0; i < b.size(); i++) {
Stmt stmt = b.get(i);
// simplify conditional branches.
if (stmt.getOpcode() == COND_JUMP) {
// todo: satisfiability analysis
ConditionalJumpStmt cond = (ConditionalJumpStmt) stmt;
Boolean result = evaluateConditional(vis, cfg, cond);
if (result != null) {
eliminateBranch(cfg, cond.getBlock(), cond, i, result);
branchesEvaluated++;
}
}
// evaluate arithmetic.
for (CodeUnit cu : stmt.enumerateExecutionOrder()) {
if (cu instanceof Expr) {
Expr e = (Expr) cu;
CodeUnit par = e.getParent();
if (par != null) {
Expr val = simplifyArithmetic(cfg.getLocals(), e);
if (val != null) {
exprsEvaluated++;
cfg.overwrite(par, e, val);
}
}
}
}
}
}
}
Also used :
ConditionalJumpStmt(org.mapleir.ir.code.stmt.ConditionalJumpStmt)
ConstantExpr(org.mapleir.ir.code.expr.ConstantExpr)
ArithmeticExpr(org.mapleir.ir.code.expr.ArithmeticExpr)
VarExpr(org.mapleir.ir.code.expr.VarExpr)
Expr(org.mapleir.ir.code.Expr)
BasicBlock(org.mapleir.ir.cfg.BasicBlock)
HashSet(java.util.HashSet)
UnconditionalJumpStmt(org.mapleir.ir.code.stmt.UnconditionalJumpStmt)
Stmt(org.mapleir.ir.code.Stmt)
ConditionalJumpStmt(org.mapleir.ir.code.stmt.ConditionalJumpStmt)
AbstractCopyStmt(org.mapleir.ir.code.stmt.copy.AbstractCopyStmt)
CodeUnit(org.mapleir.ir.code.CodeUnit)
Aggregations
Expr (org.mapleir.ir.code.Expr)87
VarExpr (org.mapleir.ir.code.expr.VarExpr)46
InvocationExpr (org.mapleir.ir.code.expr.invoke.InvocationExpr)45
BasicBlock (org.mapleir.ir.cfg.BasicBlock)32
PhiExpr (org.mapleir.ir.code.expr.PhiExpr)31
Stmt (org.mapleir.ir.code.Stmt)29
ConstantExpr (org.mapleir.ir.code.expr.ConstantExpr)26
AbstractCopyStmt (org.mapleir.ir.code.stmt.copy.AbstractCopyStmt)26
Local (org.mapleir.ir.locals.Local)22
Type (org.objectweb.asm.Type)21
VersionedLocal (org.mapleir.ir.locals.impl.VersionedLocal)20
CopyPhiStmt (org.mapleir.ir.code.stmt.copy.CopyPhiStmt)19
InitialisedObjectExpr (org.mapleir.ir.code.expr.invoke.InitialisedObjectExpr)17
ComparisonType (org.mapleir.ir.code.stmt.ConditionalJumpStmt.ComparisonType)14
CopyVarStmt (org.mapleir.ir.code.stmt.copy.CopyVarStmt)14
ValueComparisonType (org.mapleir.ir.code.expr.ComparisonExpr.ValueComparisonType)13
ArrayType (org.mapleir.ir.TypeUtils.ArrayType)12
HashSet (java.util.HashSet)11
ArithmeticExpr (org.mapleir.ir.code.expr.ArithmeticExpr)11
ControlFlowGraph (org.mapleir.ir.cfg.ControlFlowGraph)9
