threadtear icon indicating copy to clipboard operation
threadtear copied to clipboard

Published 20 hours ago verified publisher icon GraxCode

ZKM Des Cipher String Obfuscation

Open DarkyCat opened this issue 4 years ago • 6 comments

can't deobuscate jar file. Obfuscation is similar to zkm. jar file: https://workupload.com/file/bFVafRnQCEd

DarkyCat avatar Apr 23 '20 21:04 DarkyCat

This looks like latest ZKM with string obfuscation using DES cipher. Will maybe do this, but currently don't know how to generate string obf with DES cipher samples. Maybe it's ZKM 12+ only, idk.

GraxCode avatar Apr 23 '20 22:04 GraxCode

You can use "remove unnecessary try catch blocks" though if you want a better overview.

GraxCode avatar Apr 23 '20 22:04 GraxCode

I need more samples to make a deobfuscator for this one. Edit: not needed anymore.

GraxCode avatar Apr 25 '20 08:04 GraxCode

I've got a handful of ZKM 13 samples if you'd like. Looking to deob these.

chrisbog94 avatar Apr 30 '20 01:04 chrisbog94

The problem with newer ZKM files is that it uses method parameters as decryption values that are stored before method invocation (at the references), and it also combines resource and string obfuscation.

GraxCode avatar Apr 30 '20 10:04 GraxCode

Should be partially unblocked when ArgumentInliner is merged from #23.

ViRb3 avatar Jun 10 '20 00:06 ViRb3