smali icon indicating copy to clipboard operation
smali copied to clipboard

Published 20 hours ago verified publisher icon JesusFreke

Corrupted .smali files

Open LunarWhisper opened this issue 7 years ago • 7 comments

Application One of corrupted files (~397 total errors):

\android\support\v4\app\FragmentManagerImpl$6.smali[67,0] mismatched input '' expecting END_METHOD_DIRECTIVE
Exception in thread "main" brut.androlib.AndrolibException: Could not smali file: android/support/v4/app/FragmentManagerImpl$6.smali
	at brut.androlib.src.SmaliBuilder.buildFile(SmaliBuilder.java:75)
	at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:59)
	at brut.androlib.src.SmaliBuilder.build(SmaliBuilder.java:36)
	at brut.androlib.Androlib.buildSourcesSmali(Androlib.java:412)
	at brut.androlib.Androlib.buildSources(Androlib.java:343)
	at brut.androlib.Androlib.build(Androlib.java:299)
	at brut.androlib.Androlib.build(Androlib.java:270)
	at brut.apktool.Main.cmdBuild(Main.java:224)
	at brut.apktool.Main.main(Main.java:75)

File content:

.class public Landroid/support/v4/app/FragmentManagerImpl$6;
.super Ljava/lang/Object;
.source "FragmentManagerImpl.java"


# direct methods
.method public constructor <init>()V
    .locals 0

    .prologue
    .line 3
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    return-void
.end method


# virtual methods
.method public 62ZyzUTrxrHFKPpPsokFHx9Cvt5qlEnr4VDhCkrmTpAKAYuZo4KCivEXc8h7z1yXgWJ3hdJl1fMH14bvyrbXThmKRKMLwutVPQo5IHAX1pb0iAD87K1a1LGGwJ60b7PfEJZBW6Om6GN7BaFnUwEHNG2puEQFndJUgqw4FNDOElSZ5f3GxXpD()Ljava/lang/String;
    .locals 1

    .prologue
    .line 12
    #unknown opcode: 0x1d00
    nop

    #Type index out of bounds: 41313
    #filled-new-array {}, type@41313
    nop

    or-int/2addr p10, v0

    iget-byte p4, p4, Lcom/google/android/gms/games/internal/ConnectionInfo;->mVersionCode:I

    #invalid payload reference
    #fill-array-data p171, :array_0
    nop

    #String index out of bounds: 324097064
    #const-string/jumbo p116, string@324097064
    nop

    rem-long p43, p179, p43

    iget p4, p10, Lcom/google/android/gms/tagmanager/zzbz;->zzbjN:Lcom/google/android/gms/internal/zzag$zza;
    :array_0
.end method

.method public fqCjXACnySI13Fm5O6640Z0VdgspMKN87Pecxjbk77v9tbRoxwuACBbOhY05ANgc7MG3l6Yz1M47nNFmKfEjWUsL5fIeIGFxdgZg6CGYiGWJJD6ameCtn62lB3svGy4LxaSikDxP9MnFGyNAFhEM7wvCmfBMX1eKQUFcXG7SDEEsBz0IM6KL()I
    .locals 1

    .prologue
    .line 7
    #unknown opcode: 0x1c00
    nop

    invoke-static {}, Lcom/igaworks/adbrix/cpe/common/CirclePageIndicator;->onSaveInstanceState()Landroid/os/Parcelable;

    shr-int/2addr p9, p9

    iget-wide p6, p4, Lcom/google/android/gms/common/data/zzd;->zzajg:[Ljava/lang/String;

    double-to-float p3, p10

    int-to-char p12, p3

LunarWhisper avatar Oct 26 '17 23:10 LunarWhisper

What happens when you directly run baksmali to disassemble the apk? Does it generate any errors?

JesusFreke avatar Oct 26 '17 23:10 JesusFreke

Sure! :)

org.jf.util.ExceptionWithContext: Encountered small uint that is out of range at offset 0x8a2da2
        at org.jf.dexlib2.dexbacked.BaseDexBuffer.readSmallUint(BaseDexBuffer.java:58)
        at org.jf.dexlib2.dexbacked.instruction.DexBackedInstruction31c.getReference(DexBackedInstruction31c.java:55)
        at org.jf.baksmali.Adaptors.Format.InstructionMethodItem.writeTo(InstructionMethodItem.java:118)
        at org.jf.baksmali.Adaptors.MethodDefinition.writeTo(MethodDefinition.java:240)
        at org.jf.baksmali.Adaptors.ClassDefinition.writeVirtualMethods(ClassDefinition.java:326)
        at org.jf.baksmali.Adaptors.ClassDefinition.writeTo(ClassDefinition.java:112)
        at org.jf.baksmali.Baksmali.disassembleClass(Baksmali.java:152)
        at org.jf.baksmali.Baksmali.access$000(Baksmali.java:46)
        at org.jf.baksmali.Baksmali$1.call(Baksmali.java:76)
        at org.jf.baksmali.Baksmali$1.call(Baksmali.java:74)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

org.jf.util.ExceptionWithContext: The last instruction in method Luk/d3dioMtplCj5tmVNYyeRpjPK1nVKeGTUsBPRfeQE6FXE9GRuBijvw05C66NWPi5uhUlWJVeMKq9Qm8OFXPL60W1WN7Gkm77oZB50s48JjMpSft4B7bLOlKS7qwNmSlxINoptF2DtqUXgkp8D
YqKIifinUytt4Xm5qDxr1QafyngMvN128pOG;->CstStfrCQWSLJntNqbEHzZxBWflVgl5ojSsaBRBUvfZbdzbvpdawJvWCgSLdd0byhZgr9tu2Elk0Q3wUKhoHC1SnK6x3PxMtBhr8f9nxGbGoU1GMtzZQIfN670rbv8bl3ULZLf3WFZo6bzF7bemBOBOWlBE8UaUtPvM4N7SyIGdpPd
3vRAqh()Ljava/lang/String; is truncated
        at org.jf.dexlib2.dexbacked.DexBackedMethodImplementation$1$1.readNextItem(DexBackedMethodImplementation.java:88)
        at org.jf.dexlib2.dexbacked.DexBackedMethodImplementation$1$1.readNextItem(DexBackedMethodImplementation.java:76)
        at org.jf.dexlib2.dexbacked.util.VariableSizeLookaheadIterator.computeNext(VariableSizeLookaheadIterator.java:60)
        at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143)
        at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138)
        at com.google.common.collect.ImmutableCollection$Builder.addAll(ImmutableCollection.java:300)
        at com.google.common.collect.ImmutableList$Builder.addAll(ImmutableList.java:691)
        at com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:275)
        at com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:226)
        at org.jf.baksmali.Adaptors.MethodDefinition.<init>(MethodDefinition.java:92)
        at org.jf.baksmali.Adaptors.ClassDefinition.writeVirtualMethods(ClassDefinition.java:325)
        at org.jf.baksmali.Adaptors.ClassDefinition.writeTo(ClassDefinition.java:112)
        at org.jf.baksmali.Baksmali.disassembleClass(Baksmali.java:152)
        at org.jf.baksmali.Baksmali.access$000(Baksmali.java:46)
        at org.jf.baksmali.Baksmali$1.call(Baksmali.java:76)
        at org.jf.baksmali.Baksmali$1.call(Baksmali.java:74)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Error while processing method Luk/d3dioMtplCj5tmVNYyeRpjPK1nVKeGTUsBPRfeQE6FXE9GRuBijvw05C66NWPi5uhUlWJVeMKq9Qm8OFXPL60W1WN7Gkm77oZB50s48JjMpSft4B7bLOlKS7qwNmSlxINoptF2DtqUXgkp8DYqKIifinUytt4Xm5qDxr1QafyngMvN128pO
G;->CstStfrCQWSLJntNqbEHzZxBWflVgl5ojSsaBRBUvfZbdzbvpdawJvWCgSLdd0byhZgr9tu2Elk0Q3wUKhoHC1SnK6x3PxMtBhr8f9nxGbGoU1GMtzZQIfN670rbv8bl3ULZLf3WFZo6bzF7bemBOBOWlBE8UaUtPvM4N7SyIGdpPd3vRAqh()Ljava/lang/String;

etc.

LunarWhisper avatar Oct 27 '17 20:10 LunarWhisper

Interesting dex, if either of you find out what obfuscator was used on it, please let me know

CunningLogic avatar Oct 27 '17 20:10 CunningLogic

This isn't actually an obfuscator - it's a Chinese(?) protector.

Basically, uses the concept of dead code which is bad (from Dex Education presentation) to insert bad opcodes/junk.

Baksmali handles this correctly by ignoring the class.

strazzere avatar Oct 28 '17 00:10 strazzere

Can we skip it while extracting?

LunarWhisper avatar Nov 01 '17 19:11 LunarWhisper

@strazzere do you have a reference to the "Dex Education presentation" you mentioned?

manizzle avatar Mar 11 '18 00:03 manizzle

nvm found it https://www.youtube.com/watch?v=yIAP2IKfJOM

manizzle avatar Mar 11 '18 00:03 manizzle