jadx icon indicating copy to clipboard operation
jadx copied to clipboard

Published 20 hours ago verified publisher icon skylot

[gui] Replace the code in the decompiled code cache so that jadx-gui will perceive it normally

Open MrNom4ik opened this issue 1 year ago • 2 comments

Issue details

Dear developers I mainly use jadx-gui for deobsuffacing malware, it is very convenient because it has functionality for renaming object and searching for object declaration/use, this functionality is very convenient and simplifies the work. But recently I had a problem with the jadx decompiler, it could not decompile the jar file code, then I tried another compiler - CFR, it was able to decompile everything and when I dealt with the malware, I simply ran 2 decompilers at the same time: jadx-gui and CRF. I did all the work in jadx-gui, and if I needed something from the code that jadx could not decompile, I simply switched to the CRF decompiler and looked at the code I needed. Now the code has become so complex that simply switching between decompilers and searching for code was not convenient, because in the CRF decompiler, all the code is obsufficated, and in jadx-gui I changed the names of objects, thereby deobsufficing the code. Then I thought - "jadx-gui displays the code from the cache folder after the deobsuffifier (for example HelloWorld.jar.cache), and all changes to object names are in the jadx project file (.jadx file), which means I can just change the code that is not I was able to decompile jadx in this cache folder into code from another decompiler and then the successfully decompiled code will be shown in jadx-gui." I did just that, found the .java file I needed in the cache folder and inserted the code from the CRF decompiler instead of the jadx decompiler error. But however, this caused artifacts in jdax-gui, I did some research on them and here's how to reproduce them:

  1. Create any .java file, for example this one:
class HelloWorld {
     public static void main(String[] args) {
         System.out.println("Hello World!");
     }
}
  1. Compile and bundle it into a .jar
  2. Open this .jar file in jadx You will see something like this:
package defpackage;

/* renamed from: HelloWorld reason: default package */
/* loaded from: HelloWorld.jar:HelloWorld.class */
class HelloWorld {
     HelloWorld() {
     }

     public static void main(String[] strArr) {
         System.out.println("Hello World!");
     }
}

Everything will work fine, the functionality of changing object names and searching for declaration/use of an object works. 4. Save the project as a .jadx file 5. In the decompiled code cache, change the source code by adding some line at the beginning of the file, for example the test comment:

package defpackage;

// test
/* renamed from: HelloWorld reason: default package */
/* loaded from: HelloWorld.jar:HelloWorld.class */
class HelloWorld {
     HelloWorld() {
     }

     public static void main(String[] strArr) {
         System.out.println("Hello World!");
     }
}
  1. Open the .jadx project file in jadx-gui
  2. Now any gui functionality does not work

My question is how to replace the code in the decompiled code cache so that jadx-gui will perceive it normally? This would help solve the problem that the jdax decompiler cannot decompile 100% of the code by simply inserting the missing code from another decompiler.

Jadx version

1.4.7

Java version

19.0.2

OS

  • [X] Windows
  • [ ] Linux
  • [ ] macOS

MrNom4ik avatar Jan 08 '24 17:01 MrNom4ik

how to replace the code in the decompiled code cache so that jadx-gui will perceive it normally

In short: you can't. Jadx do not parse generated code, instead it output additional metadata files (.jadxmd) with positions of various code objects like types, methods, variables, etc. If you change cached code, metadata will become incorrect, so code action and navigation will stop working. I am not sure what can be done in jadx to fix this. Also, a similar request was done in issue #1882: to integrate other decompiler into jadx, but I don't think this will be added soon.

Other suggestions:

  • for java bytecode you can try to enable Use dx/d8 to convert java bytecde option in preferences (careful, this will reset cache), this can improve quality of decompiled code.
  • try to use other tools which combine several decompilers, like: https://github.com/Konloch/bytecode-viewer or new https://github.com/sotasan/decompiler

skylot avatar Jan 08 '24 17:01 skylot

for java bytecode you can try to enable Use dx/d8 to convert java bytecde

Thanks! It work. Now Jadx decompiles code even better than CRF(with default settings)

try to use other tools which combine several decompilers

I tried, I still couldn’t find a gui that would have functionality for renaming objects

output additional metadata files (.jadxmd) with positions of various code objects

In theory, can write a script that will adapt the metadata for the new code

MrNom4ik avatar Jan 08 '24 18:01 MrNom4ik