0

I'm attempting to deobfuscate a .jar's code. I've created a module that successfully renames the methods (including return type), the class and its superclass, and its fields.

My issue now is in the actual bytecode. I'm attempting to modify the FieldInsnNode and MethodInsnNode's values in order to change their names. Example: g.y.x(); should be node.next.generateHash(). 

MethodInsnNode min = (MethodInsnNode) insn;

min.name = remappedNames.getOrDefault(min.owner + "." + min.name + min.desc, min.name);
min.owner = remappedNames.getOrDefault(min.owner, min.owner);
min.desc = transformMethodDesc(min.desc);

I think I'm misunderstanding what the name, owner, and desc are. Here's my current understanding:

name = the actual name of the variable. E.g. in my earlier example, next's field obfuscated name value is y.

The owner is a little more confusing, I'm not too sure exactly what that is, I'm guessing its the class that the variable responds to. For example the owner here would be g.

Would appreciate any clarification, as even when I do something like min.name = "TEST" I'm not noticing any difference in the decompiled output.

Matthew Kerian
  • 812
  • 5
  • 18
  • Yes I guest the owner is part of the qualified name; be careful with inner and anonymous class. – Bsquare ℬℬ Jan 15 '19 at 12:30
  • 2
    The owner is the declaring class (qualified class names separated with `/` for package name components, `$` for nested classes). Don’t confuse with source code expressions. For `g.y.x()`, there might be a class `x.y`, compiling to an invocation of a `static` method `x()`, with owner `g/y`. Or there’s a class `g` having a nested type `y`, in which case the owner is `g$y`. Or, a class `g` having a `static` field `y` whose type will be the owner type of the method `g()`. Or `g` is a variable whose type has a field `y`, whose type will be the owner type of the method `g()`… – Holger Jan 15 '19 at 14:29
  • @Holger Appreciate the help! – Matthew Kerian Jan 15 '19 at 23:50

1 Answers1

0

I ended up figuring out the answer to the question.

Field/Method nodes are a representation of the class, but obviously changing them won't change anything in the class itself. In order to change the classes you have to output it back to the disk using something like a JarOutputStream and a ClassWriter.

Simple example:

JarOutputStream jos = ...
ClassWriter cw = new ClassWriter();
cw.accept(myClassNode);
byte[] bytes = cw.toByteArray();

Then you can write the bytes back to disk

Hope that helps!

Matthew Kerian
  • 812
  • 5
  • 18