Jagex is using ZKM obfuscation. I'm actually pretty interested how deobfuscators get the old structure back, so I can modify the existing deobfuscators we use for the LD clients, in order to deobfuscate the HD client.
|
Just for you people who have come across one of super's posts and wondered WTH...
Here is an example of how the Zelix obsuficator does it (direct quote from website):Control Flow obfuscation discourages reverse engineering and malicious tampering of software codes by applying false conditional statements and other misleading constructs in order to confuse and break decompilers. Given the original source codes and desired obfuscation criteria, the proposed Control Flow obfuscation works by decomposing the source codes into fragments and then applying various transforms to the code fragments.
Original Source
Name and Flow obfuscated (2nd Generation Obfuscation) then decompiledCode:package test; import java.util.*; class Demo { private Vector buffer = new Vector(); /** * Return the position of the specified String in the * buffer. Remove the String once if it has been found. * Return -1 if the String isn't found. */ int getStringPos(String string) { for(int counter=0; counter < buffer.size(); counter++) { String curString = (String)buffer.elementAt(counter); if (curString.equals(string)) { buffer.remove(counter); return counter; } } return -1; } }
How to get around it:Code:package a; import java.util.Vector; class a { private Vector a; public static int b; a() { a = new Vector(); } int a(String s) { int i; int j; j = b; i = 0; if(j == 0) goto _L2; else goto _L1 _L1: String s1 = (String)a.elementAt(i); s1.equals(s); if(j != 0) goto _L4; else goto _L3 _L3: JVM INSTR ifeq 48; goto _L5 _L6 _L5: break MISSING_BLOCK_LABEL_37; _L6: continue; a.remove(i); i; _L4: return; _L2: if(i >= a.size()) return -1; if(true) goto _L1; else goto _L7 _L7: } }
Use a good decompiler/deobsuficator like:
http://www.ahpah.com/cgi-bin/suid/~pah/demo.cgi
http://jreversepro.blogspot.com/
more at http://runefame.net/java.html
Jagex is using ZKM obfuscation. I'm actually pretty interested how deobfuscators get the old structure back, so I can modify the existing deobfuscators we use for the LD clients, in order to deobfuscate the HD client.
Thanks alot.
What exactly is Control Flow?
We can't explain you exactly what 'Control flow' is, But there are java statements that are used for Control flow.
http://java.sun.com/docs/books/tutor...olts/flow.html
spank you mate
So the section describes the decision-making statements (if-then, if-then-else, switch), the looping statements (for, while, do-while)?
If so, pretty interesting because i didnt know this
The fifthlord basically shows us the outcome of using Zelix obfuscator which Jagex uses for obfuscating their client. We simply de-obfuscate and decompile the Jagex client and refactor them. This is an example of why Jagex's runescape clients look weird programmed and all.
@Fifth:
Correct me if I'm wrong though. From looking and reading what you've showed us in this topic, This is what I think what you just wanted to show us.
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |