Can't deobfuscate large method
Opened this issue · 6 comments
Provide specific APK, DEX, or file hash
classes3.zip
Describe the bug
It fails to deobfuscate. maybe because the method is too large. I'm quite new to simplify so let me know what i'm missing
To Reproduce
java -jar simplify-1.3.0.jar --max-address-visits 99999 --max-call-depth 99999 --max-method-visits 99999 classes3.dex -o (output file) -v > log.txt
Attempted work-arounds
I tried max visits since it will reach limit quicker. Did not bother to use -it
because the classes.dex is very small and few methods but a large large messy codes
Screenshots
N/A
Additional context
This suspecious small dex as added as classes3 inside an apk file. possible malware. I'm not even sure what it contains
This seems flow obfuscation of NP Manager , which is added by NP Manager to any apk when applying Kill Signature Verification .
This is NOT ANY MALICIOUS CODE . its just some PackageManager hooks
Ok ok, did not know that. Any more infomation about NP Manager and is this trustable?
I usally reverse code by myself to see if it's malcious or not
@Toshiba1127 which method were you looking at? Looks like you ran it against an entire dex file.
@CalebFenton all as possible since the dex is small. I tried target OnCreate only but nothing done much
I looked the source via Jadx. I still see a bunch of switch case
Simplify can't deobfuscate everything. It has some inherent limitations -- in short, anything that involves instance state, IO, and results from unsafe classes or methods. It also doesn't try to do identifier remapping, so it doesn't rename classes, methods, packages, etc.
If you post a specific method that you tried simplifying, I can probably tell you why it didn't simplify. It's possible that there's a bug, but considering simplify ran on the entire file without failing and performed some optimizations, it may just be that the method you're looking at isn't optimizable.
Ok, thanks for the infomation
I will find other way to do it