StackEmulationException: stackSize < 0
Closed this issue · 9 comments
Description of Bug:
Flow obfuscate failed!
Radon version:
2.0
Configuration:
flow_obfuscation:
replace_goto: true
insert_bogus_switch_jumps: true
insert_bogus_jumps: true
split_blocks: true
fake_catch_blocks: true
mutilate_null_check: true
Info
INFO: Swapped 23615 GOTO instructions
me.itzsomebody.radon.exceptions.StackEmulationException: stackSize < 0
at me.itzsomebody.radon.asm.StackHeightZeroFinder.execute(StackHeightZeroFinder.java:91)
at me.itzsomebody.radon.transformers.obfuscators.flow.BogusSwitchJumpInserter.lambda$transform$3(BogusSwitchJumpInserter.java:60)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1621)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at
```java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at me.itzsomebody.radon.transformers.obfuscators.flow.BogusSwitchJumpInserter.lambda$transform$4(BogusSwitchJumpInserter.java:51)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at java.base/java.util.HashMap$ValueSpliterator.forEachRemaining(HashMap.java:1677)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at me.itzsomebody.radon.transformers.obfuscators.flow.BogusSwitchJumpInserter.transform(BogusSwitchJumpInserter.java:47)
at me.itzsomebody.radon.transformers.obfuscators.flow.FlowObfuscation.lambda$transform$0(FlowObfuscation.java:42)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1507)
at me.itzsomebody.radon.transformers.obfuscators.flow.FlowObfuscation.transform(FlowObfuscation.java:40)
at me.itzsomebody.radon.Radon.lambda$run$1(Radon.java:104)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1621)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at me.itzsomebody.radon.Radon.run(Radon.java:100)
at me.itzsomebody.radon.Main.main(Main.java:121)
me.itzsomebody.radon.exceptions.RadonException: Error happened while trying to emulate the stack of com/umeng/commonsdk/proguard/b$1$1.a(Landroid/location/Location;)V
at me.itzsomebody.radon.transformers.obfuscators.flow.BogusSwitchJumpInserter.lambda$transform$3(BogusSwitchJumpInserter.java:63)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1621)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at me.itzsomebody.radon.transformers.obfuscators.flow.BogusSwitchJumpInserter.lambda$transform$4(BogusSwitchJumpInserter.java:51)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at java.base/java.util.HashMap$ValueSpliterator.forEachRemaining(HashMap.java:1677)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at me.itzsomebody.radon.transformers.obfuscators.flow.BogusSwitchJumpInserter.transform(BogusSwitchJumpInserter.java:47)
at me.itzsomebody.radon.transformers.obfuscators.flow.FlowObfuscation.lambda$transform$0(FlowObfuscation.java:42)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1507)
at me.itzsomebody.radon.transformers.obfuscators.flow.FlowObfuscation.transform(FlowObfuscation.java:40)
at me.itzsomebody.radon.Radon.lambda$run$1(Radon.java:104)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1621)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at me.itzsomebody.radon.Radon.run(Radon.java:100)
at me.itzsomebody.radon.Main.main(Main.java:121)
There is insufficient info here to reproduce exactly what went wrong in this case; however, I have been aware of the fact for awhile that StackEmulator is totally flawed (doesn't take jumps or branching into account). This is something that will be addressed when I roll out radon 3 either via a rewrite or just removing it altogether.
This sounds great! Can I know when it will arrive?
An ETA of when I pick up work on v3 again directly depends on when I can get my schoolwork underhand. I'd estimate that I can probably get back in the game at full speed somewhere in June. This means that v3 probably won't be fully done until at best mid-to-late-June or possibly even later.
When I only use
replace_goto: true
split_blocks: true
fake_catch_blocks: true
the StackEmulationException error will disappear completely.
Also seems to (sometimes?) break on (chained?) Kotlin int ranges.
// works
hovered = mouseX >= xPosition && mouseY >= yPosition && mouseX < xPosition + width && mouseY < yPosition + height
// haha radon go boom
hovered = mouseX in xPosition..(xPosition + width) && mouseY in yPosition..(yPosition + height)stack trace + bytecode (IntelliJ. Tools, Kotlin, Show Kotlin Bytecode)
https://hasteb.in/imehetek
there also appear to be some opcodes missing from asm entirely, unsure if asm remaps these into their more basic form automatically but there are one-byte variants of iload, aload, istore and astore being iload_0-3 (opcodes 26 to 29), aload_0-3 (42 to 45), istore_0-3 (59 to 62) and astore_0-3 (75 to 78)
there also appear to be some opcodes missing from asm entirely, unsure if asm remaps these into their more basic form automatically but there are one-byte variants of iload, aload, istore and astore being iload_0-3 (opcodes 26 to 29), aload_0-3 (42 to 45), istore_0-3 (59 to 62) and astore_0-3 (75 to 78)
They are abstracted away by asm, so no, they're not missing.
-snip-
They are abstracted away by asm, so no, they're not missing.
figured as much, did confuse me for a bit though
I am closing this because this portion of radon will be removed in the rewrite.