Jump to content
Tuts 4 You
Sign in to follow this  
SciT

Encrypted strings after deobfuscation [Java]

Recommended Posts

SciT

Hi everyone.
I have tried get clean strings after obfuscation and encryption, but it's not successfully. I was doing similar things that i've done in .Net app (and it works fine).
Previous work (in C#):
The main app have ecrypted string with this alghorithm:

public static string ?1?(string ?1?)
{
	int length = ?1?.Length;
	char[] array = new char[length];
	for (int i = 0; i < array.Length; i++)
	{
		char c = ?1?[i];
		byte b = (byte)((int)c ^ length - i);
		byte b2 = (byte)((int)(c >> 8) ^ i);
		array[i] = (char)((int)b2 << 8 | (int)b);
	}
	return string.Intern(new string(array));
}

I have changed it to the next help method:

static string Method_1(string str)
{
	int length = str.Length;
	char[] array = new char[length];
	for (int i = 0; i<array.Length; i++)
	{
		char c = str[i];
		byte b = (byte)((int)c ^ length - i);
		byte b2 = (byte)((int)(c >> 8) ^ i);
		array[i] = (char) ((int) b2 << 8 | (int) b);
	}
	return new string (array);
}

Simple. Isn't it? Decrypted some string, create two method which implements some decrypted info and generates keygen for application.

But now there is a problem with Java application (the main goal encrypt strings).

After decompilation i have got 340+ classes with different content. But some of classes have similar structure:

//imports
//private variables
//private methods
// and finally (at the end of class) this statement
private static String a(int paramInt1, int paramInt2) {
    int i1 = (paramInt1 ^ 0xAA3) & 0xFFFF;
    if (x[i1] == null) {
      char[] arrayOfChar = w[i1].toCharArray();
      switch (arrayOfChar[0] & 0xFF) {
        case '\000':
        case '\001':
        case '\002':
        case '\003':
        case '\004':
        // 255 case paramaters
        default:
          break;
      } 
      int i2 = 121;
      int i3 = (paramInt2 & 0xFF) - i2;
      if (i3 < 0)
        i3 += 256; 
      int i4 = ((paramInt2 & 0xFFFF) >>> 8) - i2;
      if (i4 < 0)
        i4 += 256; 
      for (byte b1 = 0; b1 < arrayOfChar.length; b1++) {
        byte b2 = b1 % 2;
        if (b2 == 0) {
          arrayOfChar[b1] = (char)(arrayOfChar[b1] ^ i3);
          i3 = ((i3 >>> 3 | i3 << 5) ^ arrayOfChar[b1]) & 0xFF;
        } else {
          arrayOfChar[b1] = (char)(arrayOfChar[b1] ^ i4);
          i4 = ((i4 >>> 3 | i4 << 5) ^ arrayOfChar[b1]) & 0xFF;
        } 
      } 
      x[i1] = (new String(arrayOfChar)).intern();
    } 
    return x[i1];
  }

Switch-case statement and an encryption/decryption alghorithm (am i right)?

This algorithm have implemented various variables in different classes.

Does anyone know, how to convert this algh in another way → decrypt (if it was encrypted with this alghorithm).

I attached 4 files of one class. I have used different decompilers/deobfuscators. The content of the files is similar to each other, but the differences are visible. Hope this helps.

Class_g_1.class Class_g_2.class Class_g_3.class Class_g_4.class

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...