qprotect transformers 😎

Author: EpicPlayerA10

deobfuscator-api/src/main/java/org/objectweb/asm/tree/AbstractInsnNode.java

@@ -38,6 +38,10 @@
 import org.jetbrains.annotations.Nullable;
 import org.objectweb.asm.MethodVisitor;
 import org.objectweb.asm.Opcodes;
+import org.objectweb.asm.tree.analysis.Frame;
+import org.objectweb.asm.tree.analysis.OriginalSourceValue;
+import org.objectweb.asm.tree.analysis.SourceValue;
+import org.objectweb.asm.tree.analysis.Value;
 import uwu.narumi.deobfuscator.api.asm.NamedOpcodes;
 import org.objectweb.asm.Type;
 
@@ -652,10 +656,10 @@ public String namedOpcode() {
   /**
    * Returns the number of stack values required by this instruction.
    */
-  public int getRequiredStackValuesCount() {
-    return switch (this.opcode) {
+  public int getRequiredStackValuesCount(Frame<? extends Value> frame) {
+    return switch (this.getOpcode()) {
       // Unary operations (one value)
-      case ISTORE, LSTORE, FSTORE, DSTORE, ASTORE, POP, POP2, DUP, DUP_X1, DUP_X2, DUP2, DUP2_X1, DUP2_X2, SWAP, INEG,
+      case ISTORE, LSTORE, FSTORE, DSTORE, ASTORE, POP, DUP, DUP_X1, SWAP, INEG,
            LNEG, FNEG, DNEG, I2L, I2F, I2D, L2I, L2F, L2D, F2I, F2L, F2D, D2I, D2L, D2F, I2B, I2C, I2S, IFEQ, IFNE,
            IFLT, IFGE, IFGT, IFLE, TABLESWITCH, LOOKUPSWITCH, IRETURN, LRETURN, FRETURN, DRETURN, ARETURN, PUTSTATIC,
            GETFIELD, NEWARRAY, ANEWARRAY, ARRAYLENGTH, ATHROW, CHECKCAST, INSTANCEOF, MONITORENTER, MONITOREXIT, IFNULL,
@@ -673,6 +677,32 @@ public int getRequiredStackValuesCount() {
       // Multi-dimensional array creation
       case MULTIANEWARRAY -> ((MultiANewArrayInsnNode) this).dims;
 
+      // Dynamic forms (uses frame)
+      case POP2, DUP2 -> {
+        Value sourceValue = frame.getStack(frame.getStackSize() - 1);
+        yield sourceValue.getSize() == 2 ? 1 : 2;
+      }
+      case DUP_X2 -> {
+        Value sourceValue2 = frame.getStack(frame.getStackSize() - 2);
+        yield sourceValue2.getSize() == 2 ? 2 : 3;
+      }
+      case DUP2_X1 -> {
+        Value sourceValue1 = frame.getStack(frame.getStackSize() - 1);
+        yield sourceValue1.getSize() == 2 ? 2 : 3;
+      }
+      case DUP2_X2 -> {
+        Value sourceValue1 = frame.getStack(frame.getStackSize() - 1);
+        Value sourceValue2 = frame.getStack(frame.getStackSize() - 2);
+        if (sourceValue1.getSize() == 2 && sourceValue2.getSize() == 2) {
+          yield 2;
+        }
+        Value sourceValue3 = frame.getStack(frame.getStackSize() - 2);
+        if (sourceValue1.getSize() == 2 || sourceValue3.getSize() == 2) {
+          yield 3;
+        }
+        yield 4;
+      }
+
       // No values required
       default -> 0;
     };

deobfuscator-api/src/main/java/uwu/narumi/deobfuscator/api/asm/InsnContext.java

@@ -47,12 +47,16 @@ public MethodContext methodContext() {
     return methodContext;
   }
 
+  public int getRequiredStackValuesCount() {
+    return this.insn.getRequiredStackValuesCount(this.frame());
+  }
+
   /**
    * Places POPs instructions before current instruction to remove source values from the stack.
    * This method automatically calculates how many stack values to pop.
    */
   public void placePops() {
-    for (int i = 0; i < this.insn.getRequiredStackValuesCount(); i++) {
+    for (int i = 0; i < this.getRequiredStackValuesCount(); i++) {
       int stackValueIdx = frame().getStackSize() - (i + 1);
       OriginalSourceValue sourceValue = frame().getStack(stackValueIdx);
 

deobfuscator-api/src/main/java/uwu/narumi/deobfuscator/api/asm/matcher/Match.java

@@ -1,6 +1,7 @@
 package uwu.narumi.deobfuscator.api.asm.matcher;
 
 import org.jetbrains.annotations.ApiStatus;
+import org.jetbrains.annotations.Nullable;
 import org.objectweb.asm.tree.AbstractInsnNode;
 import uwu.narumi.deobfuscator.api.asm.InsnContext;
 import uwu.narumi.deobfuscator.api.asm.MethodContext;
@@ -30,10 +31,6 @@ public boolean matches(InsnContext insnContext) {
     return this.matchResult(insnContext) != null;
   }
 
-  public boolean matches(MethodContext methodContext) {
-    return !this.findAllMatches(methodContext).isEmpty();
-  }
-
   /**
    * Matches the instruction and merges if successful
    *
@@ -70,6 +67,7 @@ public List<MatchContext> findAllMatches(MethodContext methodContext) {
     return allMatches;
   }
 
+  @Nullable
   public MatchContext findFirstMatch(MethodContext methodContext) {
     return this.findAllMatches(methodContext).stream().findFirst().orElse(null);
   }

deobfuscator-api/src/main/java/uwu/narumi/deobfuscator/api/asm/matcher/impl/FrameMatch.java

@@ -55,22 +55,12 @@ protected boolean test(MatchContext context) {
         return false;
       }
 
-      if (this.match instanceof SkipMatch) {
-        // Skip match earlier
-        return true;
-      }
-
       Frame<OriginalSourceValue> frame = context.frame();
       sourceValue = frame.getStack(index);
       if (stackFrameOptions.originalValue) {
         sourceValue = sourceValue.originalSource;
       }
     } else if (this.options instanceof LocalVariableFrameOptions lvFrameOptions) {
-      if (this.match instanceof SkipMatch) {
-        // Skip match earlier
-        return true;
-      }
-
       Frame<OriginalSourceValue> frame = context.frame();
       sourceValue = frame.getLocal(lvFrameOptions.localVariableIdx);
     } else {

deobfuscator-api/src/main/java/uwu/narumi/deobfuscator/api/helper/MethodHelper.java

@@ -110,6 +110,8 @@ public static Map<AbstractInsnNode, Frame<BasicValue>> analyzeBasic(
    * Computes a map which corresponds to: source value producer -> consumers
    *
    * @param frames Frames of the method
+   * @return A map where keys are instructions that produce values and values are
+   *  *      sets of instructions that consume those produced values
    */
   public static Map<AbstractInsnNode, Set<AbstractInsnNode>> computeConsumersMap(Map<AbstractInsnNode, Frame<OriginalSourceValue>> frames) {
     Map<AbstractInsnNode, Set<AbstractInsnNode>> consumers = new HashMap<>();
@@ -119,9 +121,12 @@ public static Map<AbstractInsnNode, Set<AbstractInsnNode>> computeConsumersMap(M
       if (frame == null) continue;
 
       // Loop through stack values and add consumer to them
-      for (int i = 0; i < consumer.getRequiredStackValuesCount(); i++) {
+      for (int i = 0; i < consumer.getRequiredStackValuesCount(frame); i++) {
+        // Get the value from the stack (first consumed value is at the top)
         OriginalSourceValue sourceValue = frame.getStack(frame.getStackSize() - (i + 1));
+
         for (AbstractInsnNode producer : sourceValue.insns) {
+          // Add this consumer to the set of consumers for the producer instruction
           consumers.computeIfAbsent(producer, k -> new HashSet<>()).add(consumer);
         }
       }

deobfuscator-impl/src/test/java/uwu/narumi/deobfuscator/TestDeobfuscation.java

@@ -3,6 +3,7 @@
 import uwu.narumi.deobfuscator.core.other.composed.ComposedHP888Transformer;
 import uwu.narumi.deobfuscator.core.other.composed.ComposedUnknownObf1Transformer;
 import uwu.narumi.deobfuscator.core.other.composed.ComposedZelixTransformer;
+import uwu.narumi.deobfuscator.core.other.composed.Composed_qProtectTransformer;
 import uwu.narumi.deobfuscator.core.other.composed.general.ComposedGeneralFlowTransformer;
 import uwu.narumi.deobfuscator.core.other.composed.general.ComposedPeepholeCleanTransformer;
 import uwu.narumi.deobfuscator.core.other.impl.clean.peephole.JsrInlinerTransformer;
@@ -152,6 +153,12 @@ protected void registerAll() {
         .input(OutputType.MULTIPLE_CLASSES, InputType.CUSTOM_CLASS, "hp888")
         .register();
 
+    // qProtect
+    test("qProtect Sample 1")
+        .transformers(Composed_qProtectTransformer::new)
+        .input(OutputType.MULTIPLE_CLASSES, InputType.CUSTOM_CLASS, "qprotect/sample1")
+        .register();
+
     test("POP2 Sample")
         .transformers(UselessPopCleanTransformer::new)
         .input(OutputType.SINGLE_CLASS, InputType.CUSTOM_CLASS, "Pop2Sample.class")

deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/composed/Composed_qProtectTransformer.java

@@ -0,0 +1,48 @@
+package uwu.narumi.deobfuscator.core.other.composed;
+
+import uwu.narumi.deobfuscator.api.transformer.ComposedTransformer;
+import uwu.narumi.deobfuscator.core.other.composed.general.ComposedPeepholeCleanTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.clean.LocalVariableNamesCleanTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.pool.InlineStaticFieldTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.qprotect.qProtectStringPoolTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.qprotect.qProtectStringTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.qprotect.qProtectTryCatchTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.qprotect.qProtectInvokeDynamicTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.qprotect.qProtectNumberPoolTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.universal.TryCatchRepairTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.universal.UniversalFlowTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.universal.UniversalNumberTransformer;
+
+public class Composed_qProtectTransformer extends ComposedTransformer {
+  public Composed_qProtectTransformer() {
+    super(
+        // This fixes some weird issues where "this" is used as a local variable name.
+        LocalVariableNamesCleanTransformer::new,
+
+        // Initial cleaning code from garbage
+        UniversalNumberTransformer::new,
+        InlineStaticFieldTransformer::new,
+
+        // Inline number pools
+        qProtectNumberPoolTransformer::new,
+        // Decrypt method invocation
+        qProtectInvokeDynamicTransformer::new,
+
+        // Resolve qProtect flow that uses try-catches
+        qProtectTryCatchTransformer::new,
+        TryCatchRepairTransformer::new,
+        UniversalFlowTransformer::new,
+
+        // Decrypt strings
+        qProtectStringTransformer::new,
+        // Inline string pools
+        qProtectStringPoolTransformer::new,
+
+        // Inline fields again
+        InlineStaticFieldTransformer::new,
+
+        // Cleanup
+        ComposedPeepholeCleanTransformer::new
+    );
+  }
+}

deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/impl/clean/peephole/UselessPopCleanTransformer.java

@@ -1,5 +1,6 @@
 package uwu.narumi.deobfuscator.core.other.impl.clean.peephole;
 
+import org.jetbrains.annotations.Nullable;
 import org.objectweb.asm.tree.AbstractInsnNode;
 import org.objectweb.asm.tree.MethodNode;
 import org.objectweb.asm.tree.analysis.OriginalSourceValue;
@@ -43,7 +44,7 @@ private boolean tryRemovePop(InsnContext insnContext) {
     AbstractInsnNode insn = insnContext.insn();
     OriginalSourceValue firstValue = insnContext.frame().getStack(insnContext.frame().getStackSize() - 1);
 
-    if (!canPop(firstValue, insnContext.methodContext())) return false;
+    if (!canPop(firstValue, insnContext.methodContext(), null)) return false;
 
     if (insn.getOpcode() == POP) {
       // Pop the value from the stack
@@ -65,7 +66,7 @@ private boolean tryRemovePop(InsnContext insnContext) {
         }
 
         // Return if we can't remove the source value
-        if (!canPop(secondValue, insnContext.methodContext())) return false;
+        if (!canPop(secondValue, insnContext.methodContext(), firstValue)) return false;
 
         // Pop
         popSourceValue(firstValue, insnContext.methodNode());
@@ -79,8 +80,12 @@ private boolean tryRemovePop(InsnContext insnContext) {
 
   /**
    * Checks if source value can be popped
+   *
+   * @param sourceValue Source value
+   * @param methodContext Method context
+   * @param poppedInPair Source value that was popped in pair with this value
    */
-  private boolean canPop(OriginalSourceValue sourceValue, MethodContext methodContext) {
+  private boolean canPop(OriginalSourceValue sourceValue, MethodContext methodContext, @Nullable OriginalSourceValue poppedInPair) {
     if (sourceValue.insns.isEmpty()) {
       // Nothing to remove. Probably a local variable
       return false;
@@ -92,7 +97,9 @@ private boolean canPop(OriginalSourceValue sourceValue, MethodContext methodCont
       if (poppedInsns.contains(producer)) return false;
 
       Set<AbstractInsnNode> consumers = methodContext.getConsumersMap().get(producer);
-      if (consumers.stream().anyMatch(insn -> insn.getOpcode() != POP && insn.getOpcode() != POP2)) {
+      if (consumers.stream().anyMatch(insn -> insn.getOpcode() != POP &&
+          insn.getOpcode() != POP2 && (poppedInPair == null || !poppedInPair.insns.contains(insn)))
+      ) {
         // If the value is consumed by another instruction, we can't remove it
         return false;
       }