GuardProtector 1.0 (#115)

Animowany · web-flow · commit 8f2635e99ad5 · 2025-09-25T10:28:26.000+02:00
* Strings

* Flow

* Number

* Composed

* Number

* Small bug fixes

* Number bring back

* non-null check for decrypt alike methods

* tests
diff --git a/deobfuscator-impl/src/test/java/uwu/narumi/deobfuscator/TestDeobfuscation.java b/deobfuscator-impl/src/test/java/uwu/narumi/deobfuscator/TestDeobfuscation.java
@@ -234,5 +234,10 @@ protected void registerAll() {
         .transformers(BranchlockFlowTransformer::new)
         .inputJar("branchlock/flow/flow 9.jar")
         .register();
+
+    test("GuardProtector 1.0")
+        .transformers(ComposedGuardProtectorTransformer::new)
+        .inputClass(InputType.CUSTOM_CLASS, "guardprotector/Class951.class")
+        .register();
   }
 }
diff --git a/deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/composed/ComposedGuardProtectorTransformer.java b/deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/composed/ComposedGuardProtectorTransformer.java
@@ -0,0 +1,22 @@
+package uwu.narumi.deobfuscator.core.other.composed;
+
+import uwu.narumi.deobfuscator.api.transformer.ComposedTransformer;
+import uwu.narumi.deobfuscator.core.other.composed.general.ComposedGeneralFlowTransformer;
+import uwu.narumi.deobfuscator.core.other.composed.general.ComposedPeepholeCleanTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.guardprotector.GuardProtectorFlowTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.guardprotector.GuardProtectorNumberTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.guardprotector.GuardProtectorStringTransformer;
+import uwu.narumi.deobfuscator.core.other.impl.universal.UniversalNumberTransformer;
+
+public class ComposedGuardProtectorTransformer extends ComposedTransformer {
+  public ComposedGuardProtectorTransformer() {
+    super(GuardProtectorStringTransformer::new,
+        () -> new ComposedTransformer(true,
+            ComposedPeepholeCleanTransformer::new,
+            GuardProtectorFlowTransformer::new,
+            ComposedGeneralFlowTransformer::new
+        ),
+        GuardProtectorNumberTransformer::new,
+        UniversalNumberTransformer::new);
+  }
+}
diff --git a/deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/impl/guardprotector/GuardProtectorFlowTransformer.java b/deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/impl/guardprotector/GuardProtectorFlowTransformer.java
@@ -0,0 +1,118 @@
+package uwu.narumi.deobfuscator.core.other.impl.guardprotector;
+
+import org.objectweb.asm.tree.*;
+import uwu.narumi.deobfuscator.api.asm.MethodContext;
+import uwu.narumi.deobfuscator.api.asm.matcher.Match;
+import uwu.narumi.deobfuscator.api.asm.matcher.group.SequenceMatch;
+import uwu.narumi.deobfuscator.api.asm.matcher.impl.OpcodeMatch;
+import uwu.narumi.deobfuscator.api.transformer.Transformer;
+
+import java.util.HashSet;
+import java.util.Set;
+
+public class GuardProtectorFlowTransformer extends Transformer {
+
+  Match useless0Switch = SequenceMatch.of(OpcodeMatch.of(ICONST_0), OpcodeMatch.of(LOOKUPSWITCH)).doNotSkip();
+  Match flowVarStore = SequenceMatch.of(Match.of(ctx -> {
+    AbstractInsnNode abstractInsnNode = ctx.insn();
+    return abstractInsnNode.getOpcode() == GETSTATIC && abstractInsnNode.isFieldInsn() && (abstractInsnNode.asFieldInsn().desc.equals("I") || abstractInsnNode.asFieldInsn().desc.equals("Z"));
+  }).capture("stored-type"), OpcodeMatch.of(ISTORE).capture("stored-var"));
+  Match flowVarEquations = SequenceMatch.of(OpcodeMatch.of(ILOAD).capture("loaded-var"), OpcodeMatch.of(IFEQ).or(OpcodeMatch.of(IFNE)).capture("stored-jump"));
+  Match flowTableSwitch = SequenceMatch.of(OpcodeMatch.of(ILOAD).capture("loaded-var"), OpcodeMatch.of(TABLESWITCH).capture("switch"));
+
+  @Override
+  protected void transform() throws Exception {
+    scopedClasses().forEach(classWrapper -> classWrapper.methods().forEach(methodNode -> {
+      MethodContext methodContext = MethodContext.of(classWrapper, methodNode);
+      useless0Switch.findAllMatches(methodContext).forEach(matchContext -> {
+        matchContext.removeAll();
+        markChange();
+      });
+      Set<AbstractInsnNode> toRemove = new HashSet<>();
+      flowVarStore.findAllMatches(methodContext).forEach(varStore -> {
+        FieldInsnNode fieldInsn = varStore.captures().get("stored-type").insn().asFieldInsn();
+        if (!hasPutStatic(classWrapper.classNode(), fieldInsn)) {
+//          FieldRef fieldRef = FieldRef.of(fieldInsn); //This doesn`t work. Fields are still present in classes (maybe because they are private static final)
+//          context().removeField(fieldRef);
+          boolean ifNeJump = fieldInsn.desc.equals("Z");
+          int varIndex = ((VarInsnNode) varStore.captures().get("stored-var").insn()).var;
+          toRemove.addAll(varStore.collectedInsns());
+          flowVarEquations.findAllMatches(methodContext).forEach(jumpEquation -> {
+            int loadedVarIndex = ((VarInsnNode) jumpEquation.captures().get("loaded-var").insn()).var;
+            JumpInsnNode jump = jumpEquation.captures().get("stored-jump").insn().asJump();
+            if ((ifNeJump && jump.getOpcode() == IFNE) || (!ifNeJump && jump.getOpcode() == IFEQ) && varIndex == loadedVarIndex) {
+//              if (jump.label != null) {
+//                toRemove.add(jump.label);
+//                markChange();
+//                methodNode.instructions.forEach(insn -> {
+//                  if (isInsnInLabelRange(methodNode, jump.label, insn)) {
+//                    toRemove.add(insn);
+//                  }
+//                });
+//              }
+              methodNode.instructions.insert(jump, new JumpInsnNode(GOTO, jump.label));
+              toRemove.addAll(jumpEquation.collectedInsns());
+              markChange();
+            }
+          });
+          if (!ifNeJump) {
+            flowTableSwitch.findAllMatches(methodContext).forEach(flowSwitch -> {
+              int loadedVarIndex = ((VarInsnNode) flowSwitch.captures().get("loaded-var").insn()).var;
+              if (varIndex == loadedVarIndex) {
+                toRemove.addAll(flowSwitch.collectedInsns());
+                TableSwitchInsnNode tableSwitchInsnNode = (TableSwitchInsnNode)flowSwitch.captures().get("switch").insn();
+                tableSwitchInsnNode.labels.forEach(labelNode -> {
+                  toRemove.add(labelNode);
+                  markChange();
+                  methodNode.instructions.forEach(insn -> {
+                    if (isInsnInLabelRange(methodNode, labelNode, insn)) {
+                      toRemove.add(insn);
+                    }
+                  });
+                });
+              }
+            });
+          }
+        }
+      });
+      toRemove.forEach(methodNode.instructions::remove);
+    }));
+  }
+
+  public boolean isInsnInLabelRange(MethodNode method, LabelNode startLabel, AbstractInsnNode insn) {
+    InsnList instructions = method.instructions;
+
+    int startIndex = instructions.indexOf(startLabel);
+    if (startIndex == -1) return false;
+
+    int insnIndex = instructions.indexOf(insn);
+    if (insnIndex == -1) return false;
+
+    int endIndex = instructions.size();
+    for (int i = startIndex + 1; i < instructions.size(); i++) {
+      if (instructions.get(i) instanceof LabelNode) {
+        endIndex = i;
+        break;
+      }
+    }
+
+    return insnIndex > startIndex && insnIndex < endIndex;
+  }
+
+  boolean hasPutStatic(ClassNode classNode, FieldInsnNode target) {
+    for (MethodNode method : classNode.methods) {
+      for (AbstractInsnNode insn : method.instructions) {
+        if (insn instanceof FieldInsnNode) {
+          FieldInsnNode fin = (FieldInsnNode) insn;
+          if (fin.getOpcode() == PUTSTATIC
+              && fin.owner.equals(target.owner)
+              && fin.name.equals(target.name)
+              && fin.desc.equals(target.desc)) {
+            return true;
+          }
+        }
+      }
+    }
+    return false;
+  }
+}
diff --git a/deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/impl/guardprotector/GuardProtectorNumberTransformer.java b/deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/impl/guardprotector/GuardProtectorNumberTransformer.java
@@ -0,0 +1,60 @@
+package uwu.narumi.deobfuscator.core.other.impl.guardprotector;
+
+import org.objectweb.asm.tree.IntInsnNode;
+import org.objectweb.asm.tree.LdcInsnNode;
+import uwu.narumi.deobfuscator.api.asm.MethodContext;
+import uwu.narumi.deobfuscator.api.asm.matcher.Match;
+import uwu.narumi.deobfuscator.api.asm.matcher.MatchContext;
+import uwu.narumi.deobfuscator.api.asm.matcher.group.SequenceMatch;
+import uwu.narumi.deobfuscator.api.asm.matcher.impl.NumberMatch;
+import uwu.narumi.deobfuscator.api.asm.matcher.impl.OpcodeMatch;
+import uwu.narumi.deobfuscator.api.transformer.Transformer;
+import uwu.narumi.deobfuscator.core.other.impl.universal.UniversalNumberTransformer;
+
+import java.util.HashMap;
+import java.util.concurrent.atomic.AtomicReference;
+
+public class GuardProtectorNumberTransformer extends Transformer {
+
+  Match longArrayInit = SequenceMatch.of(NumberMatch.of().capture("array-size"), Match.of(ctx -> {
+    if (ctx.insn() instanceof IntInsnNode intInsn) {
+      return intInsn.operand == T_LONG;
+    }
+    return false;
+  }), OpcodeMatch.of(PUTSTATIC).capture("array"));
+
+  Match putStatic = SequenceMatch.of(OpcodeMatch.of(GETSTATIC), NumberMatch.of().capture("array-index"), NumberMatch.of().capture("array-value"), OpcodeMatch.of(LASTORE));
+  Match getStatic = SequenceMatch.of(OpcodeMatch.of(GETSTATIC).capture("array"), NumberMatch.of().capture("array-index"), OpcodeMatch.of(LALOAD));
+
+  @Override
+  protected void transform() throws Exception {
+    scopedClasses().forEach(classWrapper -> {
+      HashMap<Integer, Long> longValues = new HashMap<>();
+      AtomicReference<String> fieldArrayName = new AtomicReference<>();
+      classWrapper.findClInit().ifPresent(clinit -> {
+        MethodContext methodContext = MethodContext.of(classWrapper, clinit);
+        MatchContext clinitMatch = longArrayInit.findFirstMatch(methodContext);
+        if (clinitMatch != null) {
+          fieldArrayName.set(clinitMatch.captures().get("array").insn().asFieldInsn().name);
+          putStatic.findAllMatches(methodContext).forEach(putStatic -> {
+            int arrayIndex = putStatic.captures().get("array-index").insn().asNumber().intValue();
+            long arrayValue = putStatic.captures().get("array-value").insn().asNumber().longValue();
+            longValues.put(arrayIndex, arrayValue);
+            putStatic.removeAll();
+          });
+          clinitMatch.removeAll();
+        }
+      });
+      classWrapper.methods().forEach(methodNode -> {
+        MethodContext methodContext = MethodContext.of(classWrapper, methodNode);
+        getStatic.findAllMatches(methodContext).forEach(matchContext -> {
+          if (matchContext.captures().get("array").insn().asFieldInsn().name.equals(fieldArrayName.get())) {
+            methodNode.instructions.insert(matchContext.insn(), new LdcInsnNode(longValues.get(matchContext.captures().get("array-index").insn().asInteger())));
+            matchContext.removeAll();
+          }
+        });
+      });
+      Transformer.transform(UniversalNumberTransformer::new, classWrapper, context());
+    });
+  }
+}
diff --git a/deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/impl/guardprotector/GuardProtectorStringTransformer.java b/deobfuscator-transformers/src/main/java/uwu/narumi/deobfuscator/core/other/impl/guardprotector/GuardProtectorStringTransformer.java
@@ -0,0 +1,81 @@
+package uwu.narumi.deobfuscator.core.other.impl.guardprotector;
+
+import org.objectweb.asm.tree.AbstractInsnNode;
+import org.objectweb.asm.tree.LdcInsnNode;
+import org.objectweb.asm.tree.MethodInsnNode;
+import org.objectweb.asm.tree.MethodNode;
+import uwu.narumi.deobfuscator.api.asm.MethodContext;
+import uwu.narumi.deobfuscator.api.asm.matcher.Match;
+import uwu.narumi.deobfuscator.api.asm.matcher.MatchContext;
+import uwu.narumi.deobfuscator.api.asm.matcher.group.SequenceMatch;
+import uwu.narumi.deobfuscator.api.asm.matcher.impl.MethodMatch;
+import uwu.narumi.deobfuscator.api.asm.matcher.impl.NumberMatch;
+import uwu.narumi.deobfuscator.api.asm.matcher.impl.OpcodeMatch;
+import uwu.narumi.deobfuscator.api.asm.matcher.impl.StringMatch;
+import uwu.narumi.deobfuscator.api.transformer.Transformer;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class GuardProtectorStringTransformer extends Transformer {
+
+  private static final Match ENCRYPTED_STRING = SequenceMatch.of(
+      StringMatch.of().capture("key"),
+      MethodMatch.invokeStatic().desc("(Ljava/lang/String;)Ljava/lang/String;").capture("decrypt-method")
+  );
+
+  private static final Match ENCRYPTED_STRING_HASH = SequenceMatch.of(
+      OpcodeMatch.of(IXOR),
+      NumberMatch.of().capture("hash"),
+      OpcodeMatch.of(IXOR)
+  );
+
+  @Override
+  protected void transform() throws Exception {
+    scopedClasses().forEach(classWrapper -> {
+      List<MethodNode> toRemove = new ArrayList<>();
+
+      // Find all encrypted strings
+      classWrapper.methods().forEach(methodNode -> {
+        MethodContext methodContext = MethodContext.of(classWrapper, methodNode);
+
+        // Find encrypted strings
+        ENCRYPTED_STRING.findAllMatches(methodContext).forEach(matchContext -> {
+          AbstractInsnNode keyInsn = matchContext.captures().get("key").insn();
+          MethodInsnNode decryptMethodInsn = matchContext.captures().get("decrypt-method").insn().asMethodInsn();
+
+          // Get decrypt method
+          findMethod(classWrapper.classNode(), method -> method.name.equals(decryptMethodInsn.name) && method.desc.equals(decryptMethodInsn.desc)).ifPresent(decryptMethod -> {
+            String key = keyInsn.asString();
+
+            MethodContext decryptMethodContext = MethodContext.of(classWrapper, decryptMethod);
+            MatchContext matchContext1 = ENCRYPTED_STRING_HASH.findFirstMatch(decryptMethodContext);
+            if (matchContext1 != null) {
+              int hash = matchContext1.captures().get("hash").insn().asNumber().intValue();
+              String methodName = decryptMethod.name;
+
+              String decryptedString = decrypt(key, methodName, hash);
+
+              methodNode.instructions.remove(keyInsn);
+              methodNode.instructions.set(decryptMethodInsn, new LdcInsnNode(decryptedString));
+              markChange();
+
+              toRemove.add(decryptMethod);
+            }
+          });
+        });
+      });
+      classWrapper.methods().removeAll(toRemove);
+    });
+  }
+
+  private String decrypt(String string, String methodName, int key) {
+    char[] chars = string.toCharArray();
+
+    for (int i = 0; i < chars.length; ++i) {
+      chars[i] = (char)(chars [i] ^ methodName.hashCode() ^ key);
+    }
+
+    return String.valueOf(chars);
+  }
+}
diff --git a/testData/compiled/custom-classes/guardprotector/Class951.class b/testData/compiled/custom-classes/guardprotector/Class951.class
diff --git a/testData/results/custom-classes/guardprotector/Class951.dec b/testData/results/custom-classes/guardprotector/Class951.dec
@@ -0,0 +1,53 @@
+import com.google.common.cache.Cache;
+import com.google.common.cache.CacheBuilder;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+import mapped.Class290;
+import mapped.Class295;
+import mapped.Class320;
+import mapped.Class616;
+import mapped.Class633;
+
+@Class290
+public class Class951 {
+    private static int field2969;
+    private static Cache<Integer, Class633> field2970 = CacheBuilder.newBuilder().expireAfterWrite(3L, TimeUnit.MINUTES).build();
+    private static final ScheduledExecutorService field2971 = Executors.newScheduledThreadPool(1);
+    private static int field2972 = 325170080;
+    private static long[] field2973;
+    private static final int field2974;
+    private static final int field2975;
+
+    @Class295
+    public static synchronized void method3419(Class320 var0) {
+        Runnable var1 = (Runnable)field2970.getIfPresent(var0.field1546);
+        if (var1 != null) {
+            field2970.invalidate(var0.field1546);
+            Class633 var2 = (Class633)var1;
+            var2.field2499 = var0;
+            var2.run();
+        }
+    }
+
+    @Class295
+    public static synchronized void method3420(Class320 var0, Class633 var1) {
+        method3421(var0, var1, null, 3);
+    }
+
+    public static synchronized void method3421(Class320 var0, Class633 var1, Runnable var2, int var3) {
+        field2969++;
+        var0.field1546 = field2969;
+        field2970.put(var0.field1546, var1);
+        Class616.method1994(var0);
+        field2971.schedule(() -> method3422(var0.field1546, var2), (long)var3, TimeUnit.SECONDS);
+    }
+
+    private static synchronized void method3422(Integer var0, Runnable var1) {
+        Class633 var2 = (Class633)field2970.getIfPresent(var0);
+        if (var2 != null) {
+            field2970.invalidate(var0);
+            var1.run();
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -234,5 +234,10 @@ protected void registerAll() {`
`234`	`234`	`.transformers(BranchlockFlowTransformer::new)`
`235`	`235`	`.inputJar("branchlock/flow/flow 9.jar")`
`236`	`236`	`.register();`
	`237`	`+`
	`238`	`+ test("GuardProtector 1.0")`
	`239`	`+ .transformers(ComposedGuardProtectorTransformer::new)`
	`240`	`+ .inputClass(InputType.CUSTOM_CLASS, "guardprotector/Class951.class")`
	`241`	`+ .register();`
`237`	`242`	`}`
`238`	`243`	`}`