python 插件 python 插件编写文档 反混淆 需要mapping.txt配合 #coding=utf-8 #?description=Create JEB2DeobscureClass (Android Debug Bridge) wrappers and adb utility objects #?shortcut= from gettext import find from pickle import NONE import re import string from unittest import result from com.pnfsoftware.jeb.client.api import IScript from com.pnfsoftware.jeb.core import RuntimeProjectUtil from com.pnfsoftware.jeb.core.units.code import ICodeUnit, ICodeItem from com.pnfsoftware.jeb.core.units.code.android import IDexUnit from com.pnfsoftware.jeb.core.actions import Actions, ActionContext, ActionCommentData, ActionRenameData,ActionMoveToData,ActionMoveToPackageData,ActionCreatePackageData from java.lang import Runnable from com.pnfsoftware.jeb.client.api import IScript from com.pnfsoftware.jeb.client.api import IScript, IGraphicalClientContext from com.pnfsoftware.jeb.core import RuntimeProjectUtil from com.pnfsoftware.jeb.core.actions import Actions, ActionContext, ActionXrefsData from com.pnfsoftware.jeb.core.events import JebEvent, J from com.pnfsoftware.jeb.core.output import AbstractUnitRepresentation, UnitRepresentationAdapter from com.pnfsoftware.jeb.core.units.code import ICodeUnit, ICodeItem from com.pnfsoftware.jeb.core.units.code.java import IJavaSourceUnit, IJavaStaticField, IJavaNewArray, IJavaConstant, IJavaCall, IJavaField, IJavaMethod, IJavaClass from com.pnfsoftware.jeb.core.actions import ActionTypeHierarchyData from com.pnfsoftware.jeb.core.actions import ActionRenameData from com.pnfsoftware.jeb.core.util import DecompilerHelper from com.pnfsoftware.jeb.core.output.text import ITextDocument from com.pnfsoftware.jeb.core.units.code.android import IDexUnit from com.pnfsoftware.jeb.core.actions import ActionOverridesData from com.pnfsoftware.jeb.core.units import UnitUtil from com.pnfsoftware.jeb.core.units import UnitAddress import threading # from Reader import Reader, Resource import os.path, time, sys # from Reader import Reader, Resource, allClassEntry curPosition = 0 textLine = [] allClassEntry = {} rlock = threading.RLock() """ Sample script for JEB Decompiler. This script shows how to create and use Android Debug Bridge (adb) wrappers and adb utility objects. Reference: AdbWrapperFactory, AdbWrapper, AndroidDeviceUtil """ class DeGurd(IScript): def __init__(self): path = os.path.dirname(os.path.realpath(__file__)) self.readerFile(path + "/../mapping.txt") def readerFile(self, fileName): starttime = time.clock() #线程数 threadNum = 4 #文件 res = Resource(fileName) threads = [] #初始化线程 for i in range(threadNum): rdr = Reader(res) threads.append(rdr) #开始线程 for i in range(threadNum): threads[i].start() #结束线程 # result = {}; for i in range(threadNum): threads[i].join() # result[i] = threads[i].getResult(); # file =open('D:/data.txt','w') # for key in allClassEntry : # file.write("class: " + key + ", origalClassName" + allClassEntry[key].getOrigalClassName() + "\n") # methods = allClassEntry.get(key).getMethodEntry(); # members = allClassEntry.get(key).getMemberEntry(); # if NONE == methods: # continue # for method in methods: # file.write(" confusionmethod: " + method + ", origalMethodName" + methods[method].getOrigalMethodName() + "\n") # if NONE == members: # continue # for member in members: # file.write(" confusionmember: " + member.getConfusionMemberName() + ", origalMemberName" + member.getOrigalMemberName() + "\n") # file.close() return def run(self, ctx): ctx.executeAsync("Running deobscure class ...", JEB2AutoRename(ctx)) print('Done') class JEB2AutoRename(Runnable): def __init__(self, ctx): print ("__file__=%s" % __file__) self.ctx = ctx # 逻辑开始 self.debug = 0 #0=False, 1=True self.ctx = ctx self.errMsg1 = u'请移动鼠标,将光标输入点放到源码文件中的函数名称处~然后使用F2快捷键运行此脚本(JEB 中 F2快捷键的功能是运行最近使用的脚本)' self.errMsg2 = u'未输入新函数名称,脚本已退出' # 获取所有重载了此方法的函数清单,然后逐个重命名 self.nTotal = 0 self.nSucc = 0 self.nFail = 0 # for key in allClassEntry: # print("key: %s" % key) def run(self): ctx = self.ctx # print(allClassEntry); engctx = ctx.getEnginesContext() if not engctx: print('Back-end engines not initialized') return projects = engctx.getProjects() if not projects: print('There is no opened project') return prj = projects[0] units = RuntimeProjectUtil.findUnitsByType(prj, IDexUnit, False) try: for unit in units: classes = unit.getClasses() if not classes: continue self.parseClass(classes, unit) except Exception , e: print ( e) # 分析类 def parseClass(self, classes, unit): for clazz in classes: sourceIndex = clazz.getSourceStringIndex() clazzAddress = clazz.getAddress() # if sourceIndex == -1 or '$' in clazzAddress:# Do not rename inner class # # print('without have source field', clazz.getName(True)) # continue sourceStr = str(unit.getString(sourceIndex)) if '.java' in sourceStr: sourceStr = sourceStr[:-5] className = clazz.getName(True) # if className!= sourceStr: package= clazz.getAddress(True) # print("package: %s, className: %s" % (package, className)) package = package[1:len(package) - 1] package = package.replace("/", ".") # print("package: %s" % package) # completeClassName = package + "." + className # if "a.b" != package: # continue classEntry = allClassEntry.get(package) # print("package: %s" % package); if not classEntry : continue originalName = classEntry.getOrigalClassName() # print(" classEntry.getOrigalClassName(): %s" % classEntry.getOrigalClassName()) # print("method: " % method) self.comment_class(unit, clazz, originalName) # Backup origin clazz name to comment self.rename_class(unit, clazz, originalName, True) # Rename to source name methodsEntry = classEntry.getMethodEntry(); self.renameMethodName(methodsEntry, clazz, unit) memberEntry = classEntry.getMemberEntry() self.renameMemberName(classEntry, clazz, unit) self.moveToPackage(unit, clazz, classEntry) # 修改属性名称 # classEntry mapping.txt 所组装的类信息 def renameMemberName(self, classEntry, clazz, unit): fieldEntry = classEntry.getMemberEntry() if not fieldEntry: print ("没有属性") return originName = None pos = 0 print("\n") for field in clazz.getFields(): fieldName = field.getName(True) # print("fieldName: %s" % fieldName) confusionEntry = fieldEntry.get(fieldName) # print(confusionEntry) pos = fieldName.find("$") if None != confusionEntry: originName = confusionEntry.getOrigalMemberName(); self.realRename(field, originName, unit) # elif -1 != pos: # 匿名内部类 # anonymousInnerClassName = field.getAddress(); # print("address: %s" % anonymousInnerClassName) # anonymousInnerClassName = anonymousInnerClassName[1:anonymousInnerClassName.find(";")] # anonymousInnerClassName = anonymousInnerClassName.replace("/", ".") # anonymousInnerEntry = classEntry.getAnonymousInnerClassEntry(); # anonymousInnerClass = anonymousInnerEntry.get(anonymousInnerClassName); # newName = anonymousInnerClass.getOrigalAnonymousInnerClassName() # self.realRename(field, newName, unit) # print ("anonymousInnerClassName: %s" % anonymousInnerClassName) # classEntry 从 mapping.txt 中提取的信息 # clazz 当前 字节码信息 def renameMethodName(self, methodsEntry, clazz, unit): # className = classEntry.getOrigalClassName() if not methodsEntry: print ("没有方法") return # for key in methodsEntry: # print ("key: %s, original: %s" % (key, methodsEntry.get(key).getOrigalMethodName())) # print ("className: %s" % className) # 处理方法名字 for method in clazz.getMethods(): # print("value: " % value) # print("method: " % method) confusionName = method.getName() # print("confusionName: %s" % (confusionName)) current = methodsEntry.get(confusionName); # print (current) if not current: continue originName = current.getOrigalMethodName(); # print ("originName: %s" % originName) self.realRename(method, originName, unit) # method = clazz.getMethod(clazz.getAddress, True, True); def rename_class(self, unit, originClazz, sourceName, isBackup): actCtx = ActionContext(unit, Actions.RENAME, originClazz.getItemId(), originClazz.getAddress()) actData = ActionRenameData() # dir(actData) # print("sourceNameFront: %s" % sourceName) length = len(sourceName); lastPos = sourceName.rfind(".", 0, length) posDoller = sourceName.find("$") if -1 != posDoller: sourceName = sourceName[posDoller+1: length] elif -1 != lastPos: sourceName = sourceName[lastPos + 1: length] # print("sourceNameAfter: %s" % sourceName) actData.setNewName(sourceName) # print('sourceName: %s !' % sourceName) if unit.prepareExecution(actCtx, actData): try: result = unit.executeAction(actCtx, actData) # if result: # print('rename to %s success!' % sourceName) # else: # print('rename to %s failed!' % sourceName) except Exception, e: print (Exception, e) # Actions, # ActionContext, # ActionCommentData, ActionRenameData,ActionMoveToPackageData,ActionCreatePackageData # 修改包名 def moveToPackage(self, unit, originClazz, classEntry): actCntx = ActionContext(unit, Actions.CREATE_PACKAGE, originClazz.getItemId(), originClazz.getAddress()) actData = ActionCreatePackageData() packageName = classEntry.getOrigalClassName(); packageName = packageName.replace(" ", ""); # print("packageName: %s\n" % packageName) actData.setFqname (packageName[0: packageName.rfind(".")]) if(unit.prepareExecution(actCntx, actData)): try: bRlt = unit.executeAction(actCntx, actData) if(not bRlt): print('executeAction fail!') except Exception, e: print (e) actCntx = ActionContext(unit, Actions.MOVE_TO_PACKAGE, originClazz.getItemId(), originClazz.getAddress()) actData = ActionMoveToPackageData () confusionMemberName = classEntry.getConfusionClassName(); confusionMemberNameTxt = confusionMemberName[0:confusionMemberName.rfind(".")] specifical = packageName[0: packageName.rfind(".")]; actData.setCurrentPackageFqname("L" + confusionMemberNameTxt+"/") actData.setDstPackageFqname ("L" + specifical+"/") # print("specifical: %s, confusionMemberNameTxt: %s\n" % (specifical, confusionMemberNameTxt)) if(unit.prepareExecution(actCntx, actData)): try: bRlt = unit.executeAction(actCntx, actData) except Exception, e: print (e) print('total:%d succ:%d fail:%d' %(self.nTotal, self.nSucc, self.nFail)) print('Done.') return def parseMethod(self, unit, originClazz, newMethodName): # 弹出输入框用以输入新函数名 # newMethodName = self.ctx.displayQuestionBox('input new function name', 'input new function name\n\n', '') # if newMethodName == None: # print(self.errMsg2) # return actCntx = ActionContext(unit, Actions.QUERY_OVERRIDES, originClazz.getItemId(), originClazz.getAddress()) actData = ActionOverridesData() if(self.focusUnit.prepareExecution(actCntx, actData)): try: bRlt = self.focusUnit.executeAction(actCntx, actData) if(not bRlt): print('executeAction fail!') else: overrideAddrList = actData.getAddresses() self.nTotal = len(overrideAddrList) for addr in overrideAddrList: #print('renaming %s' % addr) if(self.realRename(addr, newMethodName)): self.nSucc += 1 else: self.nFail += 1 if(self.debug): break; except Exception, e: print (e) print('total:%d succ:%d fail:%d' %(self.nTotal, self.nSucc, self.nFail)) print('Done.') # 对指定函数进行重命名 def realRename(self, method, newMethodName, unit): # m = self.GetMethodByAddress(methodAddr) m = method if(not m): print(u'失败 %s' % m) return False actCntx = ActionContext(unit, Actions.RENAME, m.getItemId(), m.getAddress()) actData = ActionRenameData() actData.setNewName(newMethodName) if(unit.prepareExecution(actCntx, actData)): # 执行重命名动作 try: bRlt = unit.executeAction(actCntx, actData) if(not bRlt): (u'失败 %s' % method.getName()) else: print('%s => %s' %(method.getName(), newMethodName)) return True except Exception,e: print (e) return False ## end of realRename # def GetUnitByAddress(self, addr): # decomp = DecompilerHelper.getDecompiler(self.focusUnit2) # if not decomp: # print('There is no decompiler available for code unit %s' % self.focusUnit2) # return # tmpUnit = decomp.decompile(addr) # self.ctx.openView(tmpUnit) # if(self.ctx.getFocusedView().getActiveFragment().setActiveAddress(methodAddr)): # print('setActiveAddress succ') # return tmpUnit ## end of GetUnitByAddress def GetMethodByAddress(self, addr): found = 0 self.codeUnit = RuntimeProjectUtil.findUnitsByType(self.prj, ICodeUnit, False) if(not self.codeUnit): return None for unit in self.codeUnit: classes = unit.getClasses() if(not classes): continue for c in classes: cAddr = c.getAddress() if(not cAddr): continue if(addr.find(cAddr) == 0): mlist = c.getMethods() if(not mlist): continue for m in mlist: mAddr = m.getAddress() if(addr == mAddr): #print(mAddr) return m return None def comment_class(self, unit, originClazz, commentStr): actCtx = ActionContext(unit, Actions.COMMENT, originClazz.getItemId(), originClazz.getAddress()) actData = ActionCommentData() actData.setNewComment(commentStr) if unit.prepareExecution(actCtx, actData): try: result = unit.executeAction(actCtx, actData) # if result: # print('comment to %s success!' % commentStr) # else: # print('comment to %s failed!' % commentStr) except Exception, e: print (Exception, e) class MethodEntry: def __init__(self, confusionMethodName, origalMethodName): self.confusionMethodName = confusionMethodName self.origalMethodName = origalMethodName def getConfusionMethodName(self): return self.confusionMethodName def getOrigalMethodName(self): return self.origalMethodName def __getattribute__(self, name): return self[name] # 内名内部类 节点 class AnonymousInnerClass: def __init__(self, confusionAnonymousInnerName, origalAnonymousInnerClassName): self.confusionAnonymousInnerName = confusionAnonymousInnerName; self.origalAnonymousInnerClassName = origalAnonymousInnerClassName; def getConfusionAnonymousInnerName(self): return self.confusionAnonymousInnerName def getOrigalAnonymousInnerClassName(self): return self.origalAnonymousInnerClassName def setConfusionAnonymousInnerName(self, confusionAnonymousInnerName): self.confusionAnonymousInnerName = confusionAnonymousInnerName; def getOrigalAnonymousInnerClassName(self): return self.origalAnonymousInnerClassName class MemberEntry: def __init__(self, confusionMemberName, origalMemberName): self.confusionMemberName = confusionMemberName self.origalMemberName = origalMemberName def getConfusionMemberName(self): return self.confusionMemberName def getOrigalMemberName(self): return self.origalMemberName def __getattribute__(self, name): return self[name] class ClassEntry: """ confusionClassName 混淆后的类名 origalClassName 原来的类名 methodEntry:MethodEntry """ def __init__(self, confusionClassName, origalClassName): self.confusionClassName = confusionClassName self.origalClassName = origalClassName self.methodEntry = {} self.memberEntry = {} self.anonymousInnerClass = {} def getConfusionClassName(self): return self.confusionClassName def setMethodEntry(self, methodEntry): self.methodEntry[methodEntry.getConfusionMethodName()] = (methodEntry) def setMemberEntry(self, memberEntry): self.memberEntry[memberEntry.getConfusionMemberName()] = memberEntry; def setAnonymousInnerClassEntry(self, anonymousInnerClass): self.anonymousInnerClass[anonymousInnerClass.getConfusionAnonymousInnerName()] = anonymousInnerClass def getAnonymousInnerClassEntry(self): return self.anonymousInnerClass def getMemberEntry(self): return self.memberEntry def getMethodEntry(self): return self.methodEntry def getOrigalClassName(self): return self.origalClassName def __getattribute__(self, name): return self[name] class Reader(threading.Thread): def __init__(self, res): self.res = res super(Reader, self).__init__() self.result = {} self.spaceReal = " " self.spaceCount = 4 def getResult(self): return self.result; """ m.i$a -> tree.Handle m.i$a a -> d m.i$a b -> c m.i$a c -> a m.i$a d -> b m.i$a e -> RIGHT m.i$a[] f -> $VALUES """ # spaceCount: int 方法及属性空格数量 # line 当前行 # classEntry 当前要组装的类 def parseMethodAndMember(self, spaceCount, line, classEntry): line = line[spaceCount: len(line)] pos = line.find("->"); left = line[0: pos - 1] firstSpacePos = left.find(" ") bracketsPos = left.find("("); if -1 != pos: if -1 != bracketsPos: # left = left.replace(" ", "") classEntry.setMethodEntry(MethodEntry(left[firstSpacePos+1: bracketsPos], line[pos+3: len(line) - 1])) else: # 寻找第一个空格的位置 方法 # print("left : %s" % i.getConfusionMemberName()) # firstSpacePos = left.find(" ") right = line[pos + 3: len(line) - 1] # right = right.replace("\n", "") classEntry.setMemberEntry(MemberEntry( line[firstSpacePos + 1: pos - 1], right )) # def parseFileLBlock(self, pos, endPosition, fstream): global allClassEntry classEntry = None while pos < endPosition: line = fstream.readline() space = line[0: self.spaceCount] if space == self.spaceReal: self.parseMethodAndMember(self.spaceCount, line, classEntry) # 说明当前是包类名 else: pos = line.find("->") if -1 == pos: continue # 判断是否是匿名内部类 # posDoller = line.find("$") # if -1 != posDoller: # masterName = line[0: posDoller]; # length = len(line) - 1 # classEntry = allClassEntry.get(masterName) # anonymousInnerClass = AnonymousInnerClass(line[0: pos-1], line[pos+3: length]) # if not classEntry: # classEntry = ClassEntry(masterName, line[pos+3: length]) # classEntry.setAnonymousInnerClassEntry(anonymousInnerClass) # else: # classEntry.setAnonymousInnerClassEntry(anonymousInnerClass) # else: className = line[0:pos-1] classEntry = ClassEntry(className, line[pos+2: len(line) - 1]) allClassEntry[classEntry.getConfusionClassName()] = (classEntry) # textLine.append(line); #处理line # print(line.strip()) pos = fstream.tell() # def run(self): global curPosition fstream = open(self.res.fileName, 'r') while True: #锁定共享资源 rlock.acquire() startPosition = curPosition curPosition = endPosition = (startPosition + self.res.blockSize) if (startPosition + self.res.blockSize) < self.res.fileSize else self.res.fileSize #释放共享资源 rlock.release() if startPosition == self.res.fileSize: break elif startPosition != 0: fstream.seek(startPosition) fstream.readline() pos = fstream.tell() self.parseFileLBlock(pos, endPosition, fstream) fstream.close() # self.result = allClassEntry; # print(allClassEntry[classEntry.getConfusionClassName()]) # return allClassEntry class Resource(object): def __init__(self, fileName): self.fileName = fileName #分块大小 self.blockSize = 100000000 self.getFileSize() #计算文件大小 def getFileSize(self): fstream = open(self.fileName, 'r') fstream.seek(0, os.SEEK_END) self.fileSize = fstream.tell() fstream.close()