现象:反编译代码严重不对,把鼠标移到可疑点提示如下:
解决方法:
parsers.dcmp_dex.EmulationSupport 由 2改为0.
1.所有工程
编辑->选项
2.函数级别
对着函数右键菜单,解析with options...
原理文章:
JEB Android Updates – Generic String Decryption, Lambda Recovery, Unreflecting Code, and More
JEB Android Updates – Generic String Decryption, Lambda Recovery, Unreflecting Code, and More
Updated on March 11.
A note about 2020 Q1 updates (versions 3.10 to 3.16) regarding the DEX/Dalvik decompiler modules:
- Generic String Decryption
- Lambda Recovery
- Unreflecting Code
- Decompiling Java Bytecode
- Auto-Rename All
Generic String Decryption
JEB ships with a generic deobfuscator that can perform on-the-fly string decryption and other complex optimizations. Although this optimizer performs safe (i.e., guaranteed) optimizations in most cases, it is unsafe in the general case case and therefore, may be disabled in the options. Refer to the Engines options .parsers.dcmp_dex.EnableDeobfuscators and .parsers.dcmp_dex.EmulationSupport.
Many code protectors such as DexGuard, Arxan, Dash-O, Allatori, etc. offer options to replace immediate string constants by method invocations that perform on-the-fly decryption.
A variety of techniques exist, ranging from simple one-off trivial decryptor methods, to complex schemes involving object(s) creation, complicated decryptors injected in third-party packages, non-trivial logic, junk code meant to slow down analyzers, use of opaque predicates, etc. They are implemented in an infinite number of ways. JEB’s generic deobfuscator can perform quick, safe emulation of the intermediate representation to provide a replacement. It may sometimes fail or bail out due to several reasons, such as performance or pitfalls like anti-emulation and anti-sandboxing techniques.
Example 1
The string decryptor is a static method reading encrypted string data in a class