New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change deobf whitelist behavior #2177
base: master
Are you sure you want to change the base?
Conversation
Hi @bagipro , I proposed this whitelist because deobfuscating "v4" to "p000v4" when it is part of a package name "android.support.v4.*" is in nearly every case a false positive. Before adding this whitelist these false positives could even be found when you tried to deofuscate an non-obfuscated app. Do you have any example where this whitelist introduces new false positives? If so, I think the better way is to detect and prevent the false positives. |
Hey @nitram84, Ahh yes. I've always used jadx with
My idea was to make this feature consistent, i.e. it should consider class content, not just class and package names. I think the best way to cover all cases would be to change |
Hi @bagipro, I understand. You are right, with But I'm not sure if Also the whitelist is currently not the only feature that relies only on class and package names without considering the class content. We have already
With If it is possible I would like to keep the whitelist for |
Hey!
It should be 26 * 26 (2 characters) or 35 * 35 (2 characters when including numbers). Additionally, jadx avoids duplicated class/package names (it's applicable for obfuscated apps) and name collisions for case-insensitive file systems, so it shouldn't be a problem.
But do you think it would be a problem when the default value is 2? I mean that if someone changes it to higher numbers, let's say 4, many more classes than the default whitelist will be affected. Thanks! |
I also think that changing @bagipro I think I can slightly improve performance of your check for subpackages (match over stream). I will apply these changes with undo of default values changes. |
@skylot But a bug might happen if we keep the default whitelist, keep What do you think about this? That's why my idea was to use 2 of these workarounds. |
Well, deobfuscation isn't supposed to fix compilation errors, we have other checks for that. Ideally, jadx should output correct code even with disabled deobfuscation 🙂 |
This PR changes the behavior of the
--deobf-whitelist
arg:androidx.*
orandroid.support.*
libraries undeobfuscated. If it is a non-obfuscated application, it will not be changed anyway. However, if some crazy obfuscation is applied, it might get moved to weird packages likep000
. So I removed the defaults