September Update

-Radon v2 antitamper transformer (credit to @Mysels)
-Improved ZKM 8 transformers

Author: ThisTestUser

src/main/java/com/javadeobfuscator/deobfuscator/executor/MethodExecutor.java

@@ -1017,6 +1017,8 @@ private static <T> T execute(ClassNode classNode, MethodNode method, AbstractIns
                     				break;
                     			}
                     		provided = fieldClass.fields.stream().filter(f -> f.name.equals(cast.name) && f.desc.equals(cast.desc)).findFirst().orElse(null).value;
+                    		if(type.getSort() == Type.BOOLEAN)
+                    			provided = (Integer)provided == 0 ? false : true;
                     		context.provider.setField(cast.owner, cast.name, cast.desc, null, provided, context);
                     	}
 
@@ -1097,6 +1099,8 @@ else if(obj instanceof JavaObject)
                     				break;
                     			}
                     		provided = fieldClass.fields.stream().filter(f -> f.name.equals(cast.name) && f.desc.equals(cast.desc)).findFirst().orElse(null).value;
+                    		if(type.getSort() == Type.BOOLEAN)
+                    			provided = (Integer)provided == 0 ? false : true;
                     		context.provider.setField(cast.owner, cast.name, cast.desc, obj, provided, context);
                     	}
 

src/main/java/com/javadeobfuscator/deobfuscator/executor/defined/JVMMethodProvider.java

@@ -146,17 +146,37 @@ public class JVMMethodProvider extends MethodProvider {
                 }
                 return null;
             });
-        }});
-        put("java/io/PushbackInputStream", new HashMap<String, Function3<JavaValue, List<JavaValue>, Context, Object>>() {{
-            put("<init>(Ljava/io/InputStream;I)V", (targetObject, args, context) -> {
-                targetObject.initialize(new PushbackInputStream(args.get(0).as(InputStream.class), args.get(1).intValue()));
+            put("write([BII)V", (targetObject, args, context) -> {
+                try {
+                    targetObject.as(ByteArrayOutputStream.class).write(args.get(0).as(byte[].class), args.get(1).intValue(), args.get(2).intValue());
+                } catch (Exception e) {
+                    e.printStackTrace();
+                }
                 return null;
             });
-            put("unread([BII)V", (targetObject, args, context) -> {
-            	targetObject.as(PushbackInputStream.class).unread(args.get(0).as(byte[].class), args.get(1).intValue(), args.get(2).intValue());
-            	return null;
-            });
-            put("read([BII)I", (targetObject, args, context) -> targetObject.as(PushbackInputStream.class).read(args.get(0).as(byte[].class), args.get(1).intValue(), args.get(2).intValue()));
+        }});
+        put("java/io/ByteArrayInputStream", new HashMap<String, Function3<JavaValue, List<JavaValue>, Context, Object>>() {{
+        	put("available()I", (targetObject, args, context) -> targetObject.as(ByteArrayInputStream.class).available());
+        	put("close()V", (targetObject, args, context) -> {
+        		try {
+        			targetObject.as(ByteArrayInputStream.class).close();
+        		} catch (IOException e) {
+        			e.printStackTrace();
+        		}
+        		return null;
+        	});
+        	put("read([B)I", (targetObject, args, context) -> targetObject.as(ByteArrayInputStream.class).read(args.get(0).as(byte[].class)));
+        }});
+        put("java/io/PushbackInputStream", new HashMap<String, Function3<JavaValue, List<JavaValue>, Context, Object>>() {{
+        	put("<init>(Ljava/io/InputStream;I)V", (targetObject, args, context) -> {
+        		targetObject.initialize(new PushbackInputStream(args.get(0).as(InputStream.class), args.get(1).intValue()));
+        		return null;
+        	});
+        	put("unread([BII)V", (targetObject, args, context) -> {
+        		targetObject.as(PushbackInputStream.class).unread(args.get(0).as(byte[].class), args.get(1).intValue(), args.get(2).intValue());
+        		return null;
+        	});
+        	put("read([BII)I", (targetObject, args, context) -> targetObject.as(PushbackInputStream.class).read(args.get(0).as(byte[].class), args.get(1).intValue(), args.get(2).intValue()));
         }});
         put("java/io/FilterInputStream", new HashMap<String, Function3<JavaValue, List<JavaValue>, Context, Object>>() {{
             put("<init>(Ljava/io/InputStream;)V", (targetObject, args, context) -> {

src/main/java/com/javadeobfuscator/deobfuscator/transformers/allatori/FlowObfuscationTransformer.java

@@ -1111,7 +1111,7 @@ else if(next instanceof LabelNode && hasJump(next, method))
         		}
         System.out.println("[Allatori] [FlowObfuscationTransformer] Fixed " + fixed + " instructions");
         System.out.println("[Allatori] [FlowObfuscationTransformer] Done");
-		return true;
+		return fixed.get() > 0;
     }
 
     private boolean hasJump(AbstractInsnNode ain, MethodNode method)

src/main/java/com/javadeobfuscator/deobfuscator/transformers/allatori/LightFlowObfuscationTransformer.java

@@ -52,7 +52,7 @@ public boolean transform() throws Throwable {
         	}
         System.out.println("[Allatori] [LightFlowObfuscationTransformer] Removed " + fixed + " dead instructions");
         System.out.println("[Allatori] [LightFlowObfuscationTransformer] Done");
-        return true;
+        return fixed.get() > 0;
 	}
 
 	private boolean willPush(AbstractInsnNode ain)

src/main/java/com/javadeobfuscator/deobfuscator/transformers/skidsuite2/FakeExceptionTransformer.java

@@ -50,6 +50,6 @@ else if(tc.handler.getNext().getOpcode() == Opcodes.ACONST_NULL
 		System.out.println("[SkidSuite] [FakeExceptionTransformer] Removed "
 			+ counter.get() + " fake try-catch blocks");
 		System.out.println("[SkidSuite] [FakeExceptionTransformer] Done");
-		return true;
+		return counter.get() > 0;
 	}
 }

src/main/java/com/javadeobfuscator/deobfuscator/transformers/skidsuite2/StringEncryptionTransformer.java

@@ -143,6 +143,6 @@ public boolean transform() throws Throwable {
         });
 
         System.out.println("[SkidSuite2] [StringEncryptionTransformer] Decrypted " + counter + " strings");
-        return true;
+        return counter.get() > 0;
     }
 }

src/main/java/com/javadeobfuscator/deobfuscator/transformers/smoke/NumberObfuscationTransformer.java

@@ -124,7 +124,7 @@ else if(entry.getKey() == a2)
         	classNode.methods = classNode.methods.stream().filter(methodNode -> !numberMethods.containsKey(classNode.name + methodNode.name + methodNode.desc)).collect(Collectors.toList()));
 
         System.out.println("[Smoke] [NumberObfuscationTransformer] Removed " + count.get() + " instructions");
-        return true;
+        return count.get() > 0;
     }
 
     private Integer doMath(int value1, int value2, int opcode) {

src/main/java/com/javadeobfuscator/deobfuscator/transformers/smoke/StringEncryptionTransformer.java

@@ -101,7 +101,7 @@ public boolean transform() throws Throwable {
         System.out.println("[Smoke] [StringEncryptionTransformer] Decrypted " + count + " encrypted strings");
         System.out.println("[Smoke] [StringEncryptionTransformer] Removed " + cleanup(decryptor) + " decryption methods");
         System.out.println("[Smoke] [StringEncryptionTransformer] Done");
-		return true;
+		return count.get() > 0;
     }
 
     private int cleanup(Set<MethodNode> methods)

src/main/java/com/javadeobfuscator/deobfuscator/transformers/special/RadonTransformerV2.java

@@ -1,9 +1,14 @@
 package com.javadeobfuscator.deobfuscator.transformers.special;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.lang.reflect.Modifier;
 import java.util.*;
 import java.util.Map.Entry;
 import java.util.concurrent.atomic.AtomicInteger;
+import java.util.zip.ZipFile;
 
 import org.assertj.core.internal.asm.Opcodes;
 import org.objectweb.asm.Handle;
@@ -28,6 +33,7 @@
 import com.javadeobfuscator.deobfuscator.executor.defined.MappedFieldProvider;
 import com.javadeobfuscator.deobfuscator.executor.defined.MappedMethodProvider;
 import com.javadeobfuscator.deobfuscator.executor.defined.PrimitiveFieldProvider;
+import com.javadeobfuscator.deobfuscator.executor.defined.types.JavaClass;
 import com.javadeobfuscator.deobfuscator.executor.defined.types.JavaMethodHandle;
 import com.javadeobfuscator.deobfuscator.executor.providers.ComparisonProvider;
 import com.javadeobfuscator.deobfuscator.executor.providers.DelegatingProvider;
@@ -41,6 +47,7 @@
 
 public class RadonTransformerV2 extends Transformer<TransformerConfig>
 {
+	public static boolean ANTITAMPER = true;
 	public static boolean EJECTOR = true;
 	public static boolean ANTI_DEBUG = true;
 	public static boolean FLOW_OBF = true;
@@ -110,6 +117,87 @@ public boolean canCheckEquality(JavaValue first, JavaValue second, Context conte
 		AtomicInteger number = new AtomicInteger();
 		AtomicInteger indy = new AtomicInteger();
 		AtomicInteger str = new AtomicInteger();
+		AtomicInteger antiTamper = new AtomicInteger();
+		if(ANTITAMPER)
+		{
+			MethodNode atDecr = null;
+			ClassNode atOwner = null;
+			finder:
+			for(ClassNode classNode : classNodes())
+				if(classNode.methods.size() == 1)
+				{
+					MethodNode method = classNode.methods.get(0);
+					if(!method.desc.equals("(Ljava/lang/String;)Ljava/lang/String;"))
+						continue;
+					Map<Integer, AtomicInteger> insnCount = new HashMap<>();
+					Map<String, AtomicInteger> invokeCount = new HashMap<>();
+					for(AbstractInsnNode i = method.instructions.getFirst(); i != null; i = i.getNext()) {
+						int opcode = i.getOpcode();
+						insnCount.putIfAbsent(opcode, new AtomicInteger(0));
+						insnCount.get(opcode).getAndIncrement();
+						if(i instanceof MethodInsnNode) {
+							invokeCount.putIfAbsent(((MethodInsnNode) i).name, new AtomicInteger(0));
+							invokeCount.get(((MethodInsnNode) i).name).getAndIncrement();
+						}
+					}
+					if(insnCount.get(Opcodes.NEWARRAY) == null || insnCount.get(Opcodes.ISTORE) == null
+						|| insnCount.get(Opcodes.BALOAD) == null || insnCount.get(Opcodes.IOR) == null
+						|| invokeCount.get("toCharArray") == null || invokeCount.get("getResourceAsStream") == null
+						|| invokeCount.get("getMethodName") == null)
+						continue;
+					atDecr = method;
+					atOwner = classNode;
+					break finder;
+				}
+			if(atDecr != null)
+			{
+				ZipFile zipIn = new ZipFile(getDeobfuscator().getConfig().getInput());
+				for(AbstractInsnNode ain : atDecr.instructions.toArray())
+				if (ain.getOpcode() == Opcodes.INVOKEVIRTUAL
+						&& ((MethodInsnNode)ain).owner.equals("java/lang/Class")
+						&& ((MethodInsnNode)ain).name.equals("getResourceAsStream")
+						&& ((MethodInsnNode)ain).desc.equals("(Ljava/lang/String;)Ljava/io/InputStream;"))
+					MethodExecutor.customMethodFunc.put(ain, (list, ctx) -> {
+						try {
+							String clazzName = list.remove(0).as(String.class);
+							list.remove(0).as(JavaClass.class);
+							clazzName = clazzName.substring(1);
+							InputStream in = zipIn.getInputStream(zipIn.getEntry(clazzName));
+							ByteArrayOutputStream baos = cloneInputStream(in);
+							InputStream input = new ByteArrayInputStream(baos.toByteArray());
+							return JavaValue.valueOf(input);
+						} catch (IOException e) {
+							e.printStackTrace();
+						}
+						return null;
+					});
+				for(ClassNode classNode : classNodes())
+					for(MethodNode m : classNode.methods) {
+						InstructionModifier modifier = new InstructionModifier();
+						for(AbstractInsnNode ain : TransformerHelper.instructionIterator(m))
+							if (ain instanceof MethodInsnNode) {
+								MethodInsnNode insn = (MethodInsnNode)ain;
+								if (insn.owner.equals(atOwner.name) && insn.name.equals(atDecr.name)
+									&& insn.desc.equals(atDecr.desc)) {
+									AbstractInsnNode ldc = ain.getPrevious();
+									if (!(ldc instanceof LdcInsnNode) || !(((LdcInsnNode)ldc).cst instanceof String))
+										continue;
+									Context context = new Context(provider);
+									context.push(classNode.name, m.name,
+											getDeobfuscator().getConstantPool(classNode).getSize());
+									context.dictionary = classpath;
+									((LdcInsnNode)ldc).cst = MethodExecutor.execute(atOwner, atDecr,
+											Arrays.asList(JavaValue.valueOf(((LdcInsnNode) ldc).cst)), null, context);
+									modifier.remove(ain);
+									antiTamper.getAndIncrement();
+								}
+							}
+						modifier.apply(m);
+					}
+			}
+			classes.remove(atOwner.name);
+			classpath.remove(atOwner.name);
+		}
 		//Bad Annotations
 		for(ClassNode classNode : classNodes())
 			for(MethodNode method : classNode.methods)
@@ -187,7 +275,7 @@ public boolean canCheckEquality(JavaValue first, JavaValue second, Context conte
 											}else if(last.getOpcode() == Opcodes.PUTFIELD)
 											{
 												if(list.size() != 3)
-													throw new RuntimeException("Unexpected Ejector pattern (PS)");
+													throw new RuntimeException("Unexpected Ejector pattern (PF)");
 												AbstractInsnNode prev = list.get(1);
 												method.instructions.remove(ain.getPrevious());//number
 												method.instructions.insertBefore(ain, prev.clone(null));
@@ -1050,6 +1138,7 @@ && getNextFollowGoto(ain, 2) != null && getNextFollowGoto(ain, 2).getOpcode() ==
 			classes.remove(e.name);
 			classpath.remove(e.name);
 		});
+		System.out.println("[Special] [RadonTransformerV2] Decrypted " + antiTamper + " strings with anti-tamper");
 		System.out.println("[Special] [RadonTransformerV2] Unejected " + eject + " methods");
 		System.out.println("[Special] [RadonTransformerV2] Removed " + antiDebug + " anti-debug injections");
 		System.out.println("[Special] [RadonTransformerV2] Removed " + tryCatch + " try-catch blocks");
@@ -1460,4 +1549,22 @@ private AbstractInsnNode doMath(AbstractInsnNode value1, AbstractInsnNode value2
         }
         throw new RuntimeException();
     }
+    
+	private static ByteArrayOutputStream cloneInputStream(InputStream input)
+	{
+		try
+		{
+			ByteArrayOutputStream baos = new ByteArrayOutputStream();
+			byte[] buffer = new byte[1024];
+			int len;
+			while((len = input.read(buffer)) > -1)
+				baos.write(buffer, 0, len);
+			baos.flush();
+			return baos;
+		}catch(Exception e)
+		{
+			e.printStackTrace();
+			return null;
+		}
+	}
 }

src/main/java/com/javadeobfuscator/deobfuscator/transformers/stringer/HideAccessObfuscationTransformer.java

@@ -436,7 +436,7 @@ public boolean canCheckEquality(JavaValue first, JavaValue second, Context conte
         System.out.println("[Stringer] [HideAccessTransformer] Removed " + (int) cleanedup + " invokedynamic bootstrap methods");
 
         System.out.println("[Stringer] [HideAccessTransformer] Done");
-        return true;
+        return count.get() > 0;
     }
 
     private void castFix(Context context) {

src/main/java/com/javadeobfuscator/deobfuscator/transformers/stringer/InvokedynamicTransformer.java

@@ -51,18 +51,19 @@ public boolean transform() {
         System.out.println("[Stringer] [InvokedynamicTransformer] Finding invokedynamic instructions");
         int amount = findInvokeDynamic();
         System.out.println("[Stringer] [InvokedynamicTransformer] Found " + amount + " invokedynamic instructions");
+        int inlined = 0;
         if (amount > 0) {
             System.out.println("[Stringer] [InvokedynamicTransformer] Inlining invokedynamic");
             long start = System.currentTimeMillis();
-            int inlined = inlineInvokeDynamic(amount);
+            inlined = inlineInvokeDynamic(amount);
             long end = System.currentTimeMillis();
             System.out.println("[Stringer] [InvokedynamicTransformer] Removed " + inlined + " invokedynamic instructions, took " + TimeUnit.MILLISECONDS.toSeconds(end - start) + "s");
             System.out.println("[Stringer] [InvokedynamicTransformer] Cleaning up bootstrap methods");
             int cleanedup = cleanup();
             System.out.println("[Stringer] [InvokedynamicTransformer] Removed " + cleanedup + " bootstrap methods");
         }
         System.out.println("[Stringer] [InvokedynamicTransformer] Done");
-        return true;
+        return inlined > 0;
     }
 
     private int findInvokeDynamic() {

src/main/java/com/javadeobfuscator/deobfuscator/transformers/stringer/ReflectionObfuscationTransformer.java

@@ -53,14 +53,15 @@ public boolean transform() {
         System.out.println("[Stringer] [ReflectionObfuscationTransformer] Starting");
         int count = count();
         System.out.println("[Stringer] [ReflectionObfuscationTransformer] Found " + count + " reflection obfuscation calls");
+        int decrypted = 0;
         if (count > 0) {
-            int decrypted = decrypt(count);
+            decrypted = decrypt(count);
             System.out.println("[Stringer] [ReflectionObfuscationTransformer] Deobfuscated " + decrypted + " reflection obfuscation calls");
             int cleanedup = cleanup();
             System.out.println("[Stringer] [ReflectionObfuscationTransformer] Removed " + cleanedup + " reflection obfuscation classes");
         }
         System.out.println("[Stringer] [ReflectionObfuscationTransformer] Done");
-        return true;
+        return decrypted > 0;
     }
 
     private int count() {

src/main/java/com/javadeobfuscator/deobfuscator/transformers/stringer/ResourceEncryptionTransformer.java

@@ -59,7 +59,7 @@ public boolean transform() {
         int processed = process();
         System.out.println("[Stringer] [ResourceEncryptionTransformer] Processed " + processed + " resources");
         System.out.println("[Stringer] [ResourceEncryptionTransformer] Done");
-        return true;
+        return processed > 0;
     }
 
     private int process() {

src/main/java/com/javadeobfuscator/deobfuscator/transformers/stringer/StringEncryptionTransformer.java

@@ -100,14 +100,15 @@ public boolean transform() {
         	System.out.println("[Stringer] [StringEncryptionTransformer] Concatted " + concat + " strings");
         int count = count();
         System.out.println("[Stringer] [StringEncryptionTransformer] Found " + count + " encrypted strings");
+        int decrypted = 0;
         if (count > 0) {
-            int decrypted = decrypt(count);
+            decrypted = decrypt(count);
             System.out.println("[Stringer] [StringEncryptionTransformer] Decrypted " + decrypted + " encrypted strings");
             int cleanedup = cleanup();
             System.out.println("[Stringer] [StringEncryptionTransformer] Removed " + cleanedup + " decryption classes");
         }
         System.out.println("[Stringer] [StringEncryptionTransformer] Done");
-        return true;
+        return decrypted > 0;
     }
 
     private int concatStrings()