Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AS3 Non-Complex Instruction Execution #11

Open
ArachisH opened this issue Jun 4, 2023 · 0 comments
Open

AS3 Non-Complex Instruction Execution #11

ArachisH opened this issue Jun 4, 2023 · 0 comments

Comments

@ArachisH
Copy link
Owner

ArachisH commented Jun 4, 2023

Allow for the execution of instructions that only utilize the stack for arithmetic, and when instructions are comparing constant values caused by obfuscation.

Motivation

Currently the deobfuscation method in ASCode is capable of reducing the complexity of a method's control flow by removing redundant checks against constant values. Therefore, the idea is to move this logic into another type that allows for the execution of static methods containing basic instructions, as this would allow for more complex methods of deobfuscation.

Consider the following AS3 class which decodes a string at runtime using a collection of integer arrays.

public class SomeClass
{
    private var field1:Array;

    // Non-Static
    public function SomeClass()
    {
        field1 = [10001, 10002, 10002, 10002, 10002];
    }

    // Non-Static 
    public function functionNeedingString() : void
    {
        var local1:* = [0, 0, 0, 0, 0];
        var local2:* = [1, 1, 1, 1, 1];
        var local2:String = getKeyValue(local1, 0)
    }

    // Static
    private static function getKeyValue(param1:Array, param2:int) : String
    {
        var value:String = "";
        for each(var local1 in param1)
        {
            for each(var local2 in local1)
            {
                value += String.fromCharCode(10000 - local2 + param2--);
            }
        }
        return value;
    }
}

Since all of the data required to generate the string is needed, we can load these values into their C# equivalent and call an emulated getKeyValue function to retrieve the string.

@ArachisH ArachisH added this to the 1.x milestone Jun 4, 2023
@ArachisH ArachisH self-assigned this Jun 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant