From 96083daa2ceac8fb4b29b8c30f981964c9ae766b Mon Sep 17 00:00:00 2001 From: ItzSomebody <23221108+ItzSomebody@users.noreply.github.com> Date: Tue, 14 Apr 2020 10:51:36 -0700 Subject: [PATCH] Remove stupid scoring and tidy up entries --- decompiler-tool-bugs/entry-001/entry.md | 50 ++++++--- decompiler-tool-bugs/entry-002/entry.md | 21 +--- decompiler-tool-bugs/entry-003/entry.md | 10 +- decompiler-tool-bugs/entry-004/entry.md | 42 +++++--- decompiler-tool-bugs/entry-005/entry.md | 24 ----- decompiler-tool-bugs/entry-006/entry.md | 10 +- decompiler-tool-bugs/entry-007/entry.md | 9 +- decompiler-tool-bugs/entry-008/entry.md | 37 ++++--- decompiler-tool-bugs/entry-009/entry.md | 115 +++++++++++++++++---- decompiler-tool-bugs/entry-010/entry.md | 26 +---- decompiler-tool-bugs/entry-011/entry.md | 114 +-------------------- decompiler-tool-bugs/entry-012/entry.md | 30 +++--- decompiler-tool-bugs/entry-013/entry.md | 128 +++++++++++++++++++----- readme.md | 22 +--- 14 files changed, 315 insertions(+), 323 deletions(-) diff --git a/decompiler-tool-bugs/entry-001/entry.md b/decompiler-tool-bugs/entry-001/entry.md index ec9bb33..3b1b427 100644 --- a/decompiler-tool-bugs/entry-001/entry.md +++ b/decompiler-tool-bugs/entry-001/entry.md @@ -1,25 +1,47 @@ # entry-001 -Modifies MANIFEST.MF byte headers by setting jar archive byte offsets of 0x6 +Modifies MANIFEST.MF byte headers by setting JAR archive byte offsets of 0x6 and 0x7 to 0x0 and 0x8 to 0x8. ## Bytecode-Viewer -Bytecode-Viewer crashes upon trying to load the jar entries. - -#### Scoring -Consistency: 10 -Practicality: 7 -Total score: 0.85 +Bytecode-Viewer crashes upon attempting to load the JAR entries. Crash log: +``` +java.util.zip.ZipException: invalid entry size (expected 0 but got 443 bytes) + at java.util.zip.ZipInputStream.readEnd(ZipInputStream.java:384) + at java.util.zip.ZipInputStream.read(ZipInputStream.java:196) + at java.io.FilterInputStream.read(FilterInputStream.java:107) + at the.bytecode.club.bytecodeviewer.util.JarUtils.getBytes(JarUtils.java:175) + at the.bytecode.club.bytecodeviewer.util.JarUtils.put(JarUtils.java:65) + at the.bytecode.club.bytecodeviewer.BytecodeViewer$6.run(BytecodeViewer.java:849) +java.util.zip.ZipException: invalid entry size (expected 0 but got 443 bytes) + at java.util.zip.ZipInputStream.readEnd(ZipInputStream.java:384) + at java.util.zip.ZipInputStream.read(ZipInputStream.java:196) + at java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:140) + at the.bytecode.club.bytecodeviewer.util.JarUtils.put(JarUtils.java:86) + at the.bytecode.club.bytecodeviewer.BytecodeViewer$6.run(BytecodeViewer.java:849) +``` #### Patch Date 2019-04-17 ## Helios -Helios crashes upon trying to load the jar entries. - -#### Scoring -Consistency: 10 -Practicality: 7 -Total score: 0.85 +Helios crashes upon trying to load the JAR entries. Crash log: +``` +java.util.zip.ZipException: invalid entry size (expected 0 but got 443 bytes) + at java.util.zip.ZipInputStream.readEnd(ZipInputStream.java:384) + at java.util.zip.ZipInputStream.read(ZipInputStream.java:196) + at java.io.FilterInputStream.read(FilterInputStream.java:107) + at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2146) + at org.apache.commons.io.IOUtils.copy(IOUtils.java:2102) + at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2123) + at org.apache.commons.io.IOUtils.copy(IOUtils.java:2078) + at org.apache.commons.io.IOUtils.toByteArray(IOUtils.java:721) + at com.heliosdecompiler.helios.controller.files.OpenedFile.readQuick(OpenedFile.java:115) + at com.heliosdecompiler.helios.controller.files.OpenedFile.reset(OpenedFile.java:69) + at com.heliosdecompiler.helios.controller.files.OpenedFile.(OpenedFile.java:53) + at com.heliosdecompiler.helios.controller.files.OpenedFileController.lambda$openFile$0(OpenedFileController.java:54) + at com.heliosdecompiler.helios.controller.backgroundtask.BackgroundTask.run(BackgroundTask.java:45) + at java.lang.Thread.run(Thread.java:748) +``` #### Patch Date -N/A \ No newline at end of file +N/A diff --git a/decompiler-tool-bugs/entry-002/entry.md b/decompiler-tool-bugs/entry-002/entry.md index 453e15f..26a9384 100644 --- a/decompiler-tool-bugs/entry-002/entry.md +++ b/decompiler-tool-bugs/entry-002/entry.md @@ -2,36 +2,21 @@ Name of non-class resources ends in .class. ## JByteEdit -JByteEdit refuses to load the jar due to invalid classes. - -#### Scoring -Consistency: 10 -Practicality: 6 -Total score: 0.80 +JByteEdit refuses to load the JAR due to invalid classes. #### Patch Date N/A ## JByteMod-Beta JByteMod-Beta skips loading and saving the resources due to invalid classes. This causes said -resources to be removed from the jar archive on a save. - -#### Scoring -Consistency: 10 -Practicality: 5 -Total score: 0.75 +resources to be removed from the JAR archive on a save. #### Patch Date N/A ## Bytecode-Viewer Bytecode-Viewer skips loading and saving the resources due to invalid classes. This causes said -resources to be removed from the jar archive on a save. - -#### Scoring -Consistency: 10 -Practicality: 5 -Total score: 0.75 +resources to be removed from the JAR archive on a save. #### Patch Date 2019-04-17 diff --git a/decompiler-tool-bugs/entry-003/entry.md b/decompiler-tool-bugs/entry-003/entry.md index de167a2..3f8677b 100644 --- a/decompiler-tool-bugs/entry-003/entry.md +++ b/decompiler-tool-bugs/entry-003/entry.md @@ -1,15 +1,9 @@ # entry-003 -Sets the path of a class to META-INF/\u0000/ which is a method of hiding classes against file -archivers popularized by samczsun. According to samczsun, this also causes issues with Java 7, -so you were warned. +Prepends META-INF/\u0000/ to the start of a class name which is a method of hiding classes against file +archivers popularized by samczsun. However, this trick is incompatible with Java 7, and any Java version above 9. ## Non-Java Archivers Non-Java archivers (7zip, WinRAR, Windows, etc.) are unable to display the classes. -#### Scoring -Consistency: 10 -Practicality: 6 -Total score: 0.80 - #### Patch Date N/A diff --git a/decompiler-tool-bugs/entry-004/entry.md b/decompiler-tool-bugs/entry-004/entry.md index 9ca58f2..06e1abe 100644 --- a/decompiler-tool-bugs/entry-004/entry.md +++ b/decompiler-tool-bugs/entry-004/entry.md @@ -11,28 +11,44 @@ L92: pop2 ; Stack = [-893664644] L93: ldc -893664644 ; Stack = [-893664644, -893664644] L95: ixor ; Stack = [0] ``` +In the PoC linked with the entry, this should decompile to +```java +public class Example { + public static void main(String[] var0) { + System.out.println(-893664644 ^ -893664644); + } +} +``` ## FernFlower FernFlower is unable to parse the stack correctly resulting in changed code and sometimes illegal -code. - -#### Scoring -Consistency: 10 -Practicality: 7 -Decompiler Inaccuracy: 6 -Total score: 0.77 +code. Decompiled result of poc.jar: +```java +public class Example { + public static void main(String[] var0) { + int var10001 = -893664644; + System.out.println(-893664644 ^ 2030482428); + } +} +``` #### Patch Date Unknown ## JD-GUI -JD-GUI is unable to parse the stack correctly resulting in changed and often illegal code. +JD-GUI is unable to parse the stack correctly resulting in changed and, in some cases, illegal code. Decompiled result of poc.jar: +```java +import java.io.PrintStream; -#### Scoring -Consistency: 10 -Practicality: 8 -Decompiler Inaccuracy: 8 -Total score: 0.87 +public class Example +{ + public static void main(String[] paramArrayOfString) + { + -893664644; + System.out.println(0x7906B3FC ^ 0xCABBC27C); + } +} +``` #### Patch Date N/A \ No newline at end of file diff --git a/decompiler-tool-bugs/entry-005/entry.md b/decompiler-tool-bugs/entry-005/entry.md index 9995025..983e872 100644 --- a/decompiler-tool-bugs/entry-005/entry.md +++ b/decompiler-tool-bugs/entry-005/entry.md @@ -6,47 +6,23 @@ random signature-read errors by the JVM. ## JD-GUI JD-GUI crashes on attempting to decompile the class. -#### Scoring -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date 2019-05-13 ## Procyon Procyon crashes on attempting to decompile the class. -#### Scoring -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A ## CFR CFR < 0.138 crashes on attempting to decompile the class. -#### Scoring -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date 2018-12-14 ## javap javap crashes on attempting to disassemble the class. -#### Scoring -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A \ No newline at end of file diff --git a/decompiler-tool-bugs/entry-006/entry.md b/decompiler-tool-bugs/entry-006/entry.md index 0b79f9a..5b6f83d 100644 --- a/decompiler-tool-bugs/entry-006/entry.md +++ b/decompiler-tool-bugs/entry-006/entry.md @@ -1,18 +1,12 @@ # entry-006 -Presents a primitive integer as an Object to a bootstrap method parameter via an invokedynamic opcode. +Presents a primitive integer as an Object to a bootstrap method parameter via an invokedynamic opcode. Example of reproduction via OW2's ASM library. ```java methodVisitor.visitInvokeDynamicInsn("example", "(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;", bsm, 1); ``` ## CFR -CFR fails on decompiling the methods and leaves a relevant error in the method body. - -#### Scoring -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 +CFR fails on decompiling the methods with said invokedynamic present and leaves a relevant error in the method body. #### Patch Date 2018-12-14 \ No newline at end of file diff --git a/decompiler-tool-bugs/entry-007/entry.md b/decompiler-tool-bugs/entry-007/entry.md index 9372663..74ef5bc 100644 --- a/decompiler-tool-bugs/entry-007/entry.md +++ b/decompiler-tool-bugs/entry-007/entry.md @@ -1,18 +1,11 @@ # entry-007 Wraps the handler type class name with `L` and `;` as found [here](https://github.com/ItzSomebody/Radon/pull/60). This is verified to cause -Java 11 to refuse to load the class. Known to work all the way up to Java 8 -(1.8.0_201). +Java 9+ to refuse to load the class. Known to work completely fine Java 8. ## Krakatau Krakatau is unable to decompile the method due to it not being able to find the handler class. -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 5 -Total score: 0.60 - #### Patch Date 2019-6-11 diff --git a/decompiler-tool-bugs/entry-008/entry.md b/decompiler-tool-bugs/entry-008/entry.md index 29f4741..58d2721 100644 --- a/decompiler-tool-bugs/entry-008/entry.md +++ b/decompiler-tool-bugs/entry-008/entry.md @@ -8,24 +8,35 @@ with the first block resulting in behavior change. Issue link: https://github.com/leibnitz27/cfr/issues/4 -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 7 -Total score: 0.67 - #### Patch Date 2019-06-13 ## JD-GUI -JD-GUI decompiles the method completely wrong. The result is a behavior change -and unreachable code. +JD-GUI decompiles the method completely wrong. The result is a behavior change and unreachable code. Decompiled result of poc.jar: +```java +import java.io.PrintStream; -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 9 -Total score: 0.73 +public class Test +{ + public static void main(String[] paramArrayOfString) + { + for (;;) + { + System.out.println("Hello #2"); + return; + try + { + System.out.println("Hello #1"); + null; + } + catch (FakeException localFakeException) + { + return; + } + } + } +} +``` #### Patch Date N/A \ No newline at end of file diff --git a/decompiler-tool-bugs/entry-009/entry.md b/decompiler-tool-bugs/entry-009/entry.md index a477c23..e7d4c31 100644 --- a/decompiler-tool-bugs/entry-009/entry.md +++ b/decompiler-tool-bugs/entry-009/entry.md @@ -1,42 +1,119 @@ # entry-009 Inserts a try-catch block with a handler type of null (used to implement finally keyword). It will always delegate the control flow into a specific region of code. +Semantically equivalent Java code to poc.jar: +``` +public class Test { + private static int willBeTrue; + + private static void doThrow() { + willBeTrue = 1; + throw null; + } + + public static void main(String[] a) { + try { + Test.doThrow(); + } catch(Throwable ignoredException) { + } + if (willBeTrue != 0) { + System.out.println("Hello"); + } + } +} +``` ## Procyon Procyon does not recognize the non-javac-like use of a null catch type. This -results in inaccurate code due to the exception not being handled correctly. - -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 7 -Total score: 0.67 +results in inaccurate code due to the exception not being handled correctly. Decompiled result of poc.jar: +```java +public class Test +{ + private static int willBeTrue; + + private static void doThrow() { + Test.willBeTrue = 1; + throw null; + } + + public static void main(final String[] array) { + try { + doThrow(); + } + finally {} + if (Test.willBeTrue != 0) { + System.out.println("Hello"); + } + } +} +``` #### Patch Date N/A ## FernFlower FernFlower does not recognize the non-javac-like use of a null catch type. -This results in inaccurate code due to the exception not being handled correctly. +This results in inaccurate code due to the exception not being handled correctly. Decompiled result of poc.jar: +```java +public class Test { + private static int willBeTrue; + + private static void doThrow() { + willBeTrue = 1; + throw null; + } + + public static void main(String[] var0) { + try { + doThrow(); + } finally { + ; + } + + if (willBeTrue != 0) { + System.out.println("Hello"); + } -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 7 -Total score: 0.67 + } +} +``` #### Patch Date N/A ## JD-GUI JD-GUI does not recognize the non-javac-like use of a null catch type. This -results in completely wrong code which is in no way semantically equivalent. +results in completely wrong code which is in no way semantically equivalent. Decompiled result of poc.jar: +```java +import java.io.PrintStream; -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 9 -Total score: 0.73 +public class Test +{ + private static int willBeTrue; + + private static void doThrow() + { + willBeTrue = 1; + throw null; + } + + public static void main(String[] paramArrayOfString) + { + for (;;) + { + if (willBeTrue != 0) { + System.out.println("Hello"); + } + return; + try + { + doThrow(); + } + finally {} + } + } +} +``` #### Patch Date N/A diff --git a/decompiler-tool-bugs/entry-010/entry.md b/decompiler-tool-bugs/entry-010/entry.md index 6f1f17a..e974dad 100644 --- a/decompiler-tool-bugs/entry-010/entry.md +++ b/decompiler-tool-bugs/entry-010/entry.md @@ -1,39 +1,21 @@ # entry-010 -Sets an invalid CRC for a ZipEntry. Java does not verify the CRC of a ZipEntry +Sets an invalid CRC for a ZipEntry. The JVM does not verify the CRC of a ZipEntry allowing abuse to prevent zip extraction. ## Krakatau -Krakatau will crash on extracting the classes. - -#### Scoring -Consistency: 10 -Practicality: 7 -Decompiler Inaccuracy: 5 -Total score: 0.73 +Krakatau will crash on extracting the classes due to CRC verification. #### Patch Date N/A ## Bytecode-Viewer -Bytecode-Viewer will crash on attempting to load the JAR. - -#### Scoring -Consistency: 10 -Practicality: 7 -Decompiler Inaccuracy: 5 -Total score: 0.73 +Bytecode-Viewer will crash on attempting to load the JAR due to CRC verification. #### Patch Date 2019-04-17 ## Helios -Helios will crash on attempting to load the JAR. - -#### Scoring -Consistency: 10 -Practicality: 7 -Decompiler Inaccuracy: 5 -Total score: 0.73 +Helios will crash on attempting to load the JAR due to CRC verification. #### Patch Date N/A diff --git a/decompiler-tool-bugs/entry-011/entry.md b/decompiler-tool-bugs/entry-011/entry.md index f5c5214..b2485a1 100644 --- a/decompiler-tool-bugs/entry-011/entry.md +++ b/decompiler-tool-bugs/entry-011/entry.md @@ -58,13 +58,6 @@ This either crashes or corrupts almost all Java reverse-engineering tools due to JD parses the code attribute incorrectly leading to a decompile fail. -#### Scoring - -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -73,13 +66,6 @@ N/A Procyon parses the code attribute incorrectly leading to a decompile fail. -#### Scoring - -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -88,13 +74,6 @@ N/A FernFlower parses the code attribute incorrectly leading to a decompile fail. -#### Scoring - -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -103,13 +82,6 @@ N/A ASM parses and writes the code attribute incorrectly leading to a disassembly fail and an incorrectly written class. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -118,13 +90,6 @@ N/A Javassist parses and writes the code attribute incorrectly leading to a disassembly fail and an incorrectly written class. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -133,13 +98,6 @@ N/A BCEL parses and writes the code attribute incorrectly leading to a disassembly fail and an incorrectly written class. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -148,13 +106,6 @@ N/A BCV will either represent the class incorrectly or crash due to its reliance on ASM. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date 2019-06-14 @@ -163,13 +114,6 @@ Total score: 0.67 JBE will either represent the class incorrectly or crash due to its reliance on ASM. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -178,13 +122,6 @@ N/A JBEB will either represent the class incorrectly or crash due to its reliance on ASM. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -193,13 +130,6 @@ N/A Helios will either represent the class incorrectly or crash due to its reliance on ASM. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -208,13 +138,6 @@ N/A java-deobfuscator will either represent the class incorrectly or crash due to its reliance on ASM. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -223,13 +146,6 @@ N/A Recaf will either represent the class incorrectly or crash due to its reliance on ASM. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -238,27 +154,13 @@ N/A DirtyJOE parses and writes the code attribute incorrectly leading to a disassembly fail and an incorrectly written class. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A ## radare2 -radare2 parses the code attribute incorrectly leading to a disassembly fail.. - -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 +radare2 parses the code attribute incorrectly leading to a disassembly fail. #### Patch Date @@ -268,13 +170,6 @@ N/A Ghidra parses the code attribute incorrectly leading to a disassembly fail. -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A @@ -285,13 +180,6 @@ Javap parses code attribute incorrectly leading to a disassembly fail. https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8232598 -#### Scoring - -Consistency: 10 -Practicality: 5 -Disassembler Inaccuracy: 5 -Total score: 0.67 - #### Patch Date N/A diff --git a/decompiler-tool-bugs/entry-012/entry.md b/decompiler-tool-bugs/entry-012/entry.md index f3a7d65..61a07ec 100644 --- a/decompiler-tool-bugs/entry-012/entry.md +++ b/decompiler-tool-bugs/entry-012/entry.md @@ -8,35 +8,29 @@ A more detailed writeup can be found [here](https://github.com/cookiedragon234/f Note: this will not work on earlier versions of JVM 1.8 and below. -# Bytecode-Viewer +## Bytecode-Viewer BCV does not take this edge case into account when loading the JAR archive entries and as a result does not parse the classfiles. -#### Scoring -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 +#### Patch Date -# JByteEdit +N/A + +## JByteEdit JBE does not take this edge case into account when loading the JAR archive entries and as a result does not parse the classfiles. -#### Scoring -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 +#### Patch Date + +N/A -# JByteMod-Beta +## JByteMod-Beta JBM does not take this edge case into account when loading the JAR archive entries and as a result does not parse the classfiles. -#### Scoring -Consistency: 10 -Practicality: 5 -Decompiler Inaccuracy: 5 -Total score: 0.67 +#### Patch Date + +N/A diff --git a/decompiler-tool-bugs/entry-013/entry.md b/decompiler-tool-bugs/entry-013/entry.md index f361f0c..b6abbca 100644 --- a/decompiler-tool-bugs/entry-013/entry.md +++ b/decompiler-tool-bugs/entry-013/entry.md @@ -1,54 +1,128 @@ # entry-013 -Traps a getstatic instruction and lets the fetched value fall-through into a method invocation. +Traps a getstatic instruction and lets the fetched value fall-through into a method invocation. Semantically equivalent Java code to poc.jar: +```java +public class Hello { + private static void doThrow(java.io.PrintStream a) { + throw null; + } + + public static void main(String[] a) { + Hello.doThrow(System.out); + System.out.println("you should never see this"); + } +} +``` ## CFR CFR decompiles the method but moves the method invocation inside of the trapped range. -This results in a potential behavior change. +This results in a potential behavior change. Decompiled result of poc.jar: +```java +import java.io.PrintStream; -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 7 -Total score: 0.67 +public class Hello { + private static void doThrow(PrintStream printStream) { + throw null; + } + + /* + * Enabled unnecessary exception pruning + */ + public static void main(String[] arrstring) { + try { + Hello.doThrow((PrintStream)System.out); + } + catch (NullPointerException nullPointerException) { + // empty catch block + } + System.out.println("you should never see this"); + } +} +``` #### Patch Date N/A ## JADX JADX decompiles the method but moves the method invocation inside of the trapped range. -This results in a potential behavior change. +This results in a potential behavior change. Decompiled result of poc.jar: +```java +package defpackage; + +import java.io.PrintStream; -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 9 -Total score: 0.73 +/* renamed from: Hello */ +public class Hello { + private static void doThrow(PrintStream printStream) { + throw null; + } + + public static void main(String[] strArr) { + try { + Hello.doThrow(System.out); + } catch (NullPointerException e) { + } + System.out.println("you should never see this"); + } +} +``` #### Patch Date N/A ## Procyon Procyon decompiles the method but moves the method invocation inside of the trapped range. -This results in a potential behavior change. +This results in a potential behavior change. Decompiled result of poc.jar: +```java +import java.io.*; -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 9 -Total score: 0.73 +public class Hello +{ + private static void doThrow(final PrintStream printStream) { + throw null; + } + + public static void main(final String[] array) { + try { + doThrow(System.out); + null; + } + catch (NullPointerException ex) { + System.out.println("you should never see this"); + } + } +} +``` #### Patch Date N/A ## JD-GUI -JD=GUI decompiles the method but moves the method invocation inside of the trapped range. -This results in a potential behavior change. - -#### Scoring -Consistency: 10 -Practicality: 3 -Decompiler Inaccuracy: 9 -Total score: 0.73 +JD-GUI decompiles the method but moves the method invocation inside of the trapped range. +This results in a potential behavior change. Decompiled result of poc.jar: +```java +import java.io.PrintStream; + +public class Hello +{ + private static void doThrow(PrintStream paramPrintStream) + { + throw null; + } + + public static void main(String[] paramArrayOfString) + { + try + { + doThrow(System.out); + return; + } + catch (NullPointerException localNullPointerException) + { + System.out.println("you should never see this"); + } + } +} +``` #### Patch Date N/A diff --git a/readme.md b/readme.md index 8c8a6b1..9a83f95 100644 --- a/readme.md +++ b/readme.md @@ -1,18 +1,10 @@ # StopDecompilingMyJava -This is a repository intended to succeed [samczun's repository (fork)](https://github.com/Janmm14/decompiler-vulnerabilities-and-bugs) -by attempting to find bugs in various Java reverse-engineering tools and posting obfuscation techniques. Some differences between +This repository, inspired by [samczun's repository (fork)](https://github.com/Janmm14/decompiler-vulnerabilities-and-bugs), +contains edge cases which raise bugs in Java reverse-engineering tools. Some differences between samczun's repository and this one for decompiler vulnerabilities are: -* A different scoring system. -* Vulnerabilities for multiple tools, not just the 5 decompilers samczun specifically targeted. - -## Scoring - -Scoring for decompiler bugs/vulnerabilities is per-decompiler/tool and is split up into the following several categories: -* **Consistency** - On a scale of 1 to 10, how frequently does this bug/vulnerability occur in various samples? 10 being always, 1 being now and then. -* **Practicality** - On a scale of 1 to 10, how practical is this kind of bug/vulnerability to use/implement? 10 being easy to implement and use, 1 being extremely difficult to implement or use correctly. -* **Decompiler Inaccuracy** - On a scale of 1 to 10, how inaccurately does a decompiler display the intent of the method? 10 being a completely wrong result, 1 being an unaffected result. (Crashing the decompiler counts as 5) This scoring is omitted for non-decompiler tools. -* **Total score** - Total score is the average score (`(Score) / (Maximum score)`) rounded off to two decimals. +* No scoring system. +* The edge cases found in this repository also aim to work against RE tools in general, not just the 5 in samczsun's repository. ## Entry format @@ -23,12 +15,6 @@ Put description of bug / vulnerability / obfuscation technique here. ## Decompiler / Tool name (Do this for each tool this targets) Put description of how bug / vulnerability / obfuscation technique affects decompiler / tool. -#### Scoring -Consistency: Put consistency score here -Practicality: Put practicality score here -Decompiler Inaccuracy: Put decompiler inaccuracy here -Total score: Put total score here - #### Patch Date Put patch date here in `YYYY-MM-DD` format. If non exists, put N/A. ```