December Update

-Added detectors for allatori
-Improved transformer recommendations
-Better detectors for ZKM
-Small fixes

Author: ThisTestUser

commonerrors/Allatori.md

@@ -1,2 +1,5 @@
 ## Flow Obfuscation
-The latest versions of Allatori contain some flow obfuscation which moves around some instructions, so it is necessary to run allatori.FlowObfuscationTransformer to fix this. This transformer should always work, but if it doesn't, open an issue! Note: It is not necessary to run this before allatori.StringEncryptionTransformer.
+The latest versions of Allatori contain some flow obfuscation which moves around some instructions, so it is necessary to run allatori.FlowObfuscationTransformer to fix this. This transformer should always work, but if it doesn't, open an issue (an exception is if there is another type of flow obfuscation layered over it)! Note: It is not necessary to run this before allatori.StringEncryptionTransformer.
+
+## Transformers to Use
+allatori.StringEncryptionTransformer works the fastest, although in rare cases where it doesn't work, you can use allatori.string.StringEncryptionTransformer.

commonerrors/DashO.md

@@ -1,2 +1,5 @@
 ## String Encryption
-If you get an error relating to SourceResult, it is because DashO's flow obfuscation was applied, which messes with the string decryptor. Run dasho.FlowObfuscationTransformer first, and you will able to decrypt all the strings.
+If you get an error relating to SourceResult, it is because DashO's flow obfuscation was applied, which messes with the string decryptor. Run dasho.FlowObfuscationTransformer first, and you will able to decrypt all the strings.
+
+## Transformers to Use
+dasho.StringEncryptionTransformer works the fastest (and it cleans up properly), although in rare cases where it doesn't work (you get an error not related to SourceResult), you can use dasho.string.StringEncryptionTransformer.

commonerrors/General.md

@@ -1 +1,17 @@
-In general, files must be deobfuscated in the reverse order in which obfuscators were applied. For example, if your file is obfuscated with Stringer and then Allatori, you would run the Allatori transformers, and then the Stringer ones. Also, if an obfuscator was applied multiple times (e.g. several layers of Allatori), you must run the transformers multiple times. The only exception with this rule is with flow obfuscation transformers, which typically do not need to be run multiple times.
+## Ordering
+In general, files must be deobfuscated in the reverse order in which obfuscators were applied. For example, if your file is obfuscated with Stringer and then Allatori, you would run the Allatori transformers, and then the Stringer ones. Also, if an obfuscator was applied multiple times (e.g. several layers of Allatori), you must run the transformers multiple times. The only exception with this rule is with flow obfuscation transformers, which typically do not need to be run multiple times.
+
+## Write Errors
+If you see an error similar to "ClassA could not be found while writing ClassB" it is NOT a deobfuscation error. It just means that you have not added the right libraries. Unless you are trying to run the outputted file (Note: There are no guarantees that it will run, especially with obfuscators like ZKM) it will not affect you.
+
+## Adding Libraries
+Adding libraries is usually good practice, but isn't necessary unless you are dealing with reflection obfuscation. If you are having trouble adding libraries, you can use deobfuscator-gui (https://github.com/java-deobfuscator/deobfuscator-gui) and add the library JARs to the "Path" tab. Libraries are what the program needs to run, so rt.jar (look this up!) should always be added. Then, check what JARs need to be available (for example, spigot plugins would need the spigot JAR) and add them accordingly.
+
+## ZIP Compression Errors
+If your file cannot be opened in Bytecode Viewer or another decompiler (and it has valid classes), it may be using a certain ZIP compression that crashes decompilers. In that case, be sure to run deobfuscator on it once with no transformers, and then decompile the output ZIP. This will most likely fix the error.
+
+## ASM Errors
+If the class files cannot be loaded (an error like IllegalArgumentException appears) and you are **certain** that they are valid, that means that an ASM exploit is being used. Since ASM is unable to parse these files, the deobfuscator is unable to deobfuscate it.
+
+## Normalizers
+Normalizers should always be used last. If it is used first, then any string or reference obfuscation transformers applied afterwards will most likely fail, because they require that the classes and methods to retain their obfuscated names.

commonerrors/Radon.md

@@ -1,2 +1,2 @@
 ## RadonTransformer(V2)
-RadonTransformer was meant to work on the earlier versions of Radon, while RadonTransformerV2 works on the later versions. Use RadonTransformer first, and if it doesn't work, use RadonTransformerV2. Note that there are some settings in the transformer that you cannot configure without forking the project.
+RadonTransformer was meant to work on the earlier versions of Radon, while RadonTransformerV2 works on the later versions. Use RadonTransformer first, and if it doesn't work, use RadonTransformerV2. Note that there are some settings in the transformer that you cannot configure without forking the project. Also, if your file has invokedynamic obfuscation, you should add all required libraries.

commonerrors/Stringer.md

@@ -1,2 +1,5 @@
 ## HideAccess Obfuscation
-If you see an error while running the transformer, it means that you did not remove the string encryption. Run stringer.StringEncryptionTransformer first and you will be able decrypt Stringer's hide access. Note that you need to add all libraries that are used by the JAR, otherwise you will not be able to decrypt the file!
+If you see an error while running the transformer, it means that you did not remove the string encryption. Run stringer.StringEncryptionTransformer first and you will be able decrypt Stringer's hide access. Note that you need to add all libraries that are used by the JAR, otherwise you will not be able to decrypt the hide access!
+
+## Other Stringer Transformers
+In general, you should only use stringer.HideAccessTransformer, stringer.StringEncryptionTransformer, and stringer.ResourceEncryptionTransformer. The stringer.vX transformers are meant for specific versions of Stringer and should not be combined with the stringer.StringEncryption or stringer.HideAccess transformers.

commonerrors/UnknownObf.md

@@ -0,0 +1,5 @@
+## Finding Obfuscators
+If the "detect" option did not show any obfuscators, be sure to try running most of the transformers (excluding the general category) first. If none of them are able to deobfuscate the file, check if the file doesn't just have name obfuscation (which is not reversible, but you can rename them to generic names using normalizers). It is recommended to decompile the file to try to find the type of obfuscation, as the detect feature is not perfect. Scroll to the bottom of this repo to get some examples of code to look for: https://github.com/GraxCode/threadtear
+
+## A Note on the Detect Feature
+The detect feature mainly searches for string encryption and sometimes reflection obfuscation methods. This means that if a file is only obfuscated with flow obfuscation, the detect feature will not be able to find the type of obfuscation used. Also, obfuscators that are rarely seen (like SkidSuite) or have too many variations (like Radon) will not be detected.

commonerrors/Zelix.md

@@ -1,5 +1,11 @@
 ## String Encryption
-The string encryption transformer supports ZKM 5-8. If the file was obfuscated using ZKM 9 and up, the strings will only be decrypted if the file lacks method parameter changes.
+The string encryption transformer (zelix.StringEncryptionTransformer) supports ZKM 5-8. If the file was obfuscated using ZKM 9 and up, the strings will only be decrypted if the file lacks method parameter changes.
 
-## Reference Obfuscation
-The reference obfuscation transformer supports both the non-invokedynamic and invokedynamic variants of the obfuscation, but only if method parameter changes aren't enabled. Note that you must use the string encryption transformer first if the decryptor methods are in a seperate class (or just always use string encryption transformer before this).
+## Reference/Reflection Obfuscation
+The reference obfuscation transformer supports both the non-invokedynamic and invokedynamic variants of the obfuscation, but only if method parameter changes aren't enabled. Note that you must use the Zelix string encryption transformer first, or the deobfuscation will fail. Also note that you must add the libraries to path or the deobfuscation will also fail!
+
+## Flow Obfuscation
+The flow obfuscation transformer should generally be applied after the string encryption transformer, but if a file was obfuscated with multiple layers of ZKM, you should instead use FlowObfuscationTransformer first. Also, the flow deobfuscation will be limited if the code was obfuscated with method parameter changes.
+
+## Transformers to Use
+You should stick to using zelix.StringEncryptionTransformer as it is the fastest and decrypts the most cases. It is not recommended to combine the zelix.string transformers with zelix.StringEncryptionTransformer.

src/main/java/com/javadeobfuscator/deobfuscator/Deobfuscator.java

@@ -342,6 +342,7 @@ public void start() throws Throwable {
                 logger.info("{}: {}", rule.getClass().getSimpleName(), rule.getDescription());
                 logger.info("\t{}", message);
                 logger.info("Recommend transformers:");
+                logger.info("(Choose one transformer. If there are multiple, it's recommended to try the transformer listed first)");
 
                 Collection<Class<? extends Transformer<?>>> recommended = rule.getRecommendTransformers();
                 if (recommended == null) {

src/main/java/com/javadeobfuscator/deobfuscator/executor/defined/JVMMethodProvider.java

@@ -435,6 +435,9 @@ public class JVMMethodProvider extends MethodProvider {
             put("getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;", (targetObject, args, context) -> MessageDigest.getInstance(args.get(0).as(String.class)));
             put("digest([B)[B", (targetObject, args, context) -> targetObject.as(MessageDigest.class).digest(args.get(0).as(byte[].class)));
         }});
+        put("java/security/MessageDigest$Delegate", new HashMap<String, Function3<JavaValue, List<JavaValue>, Context, Object>>() {{
+            put("digest([B)[B", (targetObject, args, context) -> ((MessageDigest)targetObject.as(Class.forName("java.security.MessageDigest$Delegate"))).digest(args.get(0).as(byte[].class)));
+        }});
         put("java/net/URL", new HashMap<String, Function3<JavaValue, List<JavaValue>, Context, Object>>() {{
         	put("toURI()Ljava/net/URI;", (targetObject, args, context) -> targetObject.as(URL.class).toURI());
             // Probably not an issue because you can't construct URLs yet

src/main/java/com/javadeobfuscator/deobfuscator/rules/Rules.java

@@ -40,9 +40,10 @@ public class Rules {
             // Stringer
             new RuleStringDecryptor(),
             new RuleStringDecryptorWithThread(),
+            new RuleStringDecryptorV3(),
+            new RuleHideAccess(),
             new RuleInvokedynamic1(),
             new RuleInvokedynamic2(),
-            new RuleStringDecryptorV3(),
 
             // Zelix
             new RuleSuspiciousClinit(),
@@ -52,6 +53,9 @@ public class Rules {
             new RuleMethodParameterChangeStringEncryption(),
 
             // Dash-O
-            new com.javadeobfuscator.deobfuscator.rules.dasho.RuleStringDecryptor()
+            new com.javadeobfuscator.deobfuscator.rules.dasho.RuleStringDecryptor(),
+            
+            // Allatori
+            new com.javadeobfuscator.deobfuscator.rules.allatori.RuleStringDecryptor()
     );
 }