The offset can be positive or negative and it is calculated from the offset of the starting byte of the instruction. The offset is always interpreted in words (2 bytes per 1 offset value increment/decrement). Negative offset is stored in two's complement format. The current position is the offset of the starting byte of the instruction.
## file UTF-8
# format : ? x=y
#?为大写貌似是静态吗,因为在public class InitOut里方法private void doMethod(String owner, ClassInfo.MemberInfo member, int x)有句sb.append(AccUtils.isStatic(member.access) ? "M" : "m");
#重命名包a为pa
p a=pa
#重命名类a为C000_a
c a/a=C000_a
#重命名方法名a为Ma
m a/a.a()=Ma
#重命名字段名a为Fa
f a/a.a=Fa
## file UTF-8
## format : pqx=y
##
## p is as follow:
## a comment line config starts with '#';
## a field or method line config starts with 'F', 'M', 'f',or 'm';
## a class line config starts with 'C',or 'c';
## a package line config starts with 'P',or 'p';
## a @ line config starts with '@';
##
## q ?, but a space is ok
如果打不开,下面是拷贝过来的。
●
Introduction
dex-tool-0.0.9.8 add support to DeObfuscate a jar
●
Details
●
The Problem
for a Obfuscated jar like this
package a; public class a { static String a = "Hello"; static void a() { System.out.println(a); } public static void main(String[] args) { a(); } }
all package,class,field,method names are 'a', which is difficult to read.
●
DeObfuscate It
run the following command
#generate a 'suggest' config for rename d2j-init-deobf -f -o init.txt a.jar
we got a init.txt
p a=pa c a/a=C000_a m a/a.a()=Ma m a/a.a=Fa
which means
#rename package a to pa p a=pa #rename class a to C000_a c a/a=C000_a #rename method a to Ma m a/a.a()=Ma #rename field a to Fa m a/a.a=Fa
modify init.txt to
#rename package a to hello p a=hello #rename class a to World c a/a=World #rename method a to say m a/a.a()=say #rename field a to message m a/a.a=message
and run
d2j-jar-remap -f -c init.txt -o a-deobf.jar a.jar
now we get the comfortable source
package hello;
import java.io.PrintStream;
public class World { static String message = "Hello";