最新消息:20210816 当前crifan.com域名已被污染,为防止失联,请关注(页面右下角的)公众号

【未解决】dex2jar反编译dex后jar文件包含java代码:throw new VerifyError bad dex opcode

Java crifan 2305浏览 0评论
折腾:
【未解决】从不同版本的小花生apk中反编译出包含业务逻辑代码的dex和jar包源码
期间,发现dex2jar去反编译,提取出的jar包期间:
sh /Users/crifan/dev/dev_tool/android/reverse\ engineering/dex-tools/dex-tools-2.1-SNAPSHOT/d2j-dex2jar.sh -f com.huili.readingclub8725900.dex
结果输出一堆的错误,详见:
...
WARN: can't get operand(s) for move-result-object, wrong position ?
WARN: can't get operand(s) for cmpg-float, out-of-range or not initialized ?
Detail Error Information in File ./com.huili.readingclub8725900-error.zip
Please report this file to one of following link if possible (any one).
    
https://sourceforge.net/p/dex2jar/tickets/
    
https://bitbucket.org/pxb1988/dex2jar/issues
    
https://github.com/pxb1988/dex2jar/issues
    
[email protected]
java.util.IllegalFormatConversionException: d != java.lang.String
    at java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302)
    at java.util.Formatter$FormatSpecifier.printInteger(Formatter.java:2793)
    at java.util.Formatter$FormatSpecifier.print(Formatter.java:2747)
    at java.util.Formatter.format(Formatter.java:2520)
    at java.util.Formatter.format(Formatter.java:2455)
    at java.lang.String.format(String.java:2940)
    at com.googlecode.d2j.smali.BaksmaliDumpOut.s(BaksmaliDumpOut.java:68)
    at com.googlecode.d2j.smali.BaksmaliCodeDumper.visitFilledNewArrayStmt(BaksmaliCodeDumper.java:248)
    at com.googlecode.d2j.node.insn.FilledNewArrayStmtNode.accept(FilledNewArrayStmtNode.java:19)
    at com.googlecode.d2j.smali.BaksmaliDumper.accept(BaksmaliDumper.java:569)
    at com.googlecode.d2j.smali.BaksmaliDumper.baksmaliCode(BaksmaliDumper.java:544)
    at com.googlecode.d2j.smali.BaksmaliDumper.baksmaliMethod(BaksmaliDumper.java:482)
    at com.googlecode.d2j.smali.BaksmaliDumper.baksmaliMethod(BaksmaliDumper.java:428)
    at com.googlecode.dex2jar.tools.BaksmaliBaseDexExceptionHandler.dumpMethod(BaksmaliBaseDexExceptionHandler.java:148)
    at com.googlecode.dex2jar.tools.BaksmaliBaseDexExceptionHandler.dumpTxt0(BaksmaliBaseDexExceptionHandler.java:126)
    at com.googlecode.dex2jar.tools.BaksmaliBaseDexExceptionHandler.dumpZip(BaksmaliBaseDexExceptionHandler.java:135)
    at com.googlecode.dex2jar.tools.BaksmaliBaseDexExceptionHandler.dump(BaksmaliBaseDexExceptionHandler.java:92)
    at com.googlecode.dex2jar.tools.Dex2jarCmd.doCommandLine(Dex2jarCmd.java:120)
    at com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:290)
    at com.googlecode.dex2jar.tools.Dex2jarCmd.main(Dex2jarCmd.java:33)
且对于最后输出的jar包,用工具查看到java代码中,包含:
throw new VerifyError("bad dex opcode");
去换用其他工具试试是否也会报错:
【已解决】用jadx把安卓dex文件转换提取出jar包和java源代码
虽然树状显示不错,但是代码解析效果不行,且CPU占用率高卡死,放弃。
搜一下:
dex2jar  bad dex opcode
dex2jar源码解析—-解析dex文件<三> – 程序园
           tmp.init(frame);//用frame初始化tmp
            try {
                if (p.op != null) {
                    switch (p.op) {
                        case RETURN_VOID:
                            emit(nReturnVoid());//添加一个ReturnVoidStmt
                            break;
                        case GOTO:
                        case GOTO_16:
                        case GOTO_32:
                            emit(nGoto(getLabel(((JumpStmtNode) p).label)));
                            break;
                        case NOP:
                            emit(nNop());
                            break;
                        case BAD_OP:
                            emit(nThrow(nInvokeNew(new Value[]{nString("bad dex opcode")}, new String[]{
                                            "Ljava/lang/String;"},
                                    "Ljava/lang/VerifyError;")));
                            break;
                        default:
                            tmp.execute(p, interpreter);//缺省情况执行execute tmp为Dex2IrFrame
                            break;
                    }
                }
[BUG] incorrect handling of dex version 037 · Issue #194 · pxb1988/dex2jar
此处暂时无法解决。
VerifyError bad dex opcode
android-wear-decompile/FragmentTransitionCompat21.java at master · auxor/android-wear-decompile
auxor/android-wear-decompile
jakev/oat2dex-python: Extract DEX files from an ART ELF binary
Android逆向之路—脱壳360加固 – 知乎
Android逆向之路—脱壳360加固 – 简书
360加固源码分析
类com.stub.StubApp
public class StubApp
  extendsApplication
{
...
  static
  {strEntryApplication = "com.qihoo360.crypt.entryRunApplication";
    ?? = null;
    ?? = "libjiagu";loadFromLib = false;needX86Bridge = false;
    throw newVerifyError("bad dex opcode");
  }
好像此处是:360的加固?
反编译和逆向出现:java.lang.VerifyError(新问题样本) – Sky的专栏 – CSDN博客
“java.lang.VerifyError 新问题样本
1 反编译出问题的东西大部分在构造函数,init()方法大部分都出现在缺少return-void
2 当前类继承的interface,父类为java object ,出现 没有调用java object – > init()方法
对于以上问题,其实相关工具会在smali文件里面存在 #disallowed odex opcode错误,直接搜索就可以解决。”
New watchface for the Amazfit watch – Page 5
“09-11 23:16:39.974 19298-19298/? E/AndroidRuntime: FATAL EXCEPTION: main
Process: es.malvarez.mywatchfaces, PID: 19298
java.lang.VerifyError: bad dex opcode
     at com.huami.watch.watchface.util.Util.<clinit>(Unknown Source)
     at com.huami.watch.watchface.AbstractWatchFace.onCreate(Unknown Source)
     at android.app.ActivityThread.handleCreateService(ActivityThread.java:2761)”
【爱加密】Android APP怎样防止工具逆向破解_百度经验
Android java.lang.VerifyError for private method with annotated argument – Stack Overflow
android – Failed to verify dex: Bad method handle type 7 – Stack Overflow
apktool bad dex opcode
dex2jar bad dex opcode
Endless Frontier Modding MegaThread (Bypass Updates, Emulator Bypass, Revive Floors, Etc.) – Libre Boards
” static
  {
    JniLib.a(Checker.class, 22);
    throw new VerifyError(“bad dex opcode”);
  }”
dex2jar源码解析—-解析dex文件<三> – 程序园
“case BAD_OP:
                            emit(nThrow(nInvokeNew(new Value[]{nString(“bad dex opcode”)}, new String[]{
                                            “Ljava/lang/String;”},
                                    “Ljava/lang/VerifyError;”)));
                            break;”
只是知道是BAD_OP的case,但是不知道如何破解和避免啊
dex2jar BAD_OP
update-2017-10-21 by kind-john · Pull Request #147 · pxb1988/dex2jar
“case BAD_OP:
                            emit(nThrow(nInvokeNew(new Value[]{nString(“bad dex opcode”)}, new String[]{
                                            “Ljava/lang/String;”},
                                    “Ljava/lang/VerifyError;”)));
                            break;”
->
Java Code Examples
Protecting Mobile Networks and Devices: Challenges and Solutions – Google 图书
dex2jar源码解析—-解析dex文件 – new_abc的专栏 – CSDN博客
BAD_OP(-1, “bad-opcode”, null, kIndexNone, 0, false), //
Error when dex 2 jar · Issue #148 · gcacace/dex2jar
android bad dex opcode
“由于360加壳之后,更改了classloader,因此我们用原本的classloader是会报类无法被找到的异常的。
不过我们去分析源码便知道,我们要先hook到360的classloader,再从360的classloader里面获取到app运行时的类。”
还是看不太懂,如何操作才能hook出360的classloader
乐固加固脱壳实战 – faTe’s Home
解释的都看不懂
乐固壳分析 – bamb00 – 博客园
Android逆向之路—脱壳360加固 – 简书
去试试:WrBug的DumpDex
【已解决】用WrBug的DumpDex从app中hook导出dex文件

转载请注明:在路上 » 【未解决】dex2jar反编译dex后jar文件包含java代码:throw new VerifyError bad dex opcode

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
92 queries in 0.214 seconds, using 22.11MB memory