Skip to main content

How to identify classes to be excluded when using Android Obfucate App Logic (--smali_renames_all )

Pascal Fichet
  • Updated

How to

If the customer's build includes smali rename, check in the logs if an entry for a class that cannot be found.

Look for these key words:

  • exception
  • class
  • fatal
  • invalid reference
  • not found
  • missing variable
  • class not found
  • cannot access class
  1. Open the log
  2. Search for the "fatal" exception or crash.
  3. Read the fatal exception or crash looking for "invalid reference" or "not found" or "missing variable" or "class not found" or "cannot access class" etc.

If any is found and you can see an obfuscated class in the crash logs, we will need to try to setup an obfuscation exclusion for this class

  1. Get the TaskID and put it into the Support Portal on FAC (get to the app)
  2. Download the "Build" reproduction bundle as well as the non-protected binary, it will include 
    1. a script to deobfuscate: fix_renames.py
    2. a mapping file: proguard_mapping.txt
  3. you can also download the "Obfuscation map" from the signing task, it will include:
    1. a script to deobfuscate: deobfuscate_mapping_script_315d1640-0ad5-11ee-bb12-9974d7af404c.py
    2. a mapping file: mapping.txt
  4. Open the reproduction bundle and locate the "fix_renames.py" file.
  5. Copy the part of the logs where the crash is and that you need to debobfuscate, then create a file from it. (i.e.: logs.txt)

--------- beginning of crash
06-10 19:28:50.307 24279 24809 E AndroidRuntime: FATAL EXCEPTION: DefaultDispatcher-worker-2
06-10 19:28:50.307 24279 24809 E AndroidRuntime: Process: co.id.bankbsi.superapp.dev, PID: 24279
06-10 19:28:50.307 24279 24809 E AndroidRuntime: java.lang.RuntimeException: Cannot find implementation for co.id.s7f4fb809.m0fd276d0.h3b0b4a4a.f1a97b4bd.r1937bb00.mb471c6c6. r1937bb00_mb471c6c6_Impl does not exist
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at androidx.room.Room.getGeneratedImplementation(Room.kt:58)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at androidx.room.RoomDatabase$Builder.build(RoomDatabase.kt:1356)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at co.id.s7f4fb809.m0fd276d0.h3b0b4a4a.f1a97b4bd.r1937bb00$u5124e334.getInstance(CacheStorage.kt:22)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at co.id.s7f4fb809.m0fd276d0.h3b0b4a4a.f1a97b4bd.yba7de75d$obf99a533$z6c1d7b71$2.invokeSuspend(APICache.kt:45)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at g2d6d55b2.i89fbea51.e32798a8b.u183413e2.h73fb6fd5.resumeWith(ContinuationImpl.kt:33)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at y6e6e4aa9.i89fbea51.ra0c02567.run(DispatchedTask.kt:106)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at y6e6e4aa9.i89fbea51.u183413e2.md42b0e39.run(LimitedDispatcher.kt:42)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at y6e6e4aa9.i89fbea51.v3c8d294c.l3cf86ef5.run(Tasks.kt:95)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at y6e6e4aa9.i89fbea51.v3c8d294c.kbbb818bc.x3a974cf9(CoroutineScheduler.kt:570)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at y6e6e4aa9.i89fbea51.v3c8d294c.kbbb818bc$s0cecb306.o4e46819b(CoroutineScheduler.kt:750)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at y6e6e4aa9.i89fbea51.v3c8d294c.kbbb818bc$s0cecb306.runWorker(CoroutineScheduler.kt:677)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at y6e6e4aa9.i89fbea51.v3c8d294c.kbbb818bc$s0cecb306.run(CoroutineScheduler.kt:664)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: Suppressed: y6e6e4aa9.i89fbea51.t7b9feeed: [fdfe6c0f9{Cancelling}@7398e99, Dispatchers.IO]
--------- switch to main

  1. Open a terminal and enter:
    python3 fix_renames.py logs.txt > deob.txt
  2. deob.txt file will be translated to real class names (not obfuscated)
--------- beginning of crash
06-10 19:28:50.307 24279 24809 E AndroidRuntime: FATAL EXCEPTION: DefaultDispatcher-worker-2
06-10 19:28:50.307 24279 24809 E AndroidRuntime: Process: co.id.bankbsi.superapp.dev, PID: 24279
06-10 19:28:50.307 24279 24809 E AndroidRuntime: java.lang.RuntimeException: Cannot find implementation for co.id.bankbsi.core.network.cache.CacheStorage.mb471c6c6. r1937bb00_mb471c6c6_Impl does not exist
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at androidx.room.Room.getGeneratedImplementation(Room.kt:58)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at androidx.room.RoomDatabase$Builder.build(RoomDatabase.kt:1356)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at co.id.bankbsi.core.network.cache.CacheStorage$Companion.getInstance(CacheStorage.kt:22)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at co.id.bankbsi.core.network.cache.APICache$Builder$check$2.invokeSuspend(APICache.kt:45)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)
06-10 19:28:50.307 24279 24809 E AndroidRuntime: Suppressed: kotlinx.coroutines.DiagnosticCoroutineContextException: [fdfe6c0f9{Cancelling}@7398e99, Dispatchers.IO]
--------- switch to main

=> we can observe that the line for the crash was originally:

06-10 19:28:50.307 24279 24809 E AndroidRuntime: java.lang.RuntimeException: Cannot find implementation for co.id.s7f4fb809.m0fd276d0.h3b0b4a4a.f1a97b4bd.r1937bb00.mb471c6c6. r1937bb00_mb471c6c6_Impl does not exist

then it was deobfuscated to :

06-10 19:28:50.307 24279 24809 E AndroidRuntime: java.lang.RuntimeException: Cannot find implementation for co.id.bankbsi.core.network.cache.CacheStorage.mb471c6c6. r1937bb00_mb471c6c6_Impl does not exist

 

-> So it seems like the "co.id.bankbsi.core.network.cache.CacheStorage" is what needs to be excluded but let's continue.


3- To understand what needs to be put in the exclusion, open up the binary into jadx

and browse to the identified class. Then check what the parent folder is...

co.id.bankbsi.core.network.cache

is the value that need to be excluded and put into the exclusion file.

 

 

Formatting

1-back parameter:

--smali_renames_classes_extend_list

2- formatting

  • A raw text file, with or without extension

  • Separator can be dot or slashes
    • co.id.bankbsi.core.network.cache
    • co/id/bankbsi/core/network/cache
      are both valid

  • Wild cards
    If you add a wild card at the end of the string, we will look to exclude all children folders so be careful in using it.
    In the example above: co.id.bankbsi.core.network.cache
    setting up: co.id.bankbsi.core.network.cache* or co.id.bankbsi.core.network.cache.* => would cause the exclusion to NOT work / not be correctly applied

 

 

Note 1:

As of today, Jun14th, the UI filed for exclusion and the backend exclusion list are NOT merged.

Anything added to the UI when a backend exclusion is setup will be disregarded. 

Ongoing NF to have both list merged.

 

Note 2:

In case the exclusion does not work, check in the new logs and in the new mapping files if the class you excluded is still in the mapping file or in the logs. This would mean that your exclusion was not effective.

 

 

 

 

 

Another example:

1- original logs:

--------- beginning of crash
06-09 13:53:49.800 E/AndroidRuntime(17189): FATAL EXCEPTION: main
06-09 13:53:49.800 E/AndroidRuntime(17189): Process: br.com.foxbit.foxbitandroid, PID: 17189
06-09 13:53:49.800 E/AndroidRuntime(17189): java.lang.UnsatisfiedLinkError: No implementation found for void c6d42652e.be8f36271.m47d0f496.ke1f828e7.__put(java.lang.String, java.lang.String) (tried Java_c6d42652e_be8f36271_m47d0f496_ke1f828e7__1_1put and Java_c6d42652e_be8f36271_m47d0f496_ke1f828e7__1_1put__Ljava_lang_String_2Ljava_lang_String_2)

2- same logs displayed with fix_renames.py

--------- beginning of crash
06-09 13:53:49.800 E/AndroidRuntime(17189): FATAL EXCEPTION: main
06-09 13:53:49.800 E/AndroidRuntime(17189): Process: br.com.foxbit.foxbitandroid, PID: 17189
06-09 13:53:49.800 E/AndroidRuntime(17189): java.lang.UnsatisfiedLinkError: No implementation found for void com.snappydb.internal.DBImpl.__put(java.lang.String.........

3- add com.snappydb.internal.DBImpl to the --smali_renames_classes_extend_list (as a file, with dots)

Comments

0 comments

Article is closed for comments.