I'm new to Java and was hoping someone could help me explain an issue. I am following this blog post that covers the reverse-engineering of a malicious Android APK file.
In the decompiled Java code, there is a string obfucation method that appears thousands of times in the code:
private static String $(int i, int i2, int i3) {
char[] cArr = new char[i2 - i];
for (int i4 = 0; i4 < i2 - i; i4++) {
cArr[i4] = (char) ($[i + i4] ^ i3);
}
return new String(cArr);
}
Also in the code are calls that appear to use this method, such as $(556, 664, 4277)
I am having trouble deobfuscating the string. I know I can define a locally-scoped variable and use that to print out the decoded string, but I am not sure how that would look in Java. Can anyone provide an an example of how this would look?
I am certain that my attempts are incorrect. I am now motivated to actually learn Java, but I'd really like to understand what I'm doing wrong:
public static String $(int i, int i2, int i3) {
char[] cArr = new char[i2 - i];
for (int i4 = 0; i4 < i2 - i; i4++) {
cArr[i4] = (char) ($[i + i4] ^ i3);
}
return new String(cArr);
}
var obfuscatedString = $(556, 664, 4277);
System.out.println(obfuscatedString);
I think it might be helpful to have a version of the code where the parameters and variables have better names that are easier to understand. The decompiler is just assigning meaningless names of
i,i2, etc. to all theintvariables.I am making this a Community Wiki. If you feel the method can be made even more readable, feel free to contribute edits. I have introduced a temporary variable,
length, but I left the name of the method as$and the external array of char that is being deobfuscated as$because those symbols are referenced externally and so would need to remain the same if the rewritten method were to replace the original one.