开发者

Java how do you deobfuscatate shift and & values?

开发者 https://www.devze.com 2023-03-22 07:14 出处:网络
Lets say I got this for example (from java obfuscation) with a highly overflowed shift value x = buffer[count + -3] << 0x8f553768 & 0xff00

Lets say I got this for example (from java obfuscation) with a highly overflowed shift value

x = buffer[count + -3] << 0x8f553768 & 0xff00

From trying I figured this out..

8 = 0x ff 00

16 = 0x ff 00 00

24 = 0x ff 00 00 00

pretty much I am deobfuscatating to look like this.

x = ((buffer[coint - 3] << 8) & 0xff)

I got most of it working like flipping the [+ -] to [- +] all this is easy to fix.. But these shifts are really giving me a hard time.

I found a technique of using AND on the value like 0x8f553768 & 31 which gives the proper answer of 8 etc.. Then I would convert 0xff00 to the equivalent of unsigned byte.. which is 0xff

My question is how do I lower the bitmasks to it's proper values.. say this example

i1 << 0xf7c13d2a & 0xfc00      /开发者_运维知识库/Aka 0xf7c13d2a & 31 == 10

which I got down to..

i1 << 10 & 0xfc00

how do I lower the 0xfc00 to it's proper value?

I took a guess should look like this

i1 << 10 & 0x3f

but whats the formula to lower AND values?


Haha solved my brain did the calculation in its head..

damn why do answers come so hard for me..

i1 << 10 & 0xfc00

then you do

0xfc00 >> 10 which gives you 0x3f

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号