SG Features

1. SkidGui ASM Feature (Idea) List:
3.  
4. Constant Pool Editor:
5.     Implementations:
6.         - Swap out strings ("apple" for "orange")
7.         - Change type of a constant (Animal instead of GrizzlyBear)
8. Bytecode Editor:
9.     - Choose a class then a method. Displays one opcode per line. Right click the line for options (Edit opcode settings, Add before/after, remove)
10.     - Syntax highlighted
11.     - Sorted by SourceLine (If possible. Otherwise just in the order they naturally are in)
12. Bytecode Block Editor:
13.     - Bytecode editor but more modular. Copy / Paste / Add / Remove lines of opcodes at once. Ability to save these chunks for usage in other classes.
14.     - Auto logging insertion
15.     - Detect and insert code before/after entry point [public static void main(String[] args)]
16.     - Plugin System:
17.         - Example 1: Detect block of bytecode, replace with another block (Strind deobfuscation?)
18.         - Example 2: Detect main method, insert code
19. Custom Obfuscation:
20.     - Pattern naming, Randomized naming, Dictionary replacement naming
21.     - Iteration (Pass obfuscation multiple times)
22.     - Field Obfuscation
23.         - One field per class, a HashMap<String, Field>
24.         - Replace all field calls with Class.getFieldContainer().get(FieldName)
25.     - String Obfuscation
26.         - Different modes:
27.             - Method1: Replace LDC "whatever" with invocation of getText(KeyOfSomeKind) (getText is auto-generated so there is no local field)
28.             - Method2: Replace LDC "whatever" with invocation of getText(KeyOfSomeKind) (getText refers to encrypted String[]. Decrypted in the method)
29.             - Inline1: Replace LDC "whatever" with String concat (getCharacter(MathThatLeadsTo<Alphabet>_IntValue)+... for each character)
30.             - Inline2: Replace LDC "whatever" with multi-line nonsense that checks multiple similiar strings, but verifys the correct one by it's hashCode()
31.     - Class Structure Modification:
32.         - Flattening classes into a single class (If applicable, flattens classes that extend each other. If multiple classes extend a single class, this cannot be done without a lot of effort)
33.         - Expanding one class into multiple different classes (Limit number of declared fields/methods per class. So if the limit is 1 and a class has 20 fields/methods, it is split into 20 classes that all extend another and references the top-most class.)
34. Class Renamer:
35.     - Essentially JD-GUI with visuals, but clicking a class's name, parent name, field, method, local variable, etc. lets you rename the class.
36.     - Save the jar when complete or save mappings to a text file.
37. Class Relationship Viewer:
38.     - See a class's parent
39.     - See a class's implementations (Children)
40.     - See where a class is called
41.         - Options: [Include <Init> Call (Separate from other method calls)] [Include Method Calls] [Include Children's Method Calls] [Include Field References] [Include Children's Field References]
42. Jar Flow:
43.     - Start at main
44.     - Run through code
45.     - Ask user input when a jump node is met, where to land based on options.
46.     - Keep track of stack values
47.     - Print methods visited in order
48. Threat Scan:
49.     - Look through method code. Certain class references boost 'threat score' (TS)
50.     - URLs
51.         - If text, text is loaded. If the text contains a URL add TS
52.         - If binary, raise TS
53.     - Stripped debug information is a small TS boost (also an indicator of obfuscation)
54.     - JNI usage is instant TS boost
55.     - If code seems to be obfuscated, multiply final output by a percentage (Scale based on obfuscation obnoxiousness)
56.     - Print final threat score and break it up into sections for an easy to read report. Possibly make output an HTML/CSS/JS with closable/tabbable sections
57.  
58. Other notes:
59. For getting the method of obfuscated text:
60.     - Safe: Quarentine methods to an empty class and invoke there.
61.     - Unsafe: If the method referrs to other methods check if those methods assist in decryption. If they do anything warn that the method was ignored and the string or whatever could not safely be decrypted. (Prompt user to bytecode edit themselves then retry)