Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IllegalArgumentException: Opcode: IGET_OBJECT_QUICK #2089

Open
JordanSamhi opened this issue Jul 15, 2024 · 3 comments
Open

IllegalArgumentException: Opcode: IGET_OBJECT_QUICK #2089

JordanSamhi opened this issue Jul 15, 2024 · 3 comments

Comments

@JordanSamhi
Copy link
Contributor

Describe the bug
I recently came across a bug in Soot that prevents the loading bodies of methods. It seems the problem is related to Dexpler and opcodes. Have you ever come across this problem? (stack trace below).

Input file
Here are two examples of files for which the bug is triggered:
E29E97ADCCC17FAE4053002F978B331C3898CC97A31066B44E2CA24B12DA79FB
E14F0E92F5818687BD21EA939131DE8431347E2D1E515F85E874D449FD12966E

To reproduce
It used Soot programmatically but it can be reproduced like this:
java -jar soot.jar -src-prec apk -allow-phantom-refs -android-jars ./Android-platforms/ -f J -process-dir E14F0E92F5818687BD21EA939131DE8431347E2D1E515F85E874D449FD12966E.apk -process-multiple-dex

Stacktrace
Example of 2 stack traces:

[] Setting up environment...
[✓] Done.
[] Instrumentation in progress...
Exception in thread "main" Exception in thread "Thread-4" java.lang.IllegalArgumentException: Opcode: IGET_OBJECT_QUICK @ 0x2a2
at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:381)
at soot.dexpler.instructions.InstructionFactory.fromInstruction(InstructionFactory.java:48)
at soot.dexpler.DexBody.extractDexInstructions(DexBody.java:338)
at soot.dexpler.DexBody.(DexBody.java:272)
at soot.dexpler.DexMethod$1.getBody(DexMethod.java:116)
at soot.SootMethod.retrieveActiveBody(SootMethod.java:447)
at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1250)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
java.lang.IllegalArgumentException: Opcode: IGET_OBJECT_QUICK @ 0x2a2
at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:381)
at soot.dexpler.instructions.InstructionFactory.fromInstruction(InstructionFactory.java:48)
at soot.dexpler.DexBody.extractDexInstructions(DexBody.java:338)
at soot.dexpler.DexBody.(DexBody.java:272)
at soot.dexpler.DexMethod$1.getBody(DexMethod.java:116)
at soot.SootMethod.retrieveActiveBody(SootMethod.java:447)
at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1250)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

Process finished with exit code 1

Exception in thread "Thread-12" Exception in thread "main" java.lang.IllegalArgumentException: Opcode: IPUT_QUICK @ 0x1e4b
at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:381)
at soot.dexpler.instructions.InstructionFactory.fromInstruction(InstructionFactory.java:48)
at soot.dexpler.DexBody.extractDexInstructions(DexBody.java:338)
at soot.dexpler.DexBody.(DexBody.java:272)
at soot.dexpler.DexMethod$1.getBody(DexMethod.java:116)
at soot.SootMethod.retrieveActiveBody(SootMethod.java:447)
at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1250)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
java.lang.IllegalArgumentException: Opcode: IPUT_QUICK @ 0x1e4b
at soot.dexpler.instructions.InstructionFactory.fromOpcode(InstructionFactory.java:381)
at soot.dexpler.instructions.InstructionFactory.fromInstruction(InstructionFactory.java:48)
at soot.dexpler.DexBody.extractDexInstructions(DexBody.java:338)
at soot.dexpler.DexBody.(DexBody.java:272)
at soot.dexpler.DexMethod$1.getBody(DexMethod.java:116)
at soot.SootMethod.retrieveActiveBody(SootMethod.java:447)
at soot.PackManager.lambda$retrieveAllBodies$2(PackManager.java:1250)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

Process finished with exit code 1

Additional context
First time I come across this problem, ever happened to anyone else?
Should Dexpler be updated?
@JordanSamhi
Copy link
Contributor Author

E14F0E92F5818687BD21EA939131DE8431347E2D1E515F85E874D449FD12966E.zip
E29E97ADCCC17FAE4053002F978B331C3898CC97A31066B44E2CA24B12DA79FB.zip

@MarcMil
Copy link
Contributor

MarcMil commented Jul 17, 2024

Thanks for the APKs!

According to http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html, the instruction in question is "an unsafe instruction and occurs only in ODEX files."

A quote from Steven in this regard:

Problem with these odex instructions: They are of the format "call method with vtable entry X on register y". To get the target method, we need types. The code is however not typed till much later. This needs more attention at some point.

Originally posted by @StevenArzt in #331 (comment)

So it's not trivial to add support for this type of instructions. Unfortunately, I currently do not have the time to take a deeper look into this myself.

@JordanSamhi
Copy link
Contributor Author

Yes I guess it is not trivial, I mean it is fine, it is only a few APKs...
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarcMil @JordanSamhi