Update dependencies and readme

README.md

@@ -20,24 +20,28 @@ The code on the left is a decompilation of an obfuscated app, and the code on th
 
 There are three parts to the project: smalivm, simplify, and the demo app.
 
-1. **smalivm**: Virtual machine library which can execute Android apps. It executes a method and returns a graph which contains the register and class values at every instruction for every possible execution path. It works even if certain values are unknown such as a network response from a server. If it encounters an `if` and doesn't know the values of the conditional, it assumes either branch could happen and executes both paths.
-2. **simplify**: Analyzes the graphs from **smalivm** and applies optimizations such as constant propagation, dead code removal, unreflection, and specific peephole optimizations. The optimizations are fairly simple, but when applied together and in succession, it can decrypt strings, peel back layers of obfuscation, and greatly simplify code.
-3. **demoapp**: Contains simple, heavily commented examples of how to use **smalivm**. It's a good place to start if you want to use smalivm in your own projects.
+1. **smalivm**: Provides a virtual machine sandbox for executing Dalvik methods. After executing a method, it returns a graph containing all possible register and class values for every execution path. It works even if some values are unknown, such as file and network I/O. For example, any `if` or `switch` conditional with an unknown value results in both branches being taken.
+2. **simplify**: Analyzes the execution graphs from **smalivm** and applies optimizations such as constant propagation, dead code removal, unreflection, and some peephole optimizations. These are fairly simple, but when applied together repeatedly, they'll decrypt strings, remove reflection, and greatly simplify code. It does *not* rename methods and classes.
+3. **demoapp**: Contains simple, heavily commented examples for using **smalivm** in your own project. If you're building something that needs to execute Dalvik code, check it out.
 
 ## Usage
 
 ```
 usage: java -jar simplify.jar <input> [options]
 deobfuscates a dalvik executable
- -et,--exclude-types <pattern>   Exclude classes and methods which include REGEX, eg: "com/android", applied after include-types
+ -et,--exclude-types <pattern>   Exclude classes and methods which include REGEX, eg: "com/android", applied after
+                                 include-types
  -h,--help                       Display this message
-    --include-support            Attempt to execute and optimize classes in Android support library packages, default: false
+    --include-support            Attempt to execute and optimize classes in Android support library packages, default:
+                                 false
  -it,--include-types <pattern>   Limit execution to classes and methods which include REGEX, eg: ";->targetMethod\("
-    --max-address-visits <N>     Give up executing a method after visiting the same address N times, limits loops, default: 10000
-    --max-call-depth <N>         Do not call methods after reaching a call depth of N, limits recursion and long method chains, default:
-                                 50
+    --max-address-visits <N>     Give up executing a method after visiting the same address N times, limits loops,
+                                 default: 10000
+    --max-call-depth <N>         Do not call methods after reaching a call depth of N, limits recursion and long method
+                                 chains, default: 50
     --max-execution-time <N>     Give up executing a method after N seconds, default: 300
-    --max-method-vists <N>       Give up executing a method after executing N instructions in that method, default: 1000000
+    --max-method-visits <N>      Give up executing a method after executing N instructions in that method, default:
+                                 1000000
     --max-passes <N>             Do not run optimizers on a method more than N times, default: 100
  -o,--output <file>              Output simplified input to FILE
     --output-api-level <LEVEL>   Set output DEX API compatibility to LEVEL, default: 15
@@ -74,11 +78,11 @@ java -jar simplify/build/libs/simplify.jar -it 'org/cf' simplify/obfuscated-exam
 
 ## Troubleshooting
 
-Simplify is in early stages of development. If you encounter a failure, try these recommendations, in order:
+If you encounter a failure, try these recommendations, in order:
 
-1. Include only a few methods or classes with `-it`.
+1. Only target a few methods or classes by using `-it` option.
 2. If failure is because of maximum visits exceeded, try using higher `--max-address-visits`, `--max-call-depth`, and `--max-method-visits`.
-3. Try with `-v` or `-v 2` and report the issue with the logs.
+3. Try with `-v` or `-v 2` and report the issue with the logs and a hash of the DEX or APK.
 4. Try again, but do not break eye contact. Simplify can sense fear.
 
 ## Contributing

build.gradle

@@ -46,9 +46,9 @@ subprojects {
 
     ext {
         depends = [
-                commons_lang   : 'org.apache.commons:commons-lang3:3.5',
+                commons_lang   : 'org.apache.commons:commons-lang3:3.6',
                 findbugs       : 'com.google.code.findbugs:jsr305:3.0.1',
-                guava          : 'com.google.guava:guava:19.0',
+                guava          : 'com.google.guava:guava:22.0',
                 junit          : 'junit:junit:4.12',
                 mockito        : 'org.mockito:mockito-core:1.10.19',
                 perfidix       : 'org.perfidix:perfidix:3.6.9',

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
-#Sat Jul 29 13:20:33 PDT 2017
+#Sun Jul 30 11:17:56 PDT 2017
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-all.zip

simplify/build.gradle

@@ -15,15 +15,15 @@ dependencies {
     compile depends.guava
 
     // CLI parsing
-    compile 'commons-cli:commons-cli:1.3.1'
+    compile 'commons-cli:commons-cli:1.4'
 
     // Primitive collections
     compile depends.trove4j
 
     // Logging
     compile depends.slf4j_api
-    compile 'ch.qos.logback:logback-core:1.1.11'
-    compile 'ch.qos.logback:logback-classic:1.1.11'
+    compile 'ch.qos.logback:logback-core:1.2.3'
+    compile 'ch.qos.logback:logback-classic:1.2.3'
 
     // Testing
     testCompile depends.junit

smalivm/build.gradle

@@ -9,7 +9,7 @@ buildscript {
 
 dependencies {
     // Object cloning
-    compile 'uk.com.robust-it:cloning:1.9.3'
+    compile 'uk.com.robust-it:cloning:1.9.5'
 
     // Easy method reflection
     compile 'commons-beanutils:commons-beanutils:1.9.3'

smalivm/src/main/java/org/cf/smalivm/dex/FrameworkJarBuilder.java

@@ -49,7 +49,7 @@ public static void main(String[] args) throws Exception {
         System.out.println("Building framework cache from " + resPath);
         String cache = buildFrameworkCache(resPath);
         String cacheFileName = "src/main/resources/framework_classes.cfg";
-        Files.write(cache, new File(cacheFileName), Charset.forName("UTF-8"));
+        Files.asCharSink(new File(cacheFileName), Charset.forName("UTF-8")).write(cache);
         System.out.println("Saved cache to " + cacheFileName + " (" + cache.getBytes().length + " bytes)");
 
         String outPath = args[1];