Decompile FILENAME_qml.cpp

fcarney · wrote on 30 Apr 2021, 14:22

@wink said in Decompile FILENAME_qml.cpp:

this is the complete content of the file "Marker_qml.cpp"

Okay, this is not text data. This is probably bytecode of converting QML to a compiled form. I don't know how to reverse that.

As for the exe. Get a hex editor and look through the exe and see if the qml files are attached. Someone posted a while back about this. So there may be examples in the forum on how to do this. The post was worried about disclosing code because it was attaching qml to the exe even though it was compiling the qml. I cannot remember if this was a bug or not.

fcarney · 30 Apr 2021, 14:35

I am looking at our exe and I am not seeing human readable qml. What version of qml are you using? They may have fixed not including source in newer versions of qt. We are using 5.15.1.

wink · wrote on 30 Apr 2021, 14:33

Yeah, I have read that post.
As long as you just put your qml files into the qrc, they are indeed visible as pure text inside the executable.

The problem is that I compiled the project with the statement

CONFIG += qtquickcompiler

which leads to the qml files being "compiled" to the *_qml.cpp files as the one I listed above. The C++ compiler/linker then puts them into the binary.

I can see some traces of them in the binary, but it's not realy readable and it does not allow me to regenerate my original qml file.

wink · wrote on 30 Apr 2021, 14:35

@fcarney I'm using Qt 5.15.2

KH-219Design · wrote on 30 Apr 2021, 17:21

There was an interesting thread about this recently.

Take a look over here: https://forum.qt.io/topic/121561/compiled-qml-sources-visible-inside-executable

There are python snippets showing how to paste the hex into a python script and get back human-readable text. (search for "bytearray" in at least 3 places)

If your bytes have also been compressed, then you will also need the zlib-flate -uncompress ... stuff at the end.

Feel free to post back questions here on this current thread after you look that over.

KH-219Design · wrote on 30 Apr 2021, 17:27

Apologies, I just noticed that you mentioned you already read that thread.

Looking at your hex, I realize that yours does not seem to have the 78 9C marker that would indicate that zlib is relevant.

Hmmm...

KH-219Design · 2 May 2021, 15:58

@wink said in Decompile FILENAME_qml.cpp:

Qt 5.15.2

The tag for qtdeclarative sub-project at 5.15.2 seems to be 104eae5

Therefore, using 104eae5 in the URLs (below), the relevant Qt code that would have (I think?) generated that hex is the code in:

I have not yet skimmed the code, but maybe it contains more clues...

wink · wrote on 2 May 2021, 15:58

@KH-219Design Hi and thanks for your input! I'm not familiar with the files that you linked to. Are you suggesting that they might contain the "key" to decompile my files?

I'll be away for one week and unfortunately not be able to connect to the forum, but I'll get back to you when I come back.

cheers
Wink!

wink · wrote on 11 May 2021, 06:29

@KH-219Design Hi again!
I've checked the code you linked to and even if I have found some very interesting parts like the function "compileQmlFile", I cannot seem to find a way to uncompile the qml.cpp file.

If anyone has an idea I'd be happy :)

good day
Wink

KH-219Design · 12 May 2021, 08:04

The only other line of thinking I have right now is based on this idea:

It should be less significant which Qt version you have now, and more significant to know which Qt version was used to compile the binaries you are decompiling.

If you cannot be certain that 5.15 was used when the binaries were created, then it seems quite plausible that they were created prior to this qtdeclarative commit (41864db3b61d9e8). That commit explains that prior to 5.15, the original QML content was routinely stripped, leaving only the compiled bytecodes in the binary. That would explain why all the "tricks" from https://forum.qt.io/topic/121561/compiled-qml-sources-visible-inside-executable are utterly ineffective in your case.

If truly all you have is the bytecodes, then I do think your only hope would be to "master the bytecode semantics" and learn how to interpret raw bytecode. But at that point there probably isn't a way to ever have the "one true answer" to the question of "what did the original QML content look like?" The analogous situation would be to attempt to reconstruct C/C++ code using only the generated assembly language. It is in some sense "impossible" to arrive at the one correct answer, because a variety of differently-written C/C++ routines could end up generating the same assembly language. So "going backwards" the assembly language could map to many possibilities with no way to know which one was actually used.

I, too, would love to learn any other interesting fact or approach that others have in mind.

wink · wrote on 12 May 2021, 08:04

@KH-219Design Hi and thank you for your long message!
Well I think I will have to live with the fact that I have to rewrite the components.
I'm already at the point where I have spent too much time trying to recover, so I better start rewriting... :)
Thanks a lot for your help!

best wishes
Wink!