EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 02-27-2012, 18:59
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,619
Rept. Given: 794
Rept. Rcvd 1,261 Times in 549 Posts
Thanks Given: 182
Thanks Rcvd at 324 Times in 99 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Sorry for late repply....

Quote:
Originally Posted by chessgod101 View Post
I have done java cracking once before on a target call smart math calculator and another called graphing calculator 3d(both by the same company). I used the JD Decompiler and JBE(Java bytecode Editor). I could write a tutorial if anyone is interested.
It will be quite interesting and i will be more than happy to watch.
Reply With Quote
  #17  
Old 04-11-2012, 03:53
remal
 
Posts: n/a
I used to use ObjectWebs ASM (http://asm.ow2.org/) to disassemble Java bytecodes to Java code. Then modify that Java code, re-compile it, and use it to generate a proper bytecode file. It's a little bit round about but it works wonderfully and more versatile than patching alone.
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
besoeso (04-12-2012)
  #18  
Old 04-18-2012, 03:04
Mkz Mkz is offline
Friend
 
Join Date: Jan 2002
Posts: 88
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 1
Thanks Rcvd at 14 Times in 11 Posts
Mkz Reputation: 2
Hi

Just though I might add my own tip for cracking java.
Notice: I know how to program in java (I also know the bytecode of course), and at least some basics are needed even if just for patching an instruction - objects, stack, etc.

Well, since I don't usually run under a debugger (IDA or higher-level), what I do sometimes is have a static look at the code - normally with JD - and find interesting spots. Examples: encrypted strings, strange file accesses, etc. Just by the nature of the java.*.* objects being used, you often get a pretty good idea of what's going on, and those can never be obfuscated like the programmer's code.
Then you need to patch the framework's code itself. "String", for instance, is a class you can easily change. Just fetch the java rt sources (it comes with the sdk), copy it to your own version, and for instance in the constructor just do a "System.out.println(this);".
Want the stacktrace as well to know where this string was created? Just add another statement with "new Exception().printStackTrace();"

The only thing left is to make java use your version of the rt classes instead of the original ones. Just add this modifier to the invocation:
java ... -Xbootclasspath/p:my_path\my_jar_with_changed_stuff.jar ...
There you go. All constructed strings (a LOT) will be written to the console, followed by the stack trace of the place they were created.

Extending this technique, I once also did something with the java.lang.Exception class. Changed the source so that every single exception wrote the stack trace to a log (be it the captured ones, the ones that happen during regular class loading, etc.) - creates a huge log but also allows you to know about everything that got raised and might not be even been propagated to error windows or log files.
Since the output is so huge, I later added some logic to it: created a settings file that could be supplied in the command line and where one could create regular expressions for the stack traces to ignore in order to hide "normal" exceptions that are raised a lot.
Unfortunately, this was quite some time ago and I no longer have the code at hand. Still it's not hard for someone to do it if needed.
Reply With Quote
  #19  
Old 05-29-2012, 18:47
marrom79 marrom79 is offline
Friend
 
Join Date: May 2012
Location: BigIsland
Posts: 36
Rept. Given: 35
Rept. Rcvd 9 Times in 7 Posts
Thanks Given: 5
Thanks Rcvd at 2 Times in 2 Posts
marrom79 Reputation: 9
There is rather a new tool, very similar to JBE (JBE is obsolete as it won't "patch" all .class files reliably when select features of java 1.6 are used) it's called DirtyJOE. In my opinion, its the easiest way/tool to reverse java. DirtyJOE has an Opcode library that will let you know what that particular java opcode or "bytecode instruction" signifies... http://dirty-joe.com/

I'm also happy to help... clarify and instruction or if you are simply looking for a way to do something...

As a decompiler, I recommend using DJ as it is very quick and simple... http://java.decompiler.free.fr/?q=jdgui

the basics to reverse java are...
1.Serch for the code to be patched with DJ;
2.Use winRAR and extract the .class file containing the "magic" section of code;
3.Get cracking with dirtyJOE.

For JNLP applications, you need first to dig out the relevant .jar files... they are all in the java cache folder...

marrom
Reply With Quote
  #20  
Old 06-18-2012, 06:08
wassim_ wassim_ is offline
Friend
 
Join Date: Nov 2002
Posts: 99
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 4
Thanks Rcvd at 8 Times in 2 Posts
wassim_ Reputation: 2
Password sniffing in Java

This is just an idea, I don't actually know much about Java but I do understand that Java code runs in a virtual machine (JVM) which is essentially a set of DLLs on windows, so shouldn't there be a way to set breakpoints directly in these DLLs while the virtual machine is interpreting and running a jar?
This could be useful for sniffing serials and the like for example...
Reply With Quote
  #21  
Old 07-02-2012, 23:11
besoeso's Avatar
besoeso besoeso is offline
Family
 
Join Date: May 2010
Posts: 133
Rept. Given: 413
Rept. Rcvd 100 Times in 39 Posts
Thanks Given: 176
Thanks Rcvd at 17 Times in 11 Posts
besoeso Reputation: 100-199 besoeso Reputation: 100-199
Dr. Garbage Tools is a suite of Eclipse Plugins released under Apache Open Source license. Before is comercial.

-Bytecode Visualizer
  • inspect
  • understand
  • debug

-Sourcecode Visualizer
  • review
  • analyze
  • teach & learn
-Control Flow Graph Factory
  • generate
  • edit
  • export

http://www.drgarbage.com/index.html
Reply With Quote
The Following 2 Users Gave Reputation+1 to besoeso For This Useful Post:
chessgod101 (07-03-2012), Shub-Nigurrath (07-03-2012)
The Following User Says Thank You to besoeso For This Useful Post:
Artic (05-26-2015)
  #22  
Old 06-23-2013, 05:38
Bunshee
 
Posts: n/a
Hello,

Thats great, i have everything a Java Application that i will Reversing.
Its a Car ODB Application from VW, and its written in Java by T-Systems.

The Application loads yourself in a Java VM Bytecode Address to the Memory...

No Tool from here is now working.... why?
Reply With Quote
  #23  
Old 07-08-2013, 17:37
ballad88
 
Posts: n/a
ok. just study a java patch.
Reply With Quote
  #24  
Old 11-29-2013, 11:59
0xd0000 0xd0000 is offline
Family
 
Join Date: Nov 2013
Posts: 37
Rept. Given: 2
Rept. Rcvd 35 Times in 13 Posts
Thanks Given: 5
Thanks Rcvd at 0 Times in 0 Posts
0xd0000 Reputation: 35
My approach and personal favorites when approaching a Java Patch.

Use JD Gui to find what youre looking for and eventually JBE to patch, a recursive decompile with JAD and clear text search sometimes helps. JAD decompile can be done with cmd below. If you have multiple jars, just extract everything, then run the decompile.

JAD Recursive Decompile: for /R %F in (*.class) do jad -r -ff -s java %F

JD Gui - Must have, will allow full exploration of .JAR, as well as export of source.
http://jd.benow.ca/

JBE - Java Bytecode Editor can be used to patch whatever bytecode you desire, modifying the class directly without having to recompile. Will require more than a basic understanding of Java bytecode to use this effectively.
http://set.ee/jbe/

Once you have the patched .class you can simply just drop it back into the .jar with WinRar, or if you are working on a standalone .class then your basically done.

Hope this helps, patching Java can be interesting, especially ones that have string encryption functions.

I don't have direct links for these tuts, but they are pretty good, I will get them uploaded later.

Cracking_Java_programs_Part1_SND.zip
Cracking_Java_programs_Part2_SND.zip
Notes_on_reversing_and_cracking_Java_target_Part1_by_ThunderPwr.rar
Notes_on_reversing_and_cracking_Java_target_Part2_by_ThunderPwr.rar
Notes_on_reversing_and_cracking_Java_target_Part3_v1.2_by_ThunderPwr.rar

Last edited by 0xd0000; 11-29-2013 at 12:07. Reason: Update--
Reply With Quote
  #25  
Old 11-29-2013, 12:33
0xd0000 0xd0000 is offline
Family
 
Join Date: Nov 2013
Posts: 37
Rept. Given: 2
Rept. Rcvd 35 Times in 13 Posts
Thanks Given: 5
Thanks Rcvd at 0 Times in 0 Posts
0xd0000 Reputation: 35
Cracking_Java_programs_Part1_SND.zip
Cracking_Java_programs_Part2_SND.zip
Notes_on_reversing_and_cracking_Java_target_Part1_by_ThunderPwr.rar
Notes_on_reversing_and_cracking_Java_target_Part2_by_ThunderPwr.rar
Notes_on_reversing_and_cracking_Java_target_Part3_v1.2_by_ThunderPwr.rar


All packaged up here:

http://www.4shared.com/archive/x2N1Ns3R/Notes_On_Reversing_Java_Thunde.html
Reply With Quote
The Following 2 Users Gave Reputation+1 to 0xd0000 For This Useful Post:
uranus64 (11-29-2013), zeuscane (11-29-2013)
  #26  
Old 11-30-2013, 08:22
0xd0000 0xd0000 is offline
Family
 
Join Date: Nov 2013
Posts: 37
Rept. Given: 2
Rept. Rcvd 35 Times in 13 Posts
Thanks Given: 5
Thanks Rcvd at 0 Times in 0 Posts
0xd0000 Reputation: 35
This is new as of 11/29/2013

Java bytecode debugging
http://blog.rewolf.pl/blog/?p=786
Reply With Quote
  #27  
Old 12-10-2013, 12:41
0xd0000 0xd0000 is offline
Family
 
Join Date: Nov 2013
Posts: 37
Rept. Given: 2
Rept. Rcvd 35 Times in 13 Posts
Thanks Given: 5
Thanks Rcvd at 0 Times in 0 Posts
0xd0000 Reputation: 35
Adding another app here - Similar to JBE
You need to be regged on tuts4you

http://forum.tuts4you.com/topic/33703-methodbodyeditor-for-java/


MethodBodyEditor for Java
A Java class editor
Just Open the desired Java class (File->Open)
and then select the desired method from "Methods" tree
after that you will see a list with all instructions
of selected method. In order to edit instructions
double click on instruction or do a right click on the instruction
and select from menu "Show Opcode"
then simple enter the hexadecimal opcodes of new instructions
and click OK.
Finally save with File->Save.
Reply With Quote
  #28  
Old 07-05-2014, 19:40
CodeCracker CodeCracker is offline
Family
 
Join Date: Jun 2011
Posts: 81
Rept. Given: 12
Rept. Rcvd 180 Times in 35 Posts
Thanks Given: 3
Thanks Rcvd at 215 Times in 45 Posts
CodeCracker Reputation: 100-199 CodeCracker Reputation: 100-199
Try BcelEditor

MethodBodyEditor for Java is for simple patches!

Try BcelEditor - full class editor, similar with CCK (Class Construction Kit).

Best regards,
CoeCracker
Attached Files
File Type: zip BcelEditor.zip‎ (493.8 KB, 63 views)
Reply With Quote
The Following 5 Users Gave Reputation+1 to CodeCracker For This Useful Post:
chessgod101 (07-05-2014), quygia128 (07-11-2014), TechLord (07-10-2014), wilson bibe (07-06-2014), Youtoo (07-06-2014)
The Following User Says Thank You to CodeCracker For This Useful Post:
niculaita (01-11-2016)
  #29  
Old 09-25-2014, 15:02
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 384
Rept. Given: 456
Rept. Rcvd 435 Times in 177 Posts
Thanks Given: 112
Thanks Rcvd at 58 Times in 35 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
JD-GUI 0.3.7

Changelog:
Quote:
17 Aug 2014
Improved exploration of class files by replacing the modal dialogs by "stay on top" windows.
JD-GUI includes JD-Core 0.7.1.
Download:
http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.7-RC-1.windows.zip
Reply With Quote
  #30  
Old 10-14-2014, 22:04
CRC32 CRC32 is offline
Friend
 
Join Date: Oct 2014
Posts: 7
Rept. Given: 6
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 9
Thanks Rcvd at 1 Time in 1 Post
CRC32 Reputation: 0
JBE is really a good program.
But as far as I can see it, you can not directly change the opcodes in the program.
Should I fool myself, let me know.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Java Cracking... deephousederek General Discussion 5 05-17-2005 07:55


All times are GMT +8. The time now is 13:35.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX