Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   java cracking (https://forum.exetools.com/showthread.php?t=13074)

ChupaChu 11-06-2010 17:09

java cracking
 
I have run into interesting program.. its registration algorithms are completely in java, so I used IDA to disassemble a class file named something like "license_check.class" and it looks very easy to crack it.. but i did not know java opcodes, so i googled it up here:
http://en.wikipedia.org/wiki/Java_bytecode_instruction_listings

I'm still looking for "olly" like debugger for java, capable to do patches on the fly..

Is there anything like that?

p.s.
you can PM me with info if you don't want to reply here.

THANKS!

besoeso 11-06-2010 18:03

you decompile the Java program with JD and then debug it with JDebugTool.

After load in Eclipse IDE, go to hot zone, patch it and compile.

Tools:

JD: http://java.decompiler.free.fr/

JDebugTool: http://www.debugtools.com/

Eclipse ide: http://www.eclipse.org/downloads/

ChupaChu 11-07-2010 03:14

thanks mate, JD, and JDebugTool downloaded.. now downloading Eclipse IDE for Java Developers, (99 MB) will try and see how it goes.

Any good tutorials for JdebugTool usage, tips&tricks or similar?

2late 11-07-2010 11:09

Quote:

Originally Posted by ChupaChu;70134I used IDA to disassemble a class file...
...[url
http://en.wikipedia.org/wiki/Java_bytecode_instruction_listings[/url]

A few weeks ago I used the same method; and still prefer patching instead of recompiling that requires installing seldom used bloatware.
DJ (http://www.neshkov.com/dj.html) has bytecode, sourcecode, and hex views, unfortunately those aren't synchronized (like the source/hex views in IDA).
Some good info on Java decompilers is at http://strategoxt.org/Transform/JavaDecompilers

Regards

NeOXOeN 11-08-2010 22:55

all tools that you need are up there.. only java sdk is missing:P

romero 11-11-2010 06:16

2 Attachment(s)
2 nice tuts

nuemga2000 11-11-2010 18:57

Quote:

Originally Posted by NeOXOeN (Post 70171)
all tools that you need are up there.. only java sdk is missing:P

Which SDK is missing ? ...
... you can download the "normal" Java SDK's from SUN (Oracle) :
hxxp://www.oracle.com/technetwork/java/index.html

ChupaChu 11-13-2010 05:22

IMHO IDA is excellent tool, we only lack a plugin that would act like when you hit "space" on code in olly - to accept new line of code, transcodes it into java opcodes, adjusts ponters and saves modified codes to some file.

Anyone ever hear of similar plugin for ida? Manually patchig byte by byte is PITA.
Not to mention recompiling never really worked for me, as no java coding experience here..

tonyweb 01-11-2011 02:55

Well my 2 cents ...
I feel quite comfortable with tools like CCK (Class Construction Kit) and the new (not so stable) JBE (Java Bytecode Editor) ... :)

These are very useful for "small" patches because they allow to not recompile all stuff ;)
However IMHO for all serious patches ... you have to recompile (even if most of the time you need a linux or mac box (or VM image :D) ... for the case-sensitiveness)

Best Regards,
Tony

hobgoblin 01-24-2011 02:21

Java tuts
 
Thanks for the java tuts above. Interesting field....:-)

cw2k 06-27-2011 18:16

Well JD andDJ Java 3.11.95(2009) with JAD Jad 1.5.8g(2001).7z is nice to see what's going on in the code.
When you just like to do some little magic:rolleyes: - compiling the whole class file is often really painful, error prune or even not possible since there are to many errors / missing classes or whatever problems...

Before I open the *.class in IDA(enable in option/Disam/opcode byte=3) and a hexeditor. And wow the
CCK (Class Construction Kit)was a real revelation to me and exactly what I was looking for !!! :D
http://bcel.sourceforge.net/cck2_2.gif
(^As long as the [img] tag is not working here. you need the click")
Beside modifying the bytecode (That JBE also does) you can also delete or add lines and when doing so CCK also takes care about updating jmp and goto references.

Installation took me some time because I just downloaded BCEL.jar and tried to figure out how to run it. Well DL
http://bcel.sourceforge.net/downloads/BCEL.jar and
http://bcel.sourceforge.net/downloads/cck.jar
and then run it with
java.exe -jar cck.jar

Btw. if you like associate *.jar with javaw.exe like this. ;) Well you can do it the clicky-clicky-way or in like this <windowskey+run>"cmd"<Enter>
Code:

>assoc .jar
.jar=WinRAR  <-wuups :D

>assoc .jar=jar_file
>ftype jar_file=%ProgramFiles%\Java\jdk1.6.0_26\jre\bin\javaw.exe -jar "%1"


sendersu 06-27-2011 22:32

Hi all
my 5 cents into java RE-ng

there is a very nice tool called JMD, just give it a try when you see strings encrypted inside your files

nice video tut:
http://invokestatic.org/?p=88

chessgod101 06-28-2011 02:11

I have done java cracking once before on a target call smart math calculator and another called graphing calculator 3d(both by the same company). I used the JD Decompiler and JBE(Java bytecode Editor). I could write a tutorial if anyone is interested.

CodeCracker 06-29-2011 18:03

Cracking Java programs Part1/Part2:
http://forum.tuts4you.com/index.php?showtopic=19653

jacalhu 08-30-2011 10:20

java-decompiler web link:

http://www.java-decompiler.com/


All times are GMT +8. The time now is 18:04.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX