Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   java cracking (https://forum.exetools.com/showthread.php?t=13074)

ChupaChu 11-06-2010 17:09

java cracking
 
I have run into interesting program.. its registration algorithms are completely in java, so I used IDA to disassemble a class file named something like "license_check.class" and it looks very easy to crack it.. but i did not know java opcodes, so i googled it up here:
http://en.wikipedia.org/wiki/Java_bytecode_instruction_listings

I'm still looking for "olly" like debugger for java, capable to do patches on the fly..

Is there anything like that?

p.s.
you can PM me with info if you don't want to reply here.

THANKS!

besoeso 11-06-2010 18:03

you decompile the Java program with JD and then debug it with JDebugTool.

After load in Eclipse IDE, go to hot zone, patch it and compile.

Tools:

JD: http://java.decompiler.free.fr/

JDebugTool: http://www.debugtools.com/

Eclipse ide: http://www.eclipse.org/downloads/

ChupaChu 11-07-2010 03:14

thanks mate, JD, and JDebugTool downloaded.. now downloading Eclipse IDE for Java Developers, (99 MB) will try and see how it goes.

Any good tutorials for JdebugTool usage, tips&tricks or similar?

2late 11-07-2010 11:09

Quote:

Originally Posted by ChupaChu;70134I used IDA to disassemble a class file...
...[url
http://en.wikipedia.org/wiki/Java_bytecode_instruction_listings[/url]

A few weeks ago I used the same method; and still prefer patching instead of recompiling that requires installing seldom used bloatware.
DJ (http://www.neshkov.com/dj.html) has bytecode, sourcecode, and hex views, unfortunately those aren't synchronized (like the source/hex views in IDA).
Some good info on Java decompilers is at http://strategoxt.org/Transform/JavaDecompilers

Regards

NeOXOeN 11-08-2010 22:55

all tools that you need are up there.. only java sdk is missing:P

romero 11-11-2010 06:16

2 Attachment(s)
2 nice tuts

nuemga2000 11-11-2010 18:57

Quote:

Originally Posted by NeOXOeN (Post 70171)
all tools that you need are up there.. only java sdk is missing:P

Which SDK is missing ? ...
... you can download the "normal" Java SDK's from SUN (Oracle) :
hxxp://www.oracle.com/technetwork/java/index.html

ChupaChu 11-13-2010 05:22

IMHO IDA is excellent tool, we only lack a plugin that would act like when you hit "space" on code in olly - to accept new line of code, transcodes it into java opcodes, adjusts ponters and saves modified codes to some file.

Anyone ever hear of similar plugin for ida? Manually patchig byte by byte is PITA.
Not to mention recompiling never really worked for me, as no java coding experience here..

tonyweb 01-11-2011 02:55

Well my 2 cents ...
I feel quite comfortable with tools like CCK (Class Construction Kit) and the new (not so stable) JBE (Java Bytecode Editor) ... :)

These are very useful for "small" patches because they allow to not recompile all stuff ;)
However IMHO for all serious patches ... you have to recompile (even if most of the time you need a linux or mac box (or VM image :D) ... for the case-sensitiveness)

Best Regards,
Tony

hobgoblin 01-24-2011 02:21

Java tuts
 
Thanks for the java tuts above. Interesting field....:-)

cw2k 06-27-2011 18:16

Well JD andDJ Java 3.11.95(2009) with JAD Jad 1.5.8g(2001).7z is nice to see what's going on in the code.
When you just like to do some little magic:rolleyes: - compiling the whole class file is often really painful, error prune or even not possible since there are to many errors / missing classes or whatever problems...

Before I open the *.class in IDA(enable in option/Disam/opcode byte=3) and a hexeditor. And wow the
CCK (Class Construction Kit)was a real revelation to me and exactly what I was looking for !!! :D
http://bcel.sourceforge.net/cck2_2.gif
(^As long as the [img] tag is not working here. you need the click")
Beside modifying the bytecode (That JBE also does) you can also delete or add lines and when doing so CCK also takes care about updating jmp and goto references.

Installation took me some time because I just downloaded BCEL.jar and tried to figure out how to run it. Well DL
http://bcel.sourceforge.net/downloads/BCEL.jar and
http://bcel.sourceforge.net/downloads/cck.jar
and then run it with
java.exe -jar cck.jar

Btw. if you like associate *.jar with javaw.exe like this. ;) Well you can do it the clicky-clicky-way or in like this <windowskey+run>"cmd"<Enter>
Code:

>assoc .jar
.jar=WinRAR  <-wuups :D

>assoc .jar=jar_file
>ftype jar_file=%ProgramFiles%\Java\jdk1.6.0_26\jre\bin\javaw.exe -jar "%1"


sendersu 06-27-2011 22:32

Hi all
my 5 cents into java RE-ng

there is a very nice tool called JMD, just give it a try when you see strings encrypted inside your files

nice video tut:
http://invokestatic.org/?p=88

chessgod101 06-28-2011 02:11

I have done java cracking once before on a target call smart math calculator and another called graphing calculator 3d(both by the same company). I used the JD Decompiler and JBE(Java bytecode Editor). I could write a tutorial if anyone is interested.

CodeCracker 06-29-2011 18:03

Cracking Java programs Part1/Part2:
http://forum.tuts4you.com/index.php?showtopic=19653

jacalhu 08-30-2011 10:20

java-decompiler web link:

http://www.java-decompiler.com/

giv 02-27-2012 18:59

Sorry for late repply....
 
Quote:

Originally Posted by chessgod101 (Post 73758)
I have done java cracking once before on a target call smart math calculator and another called graphing calculator 3d(both by the same company). I used the JD Decompiler and JBE(Java bytecode Editor). I could write a tutorial if anyone is interested.

It will be quite interesting and i will be more than happy to watch.

remal 04-11-2012 03:53

I used to use ObjectWebs ASM (http://asm.ow2.org/) to disassemble Java bytecodes to Java code. Then modify that Java code, re-compile it, and use it to generate a proper bytecode file. It's a little bit round about but it works wonderfully and more versatile than patching alone.

Mkz 04-18-2012 03:04

Hi

Just though I might add my own tip for cracking java.
Notice: I know how to program in java (I also know the bytecode of course), and at least some basics are needed even if just for patching an instruction - objects, stack, etc.

Well, since I don't usually run under a debugger (IDA or higher-level), what I do sometimes is have a static look at the code - normally with JD - and find interesting spots. Examples: encrypted strings, strange file accesses, etc. Just by the nature of the java.*.* objects being used, you often get a pretty good idea of what's going on, and those can never be obfuscated like the programmer's code.
Then you need to patch the framework's code itself. "String", for instance, is a class you can easily change. Just fetch the java rt sources (it comes with the sdk), copy it to your own version, and for instance in the constructor just do a "System.out.println(this);".
Want the stacktrace as well to know where this string was created? Just add another statement with "new Exception().printStackTrace();" :D

The only thing left is to make java use your version of the rt classes instead of the original ones. Just add this modifier to the invocation:
java ... -Xbootclasspath/p:my_path\my_jar_with_changed_stuff.jar ...
There you go. All constructed strings (a LOT) will be written to the console, followed by the stack trace of the place they were created.

Extending this technique, I once also did something with the java.lang.Exception class. Changed the source so that every single exception wrote the stack trace to a log (be it the captured ones, the ones that happen during regular class loading, etc.) - creates a huge log but also allows you to know about everything that got raised and might not be even been propagated to error windows or log files.
Since the output is so huge, I later added some logic to it: created a settings file that could be supplied in the command line and where one could create regular expressions for the stack traces to ignore in order to hide "normal" exceptions that are raised a lot.
Unfortunately, this was quite some time ago and I no longer have the code at hand. Still it's not hard for someone to do it if needed.

marrom79 05-29-2012 18:47

There is rather a new tool, very similar to JBE (JBE is obsolete as it won't "patch" all .class files reliably when select features of java 1.6 are used) it's called DirtyJOE. In my opinion, its the easiest way/tool to reverse java. DirtyJOE has an Opcode library that will let you know what that particular java opcode or "bytecode instruction" signifies... http://dirty-joe.com/

I'm also happy to help... clarify and instruction or if you are simply looking for a way to do something...

As a decompiler, I recommend using DJ as it is very quick and simple... http://java.decompiler.free.fr/?q=jdgui

the basics to reverse java are...
1.Serch for the code to be patched with DJ;
2.Use winRAR and extract the .class file containing the "magic" section of code;
3.Get cracking with dirtyJOE.

For JNLP applications, you need first to dig out the relevant .jar files... they are all in the java cache folder...

marrom

wassim_ 06-18-2012 06:08

Password sniffing in Java
 
This is just an idea, I don't actually know much about Java but I do understand that Java code runs in a virtual machine (JVM) which is essentially a set of DLLs on windows, so shouldn't there be a way to set breakpoints directly in these DLLs while the virtual machine is interpreting and running a jar?
This could be useful for sniffing serials and the like for example...

besoeso 07-02-2012 23:11

Dr. Garbage Tools is a suite of Eclipse Plugins released under Apache Open Source license. Before is comercial.

-Bytecode Visualizer
  • inspect
  • understand
  • debug

-Sourcecode Visualizer
  • review
  • analyze
  • teach & learn
-Control Flow Graph Factory
  • generate
  • edit
  • export

http://www.drgarbage.com/index.html

Bunshee 06-23-2013 05:38

Hello,

Thats great, i have everything a Java Application that i will Reversing.
Its a Car ODB Application from VW, and its written in Java by T-Systems.

The Application loads yourself in a Java VM Bytecode Address to the Memory...

No Tool from here is now working.... why?

ballad88 07-08-2013 17:37

ok. just study a java patch.

0xd0000 11-29-2013 11:59

My approach and personal favorites when approaching a Java Patch.

Use JD Gui to find what you¡¯re looking for and eventually JBE to patch, a recursive decompile with JAD and clear text search sometimes helps. JAD decompile can be done with cmd below. If you have multiple jars, just extract everything, then run the decompile.

JAD Recursive Decompile: for /R %F in (*.class) do jad -r -ff -s java %F

JD Gui - Must have, will allow full exploration of .JAR, as well as export of source.
http://jd.benow.ca/

JBE - Java Bytecode Editor can be used to patch whatever bytecode you desire, modifying the class directly without having to recompile. Will require more than a basic understanding of Java bytecode to use this effectively.
http://set.ee/jbe/

Once you have the patched .class you can simply just drop it back into the .jar with WinRar, or if you are working on a standalone .class then your basically done.

Hope this helps, patching Java can be interesting, especially ones that have string encryption functions.

I don't have direct links for these tuts, but they are pretty good, I will get them uploaded later.

Cracking_Java_programs_Part1_SND.zip
Cracking_Java_programs_Part2_SND.zip
Notes_on_reversing_and_cracking_Java_target_Part1_by_ThunderPwr.rar
Notes_on_reversing_and_cracking_Java_target_Part2_by_ThunderPwr.rar
Notes_on_reversing_and_cracking_Java_target_Part3_v1.2_by_ThunderPwr.rar

0xd0000 11-29-2013 12:33

Cracking_Java_programs_Part1_SND.zip
Cracking_Java_programs_Part2_SND.zip
Notes_on_reversing_and_cracking_Java_target_Part1_by_ThunderPwr.rar
Notes_on_reversing_and_cracking_Java_target_Part2_by_ThunderPwr.rar
Notes_on_reversing_and_cracking_Java_target_Part3_v1.2_by_ThunderPwr.rar


All packaged up here:

http://www.4shared.com/archive/x2N1Ns3R/Notes_On_Reversing_Java_Thunde.html

0xd0000 11-30-2013 08:22

This is new as of 11/29/2013

Java bytecode debugging
http://blog.rewolf.pl/blog/?p=786

0xd0000 12-10-2013 12:41

Adding another app here - Similar to JBE
You need to be regged on tuts4you

http://forum.tuts4you.com/topic/33703-methodbodyeditor-for-java/


MethodBodyEditor for Java
A Java class editor
Just Open the desired Java class (File->Open)
and then select the desired method from "Methods" tree
after that you will see a list with all instructions
of selected method. In order to edit instructions
double click on instruction or do a right click on the instruction
and select from menu "Show Opcode"
then simple enter the hexadecimal opcodes of new instructions
and click OK.
Finally save with File->Save.

CodeCracker 07-05-2014 19:40

Try BcelEditor
 
1 Attachment(s)
MethodBodyEditor for Java is for simple patches!

Try BcelEditor - full class editor, similar with CCK (Class Construction Kit).

Best regards,
CoeCracker

wilson bibe 09-25-2014 15:02

JD-GUI 0.3.7

Changelog:
Quote:

17 Aug 2014
Improved exploration of class files by replacing the modal dialogs by "stay on top" windows.
JD-GUI includes JD-Core 0.7.1.
Download:
http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.7-RC-1.windows.zip

CRC32 10-14-2014 22:04

JBE is really a good program.
But as far as I can see it, you can not directly change the opcodes in the program.
Should I fool myself, let me know.

Ericky 12-11-2014 19:38

JBE or JEB? I have studied how to reverse apk for 20 days.I know a tool named JEB(a interactive android decompiler) also powerful.Are we talking about the same thing£¿If someone knows, tell me please. Thank you£¡

SmilingWolf 12-11-2014 19:59

JBE -> Java bytecode Editor (hxxp://set.ee/jbe/)
JEB -> hxxp://www.android-decompiler.com/

Don't know much, but I guess JBE is a more "generic" tool related to java "compiled" code editing like reflexil is for .Net, while JEB is a toolchain focused on android-specific java reversing/decompilation/editing/whatever (perhaps like Reflector?) I guess.

Ericky 12-12-2014 14:37

Quote:

Originally Posted by SmilingWolf (Post 96135)
JBE -> Java bytecode Editor (hxxp://set.ee/jbe/)
JEB -> hxxp://www.android-decompiler.com/

Don't know much, but I guess JBE is a more "generic" tool related to java "compiled" code editing like reflexil is for .Net, while JEB is a toolchain focused on android-specific java reversing/decompilation/editing/whatever (perhaps like Reflector?) I guess.

Yes,JEB just like a Reflector,also a good tool.It has some fuctions like Rename which IDA hasn't.Mainly used in reversing APKs,thank you for your reply.

marrom79 03-25-2015 14:49

jbe doesn't work.. anymore. Hasnt been updated for a long time. For a similar GUI type tool you need to use DirtyJOE by ReWolf.. http://dirty-joe.com/ currently at v1.7 supports Java8 and it's new .class file structure.

wilson bibe 03-25-2015 17:24

JD-GUI v.1.4.0 is released

Download:
Quote:

https://github.com/java-decompiler/jd-gui/releases/download/v1.4.0/jd-gui-1.4.0.jar
or
https://github.com/java-decompiler/jd-gui/releases/download/v1.4.0/jd-gui-windows-1.4.0.zip
Source Code:
Quote:

https://github.com/java-decompiler/jd-gui

reversing_solo 03-25-2015 22:42

Anyone can advice a Java bytecode debugger?

arthur plank 03-25-2015 23:59

Quote:

Originally Posted by inode (Post 98548)
Anyone can advice a Java bytecode debugger?

I'm not into java and I've not used this myself, but a colleague of mine swears by Bytecode Visualizer from Dr. Garbage

suddenLy 03-31-2015 10:16

If you guys try to practice java+web-based license check, "flowjo" would be a good target as I remember. I tried some years ago, and I had learned java cracking a lot.

Although "flowjo" ask a hasp dongle, it is not a hard part.

For your interest, "flowjo" is single cell analysis software and I needed it at that time for my research.. ;)

QuakeGamer 04-02-2015 21:43

Quote:

Originally Posted by arthur plank (Post 98549)
I'm not into java and I've not used this myself, but a colleague of mine swears by Bytecode Visualizer from Dr. Garbage

Eclipse with Bytecode Visualizer in Combination with JD-Eclipse is great. Tho Bytecode Visualizer is not able to set breakpoints in the actual methods. You can only break on method entries. This makes debugging a little more painful.

I usually copy the required decompiled classes to a new project and fix the dependencies. Then you can easily debug with your IDE. Tho this won't work for all targets - but often does.

Jasi2169 10-19-2015 22:47

if its .class n windows use

Dirtyjoe v1.7

cheers;)

if android apps use smali/baksmali

there are so many things to talk abt when it comes to java cus i love this language :)


All times are GMT +8. The time now is 15:50.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX