View Single Post
  #1  
Old 09-12-2019, 23:27
Chuck954 Chuck954 is offline
Friend
 
Join Date: Jul 2018
Posts: 51
Rept. Given: 0
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 27
Thanks Rcvd at 59 Times in 36 Posts
Chuck954 Reputation: 11
Reversing obfuscated and encrypted JAR file

I have tried numerous tools and haven't found much luck. I have a program that I have pretty much cracked but not completely. A handful of options need the jar file to run and if the jar file runs it closes out the program.

The program starts java.exe and it opens the encrypted jar file and runs it. I believe it was obfuscated with proguard. It has a few classes in it that show it decrypting the stream and reading the class files. However the majority of the files inside it are encrypted and you can't tell anything. I took a dump in visualvm.exe and I can see a lot of info but nothing stands out yet. Not sure if anyone has any advice on how I might be able to decrypt the classes so I can see it?

This is the code of one of the loader files it has. All the public deobfuscation tools failed. I'm guessing since it's encrypted as well. I'm not very familiar with java yet so any pointers would help.

Thanks!

Code:
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;

public class LoaderB
  extends URLClassLoader
{
  protected LoaderB(ClassLoader parent, LoaderB prevClsLoader)
  {
    super(new URL[0], parent);
  }
  
  public void init(String[] args) {}
  
  static byte[] zip(byte[] data)
  {
    try
    {
      ByteArrayInputStream bais = new ByteArrayInputStream(data);
      ByteArrayOutputStream baos = new ByteArrayOutputStream();
      
      GZIPOutputStream gzos = new GZIPOutputStream(baos);
      
      byte[] b = new byte['?'];
      
      int i = bais.read(b);
      while (i != -1)
      {
        gzos.write(b, 0, i);
        i = bais.read(b);
      }
      gzos.finish();
      gzos.flush();
      gzos.close();
      
      return baos.toByteArray();
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
    return null;
  }
  
  static byte[] load(InputStream is)
  {
    try
    {
      ByteArrayOutputStream baos = new ByteArrayOutputStream();
      
      byte[] b = new byte['?'];
      
      int i = is.read(b);
      while (i != -1)
      {
        baos.write(b, 0, i);
        i = is.read(b);
      }
      baos.flush();
      baos.close();
      
      return baos.toByteArray();
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
    return null;
  }
  
  public static byte[] unzip(byte[] data)
  {
    try
    {
      ByteArrayInputStream bais = new ByteArrayInputStream(data);
      ByteArrayOutputStream baos = new ByteArrayOutputStream();
      
      GZIPInputStream gzis = new GZIPInputStream(bais);
      
      byte[] b = new byte['?'];
      
      int i = gzis.read(b);
      while (i != -1)
      {
        baos.write(b, 0, i);
        i = gzis.read(b);
      }
      baos.flush();
      baos.close();
      
      return baos.toByteArray();
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
    return null;
  }
  
  static byte[] crypt(Crypter crypter, byte[] data)
  {
    try
    {
      ByteArrayOutputStream baos = new ByteArrayOutputStream();
      OutputStream os = crypter.getOutputStreamE(baos);
      
      os.write(data);
      
      os.flush();
      os.close();
      baos.close();
      return baos.toByteArray();
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
    return null;
  }
  
  static byte[] decrypt(Crypter crypter, byte[] data)
  {
    try
    {
      ByteArrayInputStream bais = new ByteArrayInputStream(data);
      InputStream is = crypter.getInputStreamD(bais);
      
      ByteArrayOutputStream baos = new ByteArrayOutputStream();
      
      byte[] b = new byte['?'];
      
      int i = is.read(b);
      while (i != -1)
      {
        baos.write(b, 0, i);
        i = is.read(b);
      }
      baos.flush();
      baos.close();
      
      return baos.toByteArray();
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
    return null;
  }
}
Reply With Quote