View Single Post
  #4  
Old 09-27-2019, 20:52
Chuck954 Chuck954 is offline
Friend
 
Join Date: Jul 2018
Posts: 51
Rept. Given: 0
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 27
Thanks Rcvd at 59 Times in 36 Posts
Chuck954 Reputation: 11
I have made some progress with it and found a decent Java debugger that allows me to step through code and pause it as it decrypts and unzips the classes. I used a hex editor and found the class starts when I see CAFE BABE in the memory. It's kind of a pain to figure out what's the complete class or just part of it as well as where it ends.

Anyone have any suggestions on how to intercept the Java byte-code in the memory without painstakingly searching through memory.

At the moment I'm just trying to get all the byte code for the encrypted classes and see what I'm working with.
Reply With Quote
The Following User Gave Reputation+1 to Chuck954 For This Useful Post:
user1 (09-27-2019)
The Following User Says Thank You to Chuck954 For This Useful Post:
user1 (09-27-2019)