« Posts under java

Java VM Operand Stack Viewer

Recently I’ve got asked about this quite an old unpublished project that I actually forgot about and I decided to finally do something with it. I’ve mentioned it once in this post: http://blog.rewolf.pl/blog/?p=856 and I’ve shared below screen-shot with an annotation that it will be published soon as a part of dirtyJOE:

java_debug

One and a half year passed and I did nothing regarding this integration. Even more, at some point I came to the conclusion that this project does not fit for dirtyJOE as it’s rather Proof of Concept than a proper solution to the problem (no matter if the proper solution even exists). I’m still not sure if I don’t change my mind and eventually make it a part of the dirtyJOE, but I’m 100% sure that JVM Operand Stack Viewer deserves a release. An open source release with the full description of the method used to obtain JVM operand stack.

»Read More

dirtyJOE v1.7 (c529)

New version of dirtyJOE is available for download at http://dirty-joe.com. The main new feature is Java 8 class files support, as there were some minor changes to the file format that were breaking dirtyJOE. You can find full changelog below:

  • Java 8 support:
    • Added support for new constant pool types:
      • CONSTANT_MethodHandle
      • CONSTANT_MethodType
      • CONSTANT_InvokeDynamic
    • Added viewer for BootstrapMethod attribute
    • Added support for invokedynamic opcode
  • Added viewer for StackMap attribute
  • Added Copy and Copy all to the exception table list in Code Editor
  • Added /opcodes command line switch to start Opcodes Help only
  • Added demangling of Signature attribute
  • Opcodes Help window can now be stuck to the main application window or to Code Editor window
  • Added some more keyboard shortcuts

PS: It seems that dirtyJOE became a thing on Brazilian Minecraft modding scene (in the last few months over 50% of downloads were from Brazil). Greetings to You guys, if You have any special Minecraft related feature requests just send me a message and I’ll see what can I do for You :)

Solving warsaw’s Java Crackme 3

Every once in a while I’m posting solution to some crackme that I consider interesting. By interesting, I mean the solution, so it is not exactly about key generation algorithm but also about technology and tricks that are utilized. Looking at the traffic statistics, it seems that this topic isn’t exactly the one that people would like to read (three posts – 5,63% of total unique page views), but I’m truly convinced that it has great potential for every single person that wants to learn something new. All in all, there is at least one person that benefits from those tutorials – ME :) Back to the topic, in this post I’ll describe warsaw’s Java Crackme 3. Crackme was published on 14th October 2012 on crackmes.de, I’ve picked it up around February 2013, so literally speaking, it took me one year to solve it (of course I had some huge breaks meanwhile). Difficulty of the crackme was set to 5 (Professional problem to solve) in the crackmes.de scale and I must fully agree with it. It is Java crackme, but it wasn’t written in Java, I’m 99% sure that it was written in Jasmin or other assembler for Java Virtual Machine (JVM). Hand-crafted assembler and bunch of obfuscation tricks renders all existing decompilers pretty much useless, so it will not be yet another simple Java analysis.

»Read More

Java bytecode debugging

Java bytecode debugging was bugging me for quite some time, however I’ve never done anything to really solve this problem once and for all. Around February I was desperately trying to solve some java bytecode riddle (yup, it was crackme ;p, but shhh…) and the only straightforward solution that would help with analysis was java bytecode debugger. If you query google for java bytecode debugger or java bytecode debugging, it will show two promising entries:
»Read More

dirtyJOE v1.6 (c472)

It is over two years since the last update of dirtyJOE. Actually this project was pretty much dead between 10.2011 and 03.2013 (17 months!) but I’ve managed to brace myself and put some new features together (finally!). Basically there is one new, big functionality called Restore Debug Info and bunch of small usability improvements. New version is available for download at http://dirty-joe.com, below you can find detailed changelog (with some screenshots): »Read More

dirtyJOE v1.5 (c359) and some statistics

New version of dirtyJOE is available for download at http://dirty-joe.com

What’s new:

  • Opcodes Help – embedded detailed description of all Java bytecode instructions.
  • Active Help – short description of opcode directly in Code Editor window, updated automatically on opcode selection.
  • Improved Python scripting – added decrypter for Allatori obfuscator and added possibility to re-encrypt previously decrypted strings.
  • Active Search – search feature on Constant Pool tab

»Read More

dirtyJOE v1.4 (c334)

Small update for dirtyJOE, it addresses a problem related to font changing, it appears only on Widnows XP systems. New version is available for download from official www http://dirty-joe.com. You can also download it directly from this post:

Using Python scripts in dirtyJOE

Python scripting in dirtyJOE can be used to modify CONSTANT_Utf8 objects from Constant Pool. One of the main use is decryption of CONSTANT_Utf8 objects in obfuscated .class files. Decrypted objects are useful in forensic analysis, they can be also used to translate obfuscated java application.

Example

I’ll show how to use python scripting on sample obfuscated java malware called Boonana. Mentioned malware appeared in october 2010 and was obfuscated with Zelix KlassMaster 5.3.3E (according to entry in constant pool “ZKM5.3.3E”).

»Read More

dirtyJOE v1.4

New version of dirtyJOE is available for download from http://dirty-joe.com

Short change-log:

  • Python scripting for Utf8 objects
  • drag’n’drop support
  • ability to copy disassembly to clipboard
  • ability to change font in disassembly windows
  • update check on startup

I’ll publish short tutorial about python scripting in the next blog post (it is already available as a part of help file)

dirtyJOE – Java Overall Editor

Post moved from OpenRCE, original date: Saturday, September 18 2010

dirtyJOE – Java Overall Editor is a complex editor and viewer for compiled java binaries (.class files). Current version still have some limitations, but hopefully those will be removed within the next releases.

dirtyJOE is free for non-commercial use.

dirtyJOE is entirely written in C++, no third party libraries were used.

Main features:

  • Viewer for: constant pool, methods, fields, attributes
  • Editor for: constant pool, bytecode

You can download it from http://dirty-joe.com