« Posts under dirtyJOE

dirtyJOE v1.7 (c529)

New version of dirtyJOE is available for download at http://dirty-joe.com. The main new feature is Java 8 class files support, as there were some minor changes to the file format that were breaking dirtyJOE. You can find full changelog below:

  • Java 8 support:
    • Added support for new constant pool types:
      • CONSTANT_MethodHandle
      • CONSTANT_MethodType
      • CONSTANT_InvokeDynamic
    • Added viewer for BootstrapMethod attribute
    • Added support for invokedynamic opcode
  • Added viewer for StackMap attribute
  • Added Copy and Copy all to the exception table list in Code Editor
  • Added /opcodes command line switch to start Opcodes Help only
  • Added demangling of Signature attribute
  • Opcodes Help window can now be stuck to the main application window or to Code Editor window
  • Added some more keyboard shortcuts

PS: It seems that dirtyJOE became a thing on Brazilian Minecraft modding scene (in the last few months over 50% of downloads were from Brazil). Greetings to You guys, if You have any special Minecraft related feature requests just send me a message and I’ll see what can I do for You :)

Java bytecode debugging

Java bytecode debugging was bugging me for quite some time, however I’ve never done anything to really solve this problem once and for all. Around February I was desperately trying to solve some java bytecode riddle (yup, it was crackme ;p, but shhh…) and the only straightforward solution that would help with analysis was java bytecode debugger. If you query google for java bytecode debugger or java bytecode debugging, it will show two promising entries:
»Read More

dirtyJOE v1.6 (c472)

It is over two years since the last update of dirtyJOE. Actually this project was pretty much dead between 10.2011 and 03.2013 (17 months!) but I’ve managed to brace myself and put some new features together (finally!). Basically there is one new, big functionality called Restore Debug Info and bunch of small usability improvements. New version is available for download at http://dirty-joe.com, below you can find detailed changelog (with some screenshots): »Read More

dirtyJOE v1.5 (c359) and some statistics

New version of dirtyJOE is available for download at http://dirty-joe.com

What’s new:

  • Opcodes Help – embedded detailed description of all Java bytecode instructions.
  • Active Help – short description of opcode directly in Code Editor window, updated automatically on opcode selection.
  • Improved Python scripting – added decrypter for Allatori obfuscator and added possibility to re-encrypt previously decrypted strings.
  • Active Search – search feature on Constant Pool tab

»Read More

dirtyJOE v1.4 (c334)

Small update for dirtyJOE, it addresses a problem related to font changing, it appears only on Widnows XP systems. New version is available for download from official www http://dirty-joe.com. You can also download it directly from this post:

Using Python scripts in dirtyJOE

Python scripting in dirtyJOE can be used to modify CONSTANT_Utf8 objects from Constant Pool. One of the main use is decryption of CONSTANT_Utf8 objects in obfuscated .class files. Decrypted objects are useful in forensic analysis, they can be also used to translate obfuscated java application.

Example

I’ll show how to use python scripting on sample obfuscated java malware called Boonana. Mentioned malware appeared in october 2010 and was obfuscated with Zelix KlassMaster 5.3.3E (according to entry in constant pool “ZKM5.3.3E”).

»Read More

dirtyJOE v1.4

New version of dirtyJOE is available for download from http://dirty-joe.com

Short change-log:

  • Python scripting for Utf8 objects
  • drag’n’drop support
  • ability to copy disassembly to clipboard
  • ability to change font in disassembly windows
  • update check on startup

I’ll publish short tutorial about python scripting in the next blog post (it is already available as a part of help file)

dirtyJOE – Java Overall Editor

Post moved from OpenRCE, original date: Saturday, September 18 2010

dirtyJOE – Java Overall Editor is a complex editor and viewer for compiled java binaries (.class files). Current version still have some limitations, but hopefully those will be removed within the next releases.

dirtyJOE is free for non-commercial use.

dirtyJOE is entirely written in C++, no third party libraries were used.

Main features:

  • Viewer for: constant pool, methods, fields, attributes
  • Editor for: constant pool, bytecode

You can download it from http://dirty-joe.com