Java Cod Analysis

Java code analysis.
• Compilation.
	◦ Compilation Target.
		‣ Byte Code.
		‣ Machine Code.
	◦ Target Architecture.
		‣ JVM.
		‣ Specific CPU.
		‣ Specific instruction set.
	◦ Compilation from/to machine code.
		‣ To. Compilation. Assembly.
		‣ From. Disassembler. Decompiler.
	◦ Compilation from/to Bytecode.
		‣ To. Java.
		‣ From.  Java.
		‣ Preserve symbols. javac -g Hello.java
	◦ Bytecode. .class.
		‣ Target. JVM instruction set version.
	◦ Decompilers. Java.
		‣ Java Decompiler.
		‣ CFR.
		‣ Krakatau.
		‣ Procyon.
		‣ Ghidra (NSA).
• Obfuscation.
	◦ Strings inside .class files.
		‣ XOR. With key.
			• Byte-based. Per bit with key.
			• Multi-byte based.
				◦ Add key.
				◦ Replace with cyphertext.
			• Encryption. Plaintext XOR Key = Ciphertext.
			• Decryption. Ciphertext XOR Key = Plaintext.
	◦ Undo.
		‣  If Xor with key.
		‣ Binary Instrumentation.
• Binary Instrumentation. Extract decrypted strings at runtime.
	◦ Dynamic. Modifcation & addition.
		‣ Machinecode or bytecode.
		‣ By.
			• Intercepting flow control.
			• Injecting additional code.
	◦ Java.
		‣ Java Agent. Interpreter-feature.
			• java.lang.Instrument.
			• Programming Interface. ClassFileTransformer.
			• Usage. java -javaagent:agent.jar Hello
			• Phases.
				◦ AgentMain.class premain()
				◦ Transformer.class transform(before: () -> ()) -> after: () -> ()
					‣ Instruments each class on load.
				◦ MyProgram.class beforeMyFunc1() afterMyFunc1()
	◦ Usages.
		‣ Additional logging.
		‣ Perf.
		‣ Fuzzing. Testing for inputs.
	◦ Usages.
		‣ Extracting shared SSL&TLS master key. Neykov/extract-ssl-secrets.
• Bytecode manipulation.
	◦ Tools.
		‣ JavaAssist.
		‣ ASM.
		‣ CGLib.
		‣ Serp.
		‣ Byte Code Engineering Library BECL.
		‣ Cojen.
		‣ Scoot.