Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Java code analysis.
- • Compilation.
- ◦ Compilation Target.
- ‣ Byte Code.
- ‣ Machine Code.
- ◦ Target Architecture.
- ‣ JVM.
- ‣ Specific CPU.
- ‣ Specific instruction set.
- ◦ Compilation from/to machine code.
- ‣ To. Compilation. Assembly.
- ‣ From. Disassembler. Decompiler.
- ◦ Compilation from/to Bytecode.
- ‣ To. Java.
- ‣ From. Java.
- ‣ Preserve symbols. javac -g Hello.java
- ◦ Bytecode. .class.
- ‣ Target. JVM instruction set version.
- ◦ Decompilers. Java.
- ‣ Java Decompiler.
- ‣ CFR.
- ‣ Krakatau.
- ‣ Procyon.
- ‣ Ghidra (NSA).
- • Obfuscation.
- ◦ Strings inside .class files.
- ‣ XOR. With key.
- • Byte-based. Per bit with key.
- • Multi-byte based.
- ◦ Add key.
- ◦ Replace with cyphertext.
- • Encryption. Plaintext XOR Key = Ciphertext.
- • Decryption. Ciphertext XOR Key = Plaintext.
- ◦ Undo.
- ‣ If Xor with key.
- ‣ Binary Instrumentation.
- • Binary Instrumentation. Extract decrypted strings at runtime.
- ◦ Dynamic. Modifcation & addition.
- ‣ Machinecode or bytecode.
- ‣ By.
- • Intercepting flow control.
- • Injecting additional code.
- ◦ Java.
- ‣ Java Agent. Interpreter-feature.
- • java.lang.Instrument.
- • Programming Interface. ClassFileTransformer.
- • Usage. java -javaagent:agent.jar Hello
- • Phases.
- ◦ AgentMain.class premain()
- ◦ Transformer.class transform(before: () -> ()) -> after: () -> ()
- ‣ Instruments each class on load.
- ◦ MyProgram.class beforeMyFunc1() afterMyFunc1()
- ◦ Usages.
- ‣ Additional logging.
- ‣ Perf.
- ‣ Fuzzing. Testing for inputs.
- ◦ Usages.
- ‣ Extracting shared SSL&TLS master key. Neykov/extract-ssl-secrets.
- • Bytecode manipulation.
- ◦ Tools.
- ‣ JavaAssist.
- ‣ ASM.
- ‣ CGLib.
- ‣ Serp.
- ‣ Byte Code Engineering Library BECL.
- ‣ Cojen.
- ‣ Scoot.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement