Results 1 to 14 of 14

Thread: java class patching

  1. #1
    neur0n
    Guest

    java class patching

    I have obfuscated java class where I want to change one method behaviour. Instead of original method code it should always return constant value like in example.

    public static long methodName() {
    return 11;
    }

    Problem is that class is obfuscated so after decompiling it contains lots of garbage java code and thus I can not recompile it.

    Then I tried bytecode patching approach but this seems not to be an easy task. Java stores all constants in Constant pool so adding a new constant would mean that I would have manually increase size of class, add new constant value and recompute all class structures and fields like Constant pool count.
    Then I thought that I could return some existing class constant but unfortunatelly there is no suitable one.

    Is there a way how to patch method with desired functionality and avoid to recomputing class structure ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    ksbrace
    Guest
    Couldn't you just extend the obfuscated class and rewrite the method with the new method behavior? aka override the method.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    neur0n
    Guest
    Originall class contains several private methods which I can't extend. Those private methods is also obfuscated so I can't copy/paste them to new extended class because I wouldn't compile that code.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Hmm, I'm a bit rusty on this, but wasn't it possible to include some low contants directly in the bytecodes? Alternatively, do some arithmetic with existing constants to get your desired constant.

  5. #5
    neur0n
    Guest
    As far as I know there are only two low contants which can be entered directly - values 0 and 1.

    There are no suitable existing constants which could be used to get value 11 by arithmetic calculation.

    At the moment it seems that I will have to create new class with constant value 11 a read it from there but I bet there is some simple solution.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    You are after all discarding all bytecodes in the entire method, are you really sure that you don't have room for:

    B = 1 + 1; // B = 2
    A = B + B; // A = 4
    A = A + A; // A = 8
    A = A + B; // A = 10
    A = A + 1; // A = 11
    return A;

    ?

  7. #7
    neur0n
    Guest
    You are right your code takes only 26 bytes so it fits there

    Is there any other general approach ?

    E.g. if I would like to return current time which is 1098809442906 for today.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    neur0n
    Guest
    If I want to avoid coding complex code in java bytecode it seems the best way would be to call method from new class. For this purpose I still need to add name of the new class to originall class constant list.

    I have few questions:

    1. Is there a tool which allows to add constant to existing class ? (I hope I will not have to code it on my own )

    2. Is there a tool (like hiew) which would allow to write java opcode (iconst_1, ireturn) instead of their hex values (0x04, 0xAC) ?

    3. Is it possible to add java data (e.g. string) to java code without adding it to class constant list.

    Something like in asm: (I don't remember it correctly. I haven't used it for about 10 years.)
    JMP label1
    label0:
    db text 'some text';
    label1:
    MOV eax, offset label0
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    martin
    Guest
    I had a similar problem once, when dejunking the obfuscated code was too big a job. Find a description of the class format, and find the byte that determines whether a method is private, protected or public - it is just one byte - then modify it with a hex editor to your required value.

    Quite a nice project really, it was a java midlet game for a phone, I wanted to modify it to run full screen on my phone (it was for a smaller screened phone), and I ended up patching it as above so I could override the paint method and resize it before drawing to the screen. Ran like a dog, mind...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    neur0n
    Guest
    Good idea .
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    1. Is there a tool which allows to add constant to existing class ? (I hope I will not have to code it on my own)
    Yes, there are several class manipulation tools out there. There is a library called BCEL (Byte Code Engineering Library), which is quite powerful, and I have used it earlier for similar tasks.


    2. Is there a tool (like hiew) which would allow to write java opcode (iconst_1, ireturn) instead of their hex values (0x04, 0xAC) ?
    Yes, BCEL can do this too. But another technique could of course also be to just write the java code yourself in a separate class, then compile it and rip it from the compiled class, not having to put together the bytecodes yourself (as long as no constants or such are used from the code this will work).


    3. Is it possible to add java data (e.g. string) to java code without adding it to class constant list.
    No, not normally, since the java format is purposely limited in these aspects due to security reasons.

  12. #12
    cr.ap
    Guest
    adding an constant to the pool isnt that complicated in java, since the whole class is read as stream, and theres nowhere position dependant code.

    appart from adding to the constant pool, and maybe a bit easier solution would be the inheritance approach, the private functions can be patched to public without bug effort.

    you can get an descripton of the clas file format on http://java.sun.com/docs/books/vmspec/2nd-edition/html/VMSpecTOC.doc.html

    chapter 4

    cr.ap
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    br00t_4_c
    Guest
    Do I smell a mini project?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    neur0n
    Guest
    There is no need for another mini project .

    BCEL library supports everything we need (changing private atribute, adding new constants,methods, ...).
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. How do you bpx on a class method??
    By Jacques in forum The Newbie Forum
    Replies: 5
    Last Post: May 31st, 2004, 00:05
  2. How to bpx on class method?
    By Jacques in forum The Newbie Forum
    Replies: 0
    Last Post: May 2nd, 2004, 21:26
  3. deobfuscation java class
    By chitech in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: September 19th, 2002, 14:28
  4. A new class... join now!
    By Rage9 in forum Mini Project Area
    Replies: 32
    Last Post: July 29th, 2001, 16:55
  5. java : PE & .class
    By keyser in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 23rd, 2000, 13:45

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •