Jump to content
Tuts 4 You

Notes on Reversing Java (1-3)

Teddy Rogers

About This File

Notes on Reversing Java - Part 1



This tutorial aim is show some simple techniques that can be used to reverse and patching Java target, a first classical approach will be about the class decompilation with JAD and JODE decompiler, then we can move into the JVM (Java virtual machine) analysis and deeper into the bytecode analysis and patching.

In order to fix some concepts a simple Java CrackMe will be explored trough decompilation with the presented tool and bytecode patching by using IDA and Hex Editor.

Of course this topic isn’t new and was also covered into the past by other, but this essay will just point some well know concept and show some more hint about the Java patching, a minimum skill on the Java programming is needed to make code change and understand the program execution flow at the decompiled stage.

Finally some consideration around how to better protect Java coded application was covered.


Notes on Reversing Java - Part 2



This tutorial aim is show some advanced techniques that can be used to reverse and patching Java target, as usual a real target will be focused on the essay.

Reversing approach will be more technical on the starting because some nice protection techniques are used (we’ve a Java class loader able to load the class byte code from some encrypted file and build the class object into the memory).

The CCK (Class Constructor Kit) will be presented and used to make the bytecode patching without using some HexEditor and the opcode references guide.

Two tool are provided to support the reader during the reversing steps of this target, this simple tools are specialized program able to decrypt/encrypt the class bytecode.


Notes on Reversing Java - Part 3



This tutorial aim is show some news way to find what is the class or classes to patch in target with package using several class, this technique is also useful when you’ve obfuscated or encrypted class.

The way is based mainly on simple memory searching.

A fast survey was done to proof that class encryption is not a safe practice to protect Java target.



User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...