PDA

View Full Version : JAR Protection



Smartzkid
12-15-2010, 09:42 PM
Someone recently showed off a java protection scheme, and another member was able to crack it using reflection and knowledge of bytecode.

I had read through the bytecode as well, but it meant nothing to me. This was the case with at least one other member. We would like to know how this code was analyzed and what knowledge was required to perform this analysis.

Frement
12-15-2010, 09:57 PM
I read a 10 page tutorial on bytecode, and I still couldn't figure it out.

TRiLeZ
12-16-2010, 12:32 AM
How I cracked that jar was I opened it with Java Decompiler and I opened the main class. I then saw that it invoked a method in the protection class, so I opened it with Java Decompiler and I noticed that the decompiler could not decompile the code for the main protection method, but it gave me the bytecode.

With the bytecode, I noticed that it was making a new URLClassLoader, with a whole bunch of strings. I then noticed that the strings came from a method, which was the decryption method, so I looked at the params for the method, and used bytecode to get those fields and to invoke the method, then I printed out what the method returned... so with all of the new strings that were made, I put them all together to get this other jar... which led to another jar...

End of story.

lordsaturn
12-16-2010, 12:52 AM
Look at mitb for BCEL tutorials. You learn a lot from doing.

super_
12-23-2010, 04:09 PM
what protection scheme?


...\obj>java StringDecoder

("myyu?44⌂fx⌂r", -5) -> http://zaszm
("potl9nzx:", -11) -> edia.com/
("nwl~~:zmu⌂p~", -11) -> class/objtes
("ynslxjw{nhj3ofw", -5) -> tingservice.jar
("7*2<-;<7*", 56) -> objtestob
("@8", 45) -> me

Smartzkid
12-24-2010, 12:18 AM
http://villavu.com/forum/showthread.php?t=60820&p=759088