2020/03/31

Patching Java file format - Part 1: Introduction

Patching Java file format - Part 1: Introduction

So this is an introduction post, right?


How did I get this idea? Well, recently I failed fu**ing hard at a CTF event held in Taiwan. Everything fu**ed up. Yeah, fml, that was suppose to be an easy Java challenge, but only if I can patch it. Someone suggest that use BytecodeViewer. LGTM! BytecodeViewer "does" patch, but sometime it simply didn't. Don't know why 😥 It "might" work if I close then open it again 😥

Common applications, frameworks in Java : Weblogic, Liferay, Spring. Powered by Fu**ked up memory and this is very very early in the morning and I didn't get any sleep last night. Arghh.
Talk little Show code already? Nah, you will see it soon, I promise. Now this is my turn to go deeper, Coffee.

Inspired by The Legend of Random (Tutorial #1 : What is Reverse Engineering)

  • Making it possible to interface to legacy code (where you do not have the original code source). 
  • Breaking copy protection (ie. Impress your friends and save some $$). 
  • Studying virii and malware. 
  • Evaluating software quality and robustness. 
  • Adding functionality to existing software.


JVM
Java Virtual Machine has many implementation [1]

Class [5]
Bytecode is the machine code of the JVM. Java source code compiled into Bytecode, stored into a Class file.
https://blog.netspi.com/patching-java-executables-the-easy-way/

JAR
JAR (Java Archive) is a platform-independent file format that aggregates many files into one. Multiple Java applets and their requisite components (.class files, images and sounds) can be bundled in a JAR file and subsequently downloaded to a browser in a single HTTP transaction, greatly improving the download speed. The JAR format also supports compression, which reduces the file size, further improving the download time. In addition, the applet author can digitally sign individual entries in a JAR file to authenticate their origin. It is fully extensible. [3]

About Compatibility
Depend on JDK version, there are in-compatibility issues. Most common case (Oracle JDK) It is backward compatible: code compiled by Java Compiler version 8 can run on JVM on 8 and higher (9, 11, ..) but not on 7. "Don't break binary compatibility (as defined in the Java Language Specification) without sufficient cause." [4]
It's worth noting that some legacy applications only run on JRE 6. [2] Class file is a structured file so the JVM can know Binary Compatibility of file.

So now you may wonder what is the difference between Java SE (Standard Edition) and Java EE (Enterprise Edition) huh? So these 2 are both JRE (Java Runtime Environment) - combine from JVM and Java API provided by Oracle, but EE is build on top of SE with more API. General speaking, SE is free version of JRE which you can access easily by agree to END USER LICENSE AGREEMENT from Oracle.

OpenJDK and OpenJRE was release after Oracle open-source their JDK. Both OpenJRE and JRE use Hotspot JVM implementation beside many free/commercial JVM. User may choose their own JVM [1]

Until now, differ from Java runtime binary (mostly JVM), my target is java file format (jar, class).
TODO?

- Patching method without source
- Kotlin Decompile
- ...

[1] Difference between JVM and HotSpot? https://stackoverflow.com/questions/16568253/difference-between-jvm-and-hotspot
[2] Compatibility Guide for JDK 8 https://www.oracle.com/technetwork/java/javase/8-compatibility-guide-2156366.html#A999081
[3] Java Archive (JAR) Files https://docs.oracle.com/javase/8/docs/technotes/guides/jar/index.html
[4] Compatibility & Specification Review (CSR) https://wiki.openjdk.java.net/display/csr/Main
[5] Chapter 2. The Structure of the Java Virtual Machine https://docs.oracle.com/javase/specs/jvms/se8/html/jvms-2.html#jvms-2.1

No comments:

Post a Comment