Killing Threadtear’s Sandbox
Published:
Full PoC w/ abitrary code execution: Link to Issue Read more
Posts by Tags
cybersecurity
java
Meme (Dumb) Ideas for Java Bytecode Constant Obfuscation
Published:
Not too long ago, I took a quick look at some of the activity that has been going on in the Java bytecode obfuscation/deobfuscation communities. So far, I have noticed that most of the same ideas since I have went inactive have remained the same:
- Flow obfuscation:
- opaque predicates;
- reordering blocks through
goto; - weird try-catch block flow;
- callstack-sensitive keys used for branching;
- CFG flattening;
- complicate existing jumps;
- etc.
- Constant obfuscation:
- encrypt strings via context-sensitive keys;
- split numerical constants into a ton of arithmetic;
- abuse constantdynamic;
- etc.
- Reference obfuscation:
- abuse the Reflection API;
- abuse invokedynamics;
- proxying of method and field invocations;
- changing all parameter types to
java.lang.Object; - etc.
- Exploits:
- HTML-injection of vulnerable tools;
- fake directories;
- tool-specific crashers;
- etc.
- And the usual other stuff like class encryption and math obfuscation and whatnot.
redpwnCTF 2021 - javaisez3
Published:
If you participated in redpwnCTF 2021, you might know that I authored the javaisez3 reverse-engineering challenge. So… here is my writeup. I attempted to write this writeup in a way that is friendly to those who do not have a lot of experience with the Java Virtual Machine (JVM), so hopefully you will find this educational and helpful should you ever run into future Java bytecode reverse-engineering scenarios. Read more
Killing Threadtear’s Sandbox
Published:
Full PoC w/ abitrary code execution: Link to Issue Read more
Math Operation Obfuscation of Java Bytecode
Published:
Earlier today, I visited the Tigress C obfuscator website today (I haven’t for awhile) and it looks much nicer now ;). Anyways, something that particularly interested me was Tigress’s page on EncodeArithmetic. Since I, a maintainer of a Java bytecode obfuscator, am always looking for cool things to try, found the book they linked of interest. For reference $\neg$ is the bitwise NOT, $\oplus$ is XOR, $\wedge$ is AND, and $\vee$ is OR. If this notation is interesting to you, consider visiting Wikipedia’s page on boolean algebra. In the linked book, several identities are given but here are the ones relevant to today’s blog post: Read more
obfuscation
Meme (Dumb) Ideas for Java Bytecode Constant Obfuscation
Published:
Not too long ago, I took a quick look at some of the activity that has been going on in the Java bytecode obfuscation/deobfuscation communities. So far, I have noticed that most of the same ideas since I have went inactive have remained the same:
- Flow obfuscation:
- opaque predicates;
- reordering blocks through
goto; - weird try-catch block flow;
- callstack-sensitive keys used for branching;
- CFG flattening;
- complicate existing jumps;
- etc.
- Constant obfuscation:
- encrypt strings via context-sensitive keys;
- split numerical constants into a ton of arithmetic;
- abuse constantdynamic;
- etc.
- Reference obfuscation:
- abuse the Reflection API;
- abuse invokedynamics;
- proxying of method and field invocations;
- changing all parameter types to
java.lang.Object; - etc.
- Exploits:
- HTML-injection of vulnerable tools;
- fake directories;
- tool-specific crashers;
- etc.
- And the usual other stuff like class encryption and math obfuscation and whatnot.
redpwnCTF 2021 - javaisez3
Published:
If you participated in redpwnCTF 2021, you might know that I authored the javaisez3 reverse-engineering challenge. So… here is my writeup. I attempted to write this writeup in a way that is friendly to those who do not have a lot of experience with the Java Virtual Machine (JVM), so hopefully you will find this educational and helpful should you ever run into future Java bytecode reverse-engineering scenarios. Read more
Math Operation Obfuscation of Java Bytecode
Published:
Earlier today, I visited the Tigress C obfuscator website today (I haven’t for awhile) and it looks much nicer now ;). Anyways, something that particularly interested me was Tigress’s page on EncodeArithmetic. Since I, a maintainer of a Java bytecode obfuscator, am always looking for cool things to try, found the book they linked of interest. For reference $\neg$ is the bitwise NOT, $\oplus$ is XOR, $\wedge$ is AND, and $\vee$ is OR. If this notation is interesting to you, consider visiting Wikipedia’s page on boolean algebra. In the linked book, several identities are given but here are the ones relevant to today’s blog post: Read more
redpwnctf
redpwnCTF 2021 - javaisez3
Published:
If you participated in redpwnCTF 2021, you might know that I authored the javaisez3 reverse-engineering challenge. So… here is my writeup. I attempted to write this writeup in a way that is friendly to those who do not have a lot of experience with the Java Virtual Machine (JVM), so hopefully you will find this educational and helpful should you ever run into future Java bytecode reverse-engineering scenarios. Read more