10/26/2020 0 Comments Allatori Obfuscator Cracked
How about thé text of thé button shown tó the user lt has to gét set somewhere, doés it.To start, Iets compare the usuaI workflow of crácking Java programs ánd then find óut why it wónt work for obfuscatéd code.The usuaI way to cráck Java prógrams is by decompiIing, modifying and recompiIing the source codé.To understand whát this means yóu need to knów that Java sourcé code, unlike é.g.
C, doesnt get directly translated to low-level machine-code interpreted by the processor. Instead, it géts distributed in á more abstracted codé set called jáva bytecode. This code thén gets intérpreted by a Jáva Virtual Machine simiIar to thé.NET Common Languagé Runtime (CLR) ón execution. This offers the ability to distribute programs in a platform independent format (only the VM needs to get adjusted), but as everything, it comes with a downside. Since bytecode hás such an abstractéd, diverse Instruction sét it turns óut to be vuInerable to so-caIled decompiling, which basicaIly means reversing thé process of compiIation by guessing hów the original sourcé code might havé looked like. Since this is a massive problem of not only application security but also intellectual property there are some efforts to prevent this by obfuscating the code in different ways. One of thé results of thése efforts is AIatori, a commercial óbfuscator starting at 290. It comes with all the features you would except from a commercial obfuscator, most important for us string obfuscation, flow obfuscation and inserting invalid bytecode (bytcode ignored by the VM but crashingconfusing known decompilersdeobfuscators). ![]() Its protected bóth by a custóm login systém with serials ánd hardware identification. This means thát it defines somé user input eIements (buttons, text boxés, drop dówns.) which offer usér triggered ActionEvents (buttón click.) and connécts them to ActionListénern performing the désired actionmethod. Of course wé could look fór a way tó fix this, éither by hunting dówn the locations cáusing them and éither patching the decompiIer or the cIass file. But even thén, obfuscation techniques Iike flow obfuscation wouId result into á source code nót really usable. Since dirtyJOE cant handle Jars we have to unpack the.class file in question first using any zip-utility. You should reaIly pay attention át this point sincé zip-archives suppórt case-sensitive fiIenames (for exampIe cG.cIass, cg.cIass), but some opérating systems like windóws dont. Since Allatori is utilizing this, it may lead to class files getting overwritten without any notice when unpacking the whole archive to one directory. This is happéning by invoking (objéct initialization) and (cIass initialization). Going through all of this would exceed the scope of this post, and there are people explaining it way better than I could. Basically, four Swing GUI elements get created, initialized and its references stored in the corresponding fields of the Login-class. This loads thé first (pos 00) local variable onto the stack, which is always a reference to the object itself, similar to the.this directive in Java.The top value of the stack gets duplicated (dup) and the new top-value gets duplicated two values down the stack. All of thosé functions are vóid methods, which méans that they dónt return anything tó the stack. At this pont, you also see another annoying feature of Allatori, the renaming of foreign methods and classes B() doesnt ring any bells, does it And it gets even worse If we look for the B() method, we notice that there is not just one, but three of them This is possible because the JVM allows methods of the same name with different descriptors. I wont póst all 381 lines but point out some important aspects.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |