is it possible to sniff a "serial" in j2me apps through its emulator by using something like ollydbg or anyone succeeded in this.?
I have used my fav search engine for this.. I tried it before but the emulator crashed cuz i think it cant emu some part of the j2me app..

Possible? YES. Easy? Probably not. (WARNING) I have experience with interpreted languages, and the use of emulators. I do NOT have experience with the exact system that you are describing, so the below may not apply, but then again. It just might!


If you have the source to the emulator, you could probably find where it deals with strings, and have it dump all strings to a debug file as it runs, then you could dig through it. Depending on the complexity of the app that you are looking it, this can be easy, or it can be a royal pain in the ass.

Step 1. Find the place where the the opcodes are pulled from the applet, and processed. (Probably a HUGE switch if I had to guess). Then, tag the interesting ones. If you have the source to the emulator, you can set breakpoints on those opcodes you are interested in, and examine the parameters used there.

I'd assume that you can also decompile the applet. That would be where I would start. It entirely possible that you can find the serial via the "dead listing method".

Just to clarify - dead listing is a Hex Editor or in unusually infrequent cases a text editor, actually there should be a utility here that lists all strings - unicode, ascii ebcdic etc...

SiGiNT

thanks 4 the tip frank n sigint..