Log in

View Full Version : java class patching


neur0n
October 26th, 2004, 06:27
I have obfuscated java class where I want to change one method behaviour. Instead of original method code it should always return constant value like in example.

public static long methodName() {
return 11;
}

Problem is that class is obfuscated so after decompiling it contains lots of garbage java code and thus I can not recompile it.

Then I tried bytecode patching approach but this seems not to be an easy task. Java stores all constants in Constant pool so adding a new constant would mean that I would have manually increase size of class, add new constant value and recompute all class structures and fields like Constant pool count.
Then I thought that I could return some existing class constant but unfortunatelly there is no suitable one.

Is there a way how to patch method with desired functionality and avoid to recomputing class structure ?

ksbrace
October 26th, 2004, 08:11
Couldn't you just extend the obfuscated class and rewrite the method with the new method behavior? aka override the method.

neur0n
October 26th, 2004, 09:01
Originall class contains several private methods which I can't extend. Those private methods is also obfuscated so I can't copy/paste them to new extended class because I wouldn't compile that code.

dELTA
October 26th, 2004, 09:48
Hmm, I'm a bit rusty on this, but wasn't it possible to include some low contants directly in the bytecodes? Alternatively, do some arithmetic with existing constants to get your desired constant.

neur0n
October 26th, 2004, 10:22
As far as I know there are only two low contants which can be entered directly - values 0 and 1.

There are no suitable existing constants which could be used to get value 11 by arithmetic calculation.

At the moment it seems that I will have to create new class with constant value 11 a read it from there but I bet there is some simple solution.

dELTA
October 26th, 2004, 11:00
You are after all discarding all bytecodes in the entire method, are you really sure that you don't have room for:

B = 1 + 1; // B = 2
A = B + B; // A = 4
A = A + A; // A = 8
A = A + B; // A = 10
A = A + 1; // A = 11
return A;

?

neur0n
October 26th, 2004, 11:54
You are right your code takes only 26 bytes so it fits there

Is there any other general approach ?

E.g. if I would like to return current time which is 1098809442906 for today.

neur0n
October 27th, 2004, 03:59
If I want to avoid coding complex code in java bytecode it seems the best way would be to call method from new class. For this purpose I still need to add name of the new class to originall class constant list.

I have few questions:

1. Is there a tool which allows to add constant to existing class ? (I hope I will not have to code it on my own )

2. Is there a tool (like hiew) which would allow to write java opcode (iconst_1, ireturn) instead of their hex values (0x04, 0xAC) ?

3. Is it possible to add java data (e.g. string) to java code without adding it to class constant list.

Something like in asm: (I don't remember it correctly. I haven't used it for about 10 years.)
JMP label1
label0:
db text 'some text';
label1:
MOV eax, offset label0

martin
October 27th, 2004, 04:46
I had a similar problem once, when dejunking the obfuscated code was too big a job. Find a description of the class format, and find the byte that determines whether a method is private, protected or public - it is just one byte - then modify it with a hex editor to your required value.

Quite a nice project really, it was a java midlet game for a phone, I wanted to modify it to run full screen on my phone (it was for a smaller screened phone), and I ended up patching it as above so I could override the paint method and resize it before drawing to the screen. Ran like a dog, mind...

neur0n
October 27th, 2004, 06:03
Good idea .

dELTA
October 27th, 2004, 07:30
Quote:
1. Is there a tool which allows to add constant to existing class ? (I hope I will not have to code it on my own)
Yes, there are several class manipulation tools out there. There is a library called BCEL (Byte Code Engineering Library), which is quite powerful, and I have used it earlier for similar tasks.


Quote:
2. Is there a tool (like hiew) which would allow to write java opcode (iconst_1, ireturn) instead of their hex values (0x04, 0xAC) ?
Yes, BCEL can do this too. But another technique could of course also be to just write the java code yourself in a separate class, then compile it and rip it from the compiled class, not having to put together the bytecodes yourself (as long as no constants or such are used from the code this will work).


Quote:
3. Is it possible to add java data (e.g. string) to java code without adding it to class constant list.
No, not normally, since the java format is purposely limited in these aspects due to security reasons.

cr.ap
October 27th, 2004, 21:40
adding an constant to the pool isnt that complicated in java, since the whole class is read as stream, and theres nowhere position dependant code.

appart from adding to the constant pool, and maybe a bit easier solution would be the inheritance approach, the private functions can be patched to public without bug effort.

you can get an descripton of the clas file format on http://java.sun.com/docs/books/vmspec/2nd-edition/html/VMSpecTOC.doc.html

chapter 4

cr.ap

br00t_4_c
October 28th, 2004, 10:24
Do I smell a mini project?

neur0n
October 30th, 2004, 02:52
There is no need for another mini project .

BCEL library supports everything we need (changing private atribute, adding new constants,methods, ...).