CS266 Software Reverse Engineering (SRE) Reversing and Patching Java Bytecode Teodoro (Ted) Cipresso,

Slides:



Advertisements
Similar presentations
Chapter 11 Introduction to Programming in C
Advertisements

Agenda Definitions Evolution of Programming Languages and Personal Computers The C Language.
IT253: Computer Organization Lecture 6: Assembly Language and MIPS: Programming Tonga Institute of Higher Education.
Decompilation of Binary Programs Christina Cifuentes & K. John Gough School of Computing Science Queensland University of Technology Presented by Conny.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Machine Code Teodoro (Ted) Cipresso,
1 Starting a Program The 4 stages that take a C++ program (or any high-level programming language) and execute it in internal memory are: Compiler - C++
Systems Software.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,
Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.
JDK, Jan Pettersen Nytun - HiA 1 The Java Programming Environment: The programmer write source code with a text editor. The programmer write source code.
1 Introduction to Java and Applet. 2 Download Java Compiler (1)
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.
CMP 131 Introduction to Computer Programming Violetta Cavalli-Sforza Week 1, Lab.
Introduction to Java.
COP4020 Programming Languages
Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.
Types of software. Sonam Dema..
P51UST: Unix and Software Tools Unix and Software Tools (P51UST) Compilers, Interpreters and Debuggers Ruibin Bai (Room AB326) Division of Computer Science.
Introduction to Java Appendix A. Appendix A: Introduction to Java2 Chapter Objectives To understand the essentials of object-oriented programming in Java.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
September 7, September 7, 2015September 7, 2015September 7, 2015 Azusa, CA Sheldon X. Liang Ph. D. Computer Science at Azusa Pacific University.
Arpit Jain Mtech1. Outline Introduction Dalvik VM Java VM Examples Comparisons Experimental Evaluation.
High level & Low level language High level programming languages are more structured, are closer to spoken language and are more intuitive than low level.
An intro to programming. The purpose of writing a program is to solve a problem or take advantage of an opportunity Consists of multiple steps:  Understanding.
Computer Programming A program is a set of instructions a computer follows in order to perform a task. solve a problem Collectively, these instructions.
JAVA Java is a programming language and computing platform first released by Sun Microsystems in It was first developed by James Gosling at Sun Microsystems,
© 2012 Pearson Education, Inc. All rights reserved. 1-1 Why Java? Needed program portability – Program written in a language that would run on various.
Introduction and Features of Java. What is java? Developed by Sun Microsystems (James Gosling) A general-purpose object-oriented language Based on C/C++
CST320 - Lec 11 Why study compilers? n n Ties lots of things you know together: –Theory (finite automata, grammars) –Data structures –Modularization –Utilization.
Week 1 - Friday.  What did we talk about last time?  Our first Java program.
Java means Coffee Java Coffee Beans The name “JAVA” was taken from a cup of coffee.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
1.  10% Assignments/ class participation  10% Pop Quizzes  05% Attendance  25% Mid Term  50% Final Term 2.
National Taiwan University Department of Computer Science and Information Engineering National Taiwan University Department of Computer Science and Information.
CS Software Studio Java Lab 1 Meng-Ting Wang PLLAB, Computer Science Department, National Tsing-Hua University.
Getting started with Programming using IDE. JAVA JAVA IS A PROGRAMMING LANGUAGE AND A PLATFORM. IT CAN BE USED TO DELIVER AND RUN HIGHLY INTERACTIVE DYNAMIC.
23-October-2002cse JavaIntro © 2002 University of Washington1 Intro to Java CSE 413, Autumn 2002 Programming Languages
Chapter 1 Introduction. Chapter 1 - Introduction 2 The Goal of Chapter 1 Introduce different forms of language translators Give a high level overview.
1. 2 Preface In the time since the 1986 edition of this book, the world of compiler design has changed significantly 3.
Chapter 4 Software. Chapter 4: Software Generations of Languages Each computer is wired to perform certain operations in response to an instruction. An.
 Programming - the process of creating computer programs.
By: Cheryl Mok & Sarah Tan. Java is partially interpreted. 1. Programmer writes a program in textual form 2. Runs the compiler, which converts the textual.
© 2012 Pearson Education, Inc. All rights reserved types of Java programs Application – Stand-alone program (run without a web browser) – Relaxed.
Introduction to OOP CPS235: Introduction.
©2016 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. CSC 110 – INTRO TO COMPUTING - PROGRAMMING Overview of Programming.
Lecture1 Instructor: Amal Hussain ALshardy. Introduce students to the basics of writing software programs including variables, types, arrays, control.
An overview of C Language. Overview of C C language is a general purpose and structured programming language developed by 'Dennis Ritchie' at AT &T's.
Review A program is… a set of instructions that tell a computer what to do. Programs can also be called… software. Hardware refers to… the physical components.
Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.
Introduction to Algorithm. What is Algorithm? an algorithm is any well-defined computational procedure that takes some value, or set of values, as input.
CS-140 Dick Steflik Lecture 3. Java C++ Interpreted optimized for the internet Runs on virtual ized machine Derived from C++ Good object model Widely.
Lecture 1b- Introduction
Advanced Computer Systems
Visit for more Learning Resources
Before You Begin Nahla Abuel-ola /WIT.
Introduction to Compiler Construction
Programming languages
Programming Language Hierarchy, Phases of a Java Program
CSCI-235 Micro-Computer Applications
Topic: Difference b/w JDK, JRE, JIT, JVM
Microprocessor and Assembly Language
2.1. Compilers and Interpreters
CMP 131 Introduction to Computer Programming
(Computer fundamental Lab)
System Programming By Prof.Naveed Zishan.
Programming language translators
Introduction to Computer Science
Presentation transcript:

CS266 Software Reverse Engineering (SRE) Reversing and Patching Java Bytecode Teodoro (Ted) Cipresso, Department of Computer Science San José State University Spring 2015 The information in this presentation is taken from the thesis “Software reverse engineering education” available at where all citations can be found.

Reversing and Patching Java Bytecode  Good-quality Java source can often be generated from Java bytecode with little difficulty due to certain characteristics of bytecode: Platform-independent (consistent) instruction set and layout/format. Very rich, well-structured metadata about Classes, Methods, and Variables:  names and datatypes (e.g., String personName, Map personRecord).  Method signatures (includes Constructors).  Generating HLL source (e.g., C/C++) from machine code is challenging due to high variation in the output of compilers on different platforms and unavoidable loss of information that occurs when compiling a HLL down to machine code. Note: Symbolic information may be included in machine code when specifying a compiler’s “debug” option (e.g., -g, -debug, TEST). 2

Reversing and Patching Java Bytecode (cont’d)  The following diagram illustrates the difference in how Java bytecode and machine are processed during execution: 3

Reversing and Patching Java Bytecode (cont’d)  The following formal definitions of machine code and Java bytecode apply: Machine code: “Machine code or machine language is a system of instructions and data executed directly by a computer's central processing unit” [14]. Machine code contains the platform-specific machine instructions to execute on the target processor.14 Java bytecode: “Bytecode is the intermediate representation of Java programs just as assembler is the intermediate representation of C or C++ programs” [15]. Java bytecode contains platform-independent instructions that are translated to platform-specific instructions by a Java Virtual Machine.15 4

Reversing and Patching Java Bytecode (cont’d)  Machine code is stored in files with varying extensions (*.exe, *.dll, *.so,..,); extensions are dependent upon the operating system.  On the contrary… Java bytecode is always stored in files that have a *.class extension.  The Java Language Specification allows at most one top-level public class to be defined per *.java source file and requires that the bytecode be stored in a file with whose name matches the pattern TopLevelClassName.class.  Collections of Java classes, such as those for an application or class library, are stored together in an archive file with a *.jar extension. 5

Reversing and Patching Java Bytecode Decompiling and Disassembling Java Bytecode  Bytecode is stored in a binary format that is not human-readable and therefore must be “disassembled” in order to be read.  Oracle’s Java Development Toolkit (JDK) comes with javap, a command-line tool for “disassembling” Java bytecode.  To say that javap disassembles bytecode is a misnomer because the output of javap is unstructured text which cannot be compiled back to bytecode. The assumption is you already have the *.class file.  The output of javap is nonetheless useful as a debugging and performance tuning aid since one can see which JVM instructions are generated from high- level Java language statements. 6

Reversing and Patching Java Bytecode Decompiling and Disassembling Java Bytecode 7 javap demo

8

9

10

11

12

13

14

15

16

17

18

19

Reversing and Patching Java Bytecode Decompiling and Disassembling Java Bytecode  The result of disassembling Java bytecode is a pseudo-assembly language, a language that cannot be compiled or assembled but serves to provide a more abstract, readable representation of the bytecode.  While it may seem possible to use a hex editor directly modify Java bytecode in a *.class file, this is similar in difficulty to editing machine code in a hex editor. However, libraries exist for deserializing and serializing bytecode using in- memory Java object models. This allows programmatic modification.  Decompiling then recompiling Java bytecode after making modifications is perhaps the most straightforward way to reverse and patch Java applications. 20

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 21 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 22 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 23 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 24 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 25 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 26 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 27 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 28 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 29 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 30 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 31 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 32 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 33 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 34 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 35 FrontEndPlusV1andV2.zip

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 36 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 37 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 38 PasswordVault.jar

Reversing and Patching Java Bytecode Java Bytecode Reversing and Patching Exercise 39 PasswordVault.jar

Reversing and Patching Java Bytecode Byte Code Engineering Library (BCEL)  BCEL provides a convenient way to analyze, create, and manipulate Java Bytecode (Java *.class files). BCEL  Perform static analysis, dynamic create, or transform Java bytecode.  High level of abstraction of the Java class file format relieves the programmer from internal details of the Java class file format.  BCEL is used in projects such as compilers, optimizers, obfuscators, code generators and analysis tools. Development activity has been low over the past few years.  The ASM project on objectweb is an alternative.ASM project 40

Reversing and Patching Java Bytecode Byte Code Engineering Library (BCEL) API BCEL API  The BCEL API abstracts the Java Virtual Machine and reading and writing binary Java class files. The API consists mainly of three parts: JavaClass A package that may be used to read and write class files from or to a file. The main data structure is JavaClass.  Usage: analyze Java classes without having the source files at hand. JavaClassMethod A package to dynamically generate or modify JavaClass or Method objects.  Usage: insert analysis code, strip information, implement a code generator back-end of a Java compiler. Various code examples and utilities such as a class file viewer. 41

42 [BCEL Manual]BCEL Manual Java Class File Format

43JavaClass [BCEL Manual]BCEL Manual

44ClassGen [BCEL Manual]BCEL Manual

Reversing and Patching Java Bytecode Byte Code Engineering Library (BCEL) API 45 BCEL demo

46

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.