From: Stephen de Vries (stephen@corsaire.com)
Date: Sat Dec 04 2004 - 14:36:18 EST
Hi George,
Decompiling and then recompiling java byte code without the original
source is not as simple as it seems! You did not mention in your post
which Java decompiler you're using? From the error messages, it looks
like it could be JAD...?
My personal experience with java decompilers is that they cannot
reliably produce compilable (never mind workable) java source code -
but this is highly dependent on the complexity of the code you're
trying to decompile. See:
http://catamaran.labs.cs.uu.nl/twiki/pt/bin/view/Transform/
JavaDecompilers for many resources on java decompilers - and also a
comparative test.
You may find that if you're decompiling a set of java classes, that
some decompile and recompile without any problems while others cause
the decompiler to spit out unusable java code. Since the COMPAS tool
only needs a single point to hook into the java code, you may have more
success if you only decompile 1 or 2 classes that you know work
properly - then insert the COMPASS "hook" and recompile. Leave the
complex classes as they are and then repackage all the classes into the
new app.
The alternative (and better solution IMO) is to request the source code
from your client. This saves valuable time in mucking about with flaky
decompilers which could be better spent in looking at real security
issues. Once you have the source - you might not even need the COMPASS
tool - you could write your own front end!
Hope this helps,
Regards,
Stephen
On Dec 3, 2004, at 9:00 AM, George Fekkas wrote:
> Hi Pen-Testers
>
> I am performing a code injection into JAVA classes. I am working with
> the Java Object Inspector Tool (COMPASS). I injected the desirable code
> in order to inspect JAVA objects. However, when I am trying to
> recompile
> the classes then the following errors are occurred. I have already
> checked all the "imports" for the right paths and all seems to be
> correct.
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:89: ';' expected
>
> JVM INSTR monitorenter ;
>
> ^
>
> C:\Documents and
>
> Settings\Administrator\Desktop\HackClasses\*****.java:112:not a
> statement
>
> class1;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:113:
>
> ';' expected
>
> JVM INSTR monitorexit ;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:116: not a
> statement exception;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:87: u ndefined
> label: MISSING_BLOCK_LABEL_247
>
> break MISSING_BLOCK_LABEL_247;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:89: c annot
> resolve symbol symbol : class JVM
>
> location: class com.edi.commerce.********
>
> JVM INSTR monitorenter ;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:91: u ndefined
> label: MISSING_BLOCK_LABEL_237
>
> break MISSING_BLOCK_LABEL_237;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:113:cannot
> resolve
> symbol
>
> symbol : class JVM
>
> location: class com.edi.commerce.*********
>
> JVM INSTR monitorexit ;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:114:
>
> undefined label: MISSING_BLOCK_LABEL_247
>
> break MISSING_BLOCK_LABEL_247;
>
> ^
>
> However, the recompilation was succeeded by comment out the lines in
> the
> source code (Decompile Java Classes).
>
> //if(_type !=3D null)
>
> // break MISSING_BLOCK_LABEL_247;
>
> //Class class1 =3D org.omg.CORBA.TypeCode.class;
>
> //JVM INSTR monitorenter;
>
> //if(_type !=3D null)
>
> // break MISSING_BLOCK_LABEL_237;
>
> //class1;
>
> //JVM INSTR monitorexit;
>
> //break MISSING_BLOCK_LABEL_247;
>
> Is this a big problem? If it is what can I do in order to avoid these
> errors?
>
> Thank you for your time.
>
>
>
> ******************************************************************
> Any views expressed in this message are those of the
> individual sender, except where the sender specifically
> states them to be the views of ENCODE S.A.
> ******************************************************************
>
>
----------------------------------------------------------------------
CONFIDENTIALITY: This e-mail and any files transmitted with it are
confidential and intended solely for the use of the recipient(s) only.
Any review, retransmission, dissemination or other use of, or taking
any action in reliance upon this information by persons or entities
other than the intended recipient(s) is prohibited. If you have
received this e-mail in error please notify the sender immediately
and destroy the material whether stored on a computer or otherwise.
----------------------------------------------------------------------
DISCLAIMER: Any views or opinions presented within this e-mail are
solely those of the author and do not necessarily represent those
of Corsaire Limited, unless otherwise specifically stated.
----------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:09 EDT