Questions tagged [java]
Java is an object-oriented language and runtime environment (JRE). Java programs are platform independent, because they are compiled to bytecode and their execution is handled by a Virtual Machine called the Java VM or JVM.
186 questions
0
votes
0
answers
82
views
How to retrieve specific instructions from an app's source code
I decompiled the code of an Android app. I'd like to find the portion of code that forces the user to update when a new version is detected. This is, however, complicated due to the significant amount ...
- 101
0
votes
0
answers
68
views
Ghidra assembling the wrong jump address
I am trying to change a JC instruction to a JMP instruction, but keep the same jump address. When I tried using the assemble function in ghidra.app.plugin.assembler.AssemblyBuffer it kept changing the ...
- 1
1
vote
0
answers
79
views
Reconstructing Source Code for a scratch-built GIS system
I have a new client who wants to move their GIS platform support to a new vendor. The only problem is the outgoing vendor of 15 years does not want to release the source code. My client made a ...
- 11
0
votes
0
answers
40
views
how to ignore get level in priority command
I want to receive offer without priority and i want to ignore my level for that
.method public final getLevel()I
.registers 2
.line 1
iget v0, p0, Lcom/snappbox/offering/common/domain/...
0
votes
2
answers
160
views
Minecraft EXE client
im quite new in this theme and im looking for a way how to extract .jar file from exe file ( upd. its graalvm native image ). If i open this exe as archive (7zip) i can see only .rdata and others ( ...
- 1
1
vote
0
answers
123
views
How to configure Ghidra Memory Map use Script API?
How to configure "Memory Map" for RAM image use Ghidra Script API? For example, here is Memory layout created by python script:
.text start: 0x80004000
.text end: 0x8079e4d0
.text length: ...
- 235
1
vote
2
answers
147
views
How to find what are all the third party apps used in an android app manually by decompiling an apk
How to find all the Third Party Libraries (TPLs) used in an android app after de-compiling apk using jadx? I have looked at this answer but this is too vague.
I can use tools such as Libradar etc. but ...
- 13
0
votes
0
answers
58
views
Stuck on trying to understanding local TCP communication for a smart home app
I am trying to write a Home Assistant integration to control smart lights and other smart devices from a certain manufacturer locally (it is a local manufacturer who have their own app which is not ...
0
votes
0
answers
103
views
Make a reverse engineering for dead app
Hi,there is an app (Voip Recorder & Screen Recorder)the developer stopped updating the app from 3 years, and it's the only app in the world could record the screen with internal sound likes ...
1
vote
1
answer
149
views
Get the jar from exe4j executable
I've read this question and it is not a duplicate to mine. I have a .exe file which has different contents inside when opened with 7zip. However let's say I know that it uses EXE4J, how can I ...
1
vote
1
answer
592
views
Convert string to byte array in frida js script
I am having an issue with a JavaScript script to be executed in Frida. In this case, I am intercepting an input from a function where I receive an array of bytes. I need to convert this array to a ...
- 11
2
votes
1
answer
224
views
How to hook RuntimeException to prevent crashes?
I tried to find out how RuntimeException works internally in cs.android.com so I can understand how to prevent crashes but didn't find anything useful and I have no clue how to analyze components-...
- 137
1
vote
0
answers
190
views
Frida: how to hook a synthetic class
When reverse engineering an APK I came across a class that was marked synthetic.
I have used JADX decompiler. The simplified result I got was:
package com;
public final class zz6 extends B implements ...
0
votes
1
answer
351
views
Modifying a single .class file in an obfuscated JAR
i am trying to modify a jar that is partly obfuscated (and what i want to modify is in this part).
I can use Recaf, it will decompile it well and I can save modifications and export program without ...
1
vote
1
answer
645
views
Frida Android how to change value of array passed to method
Let's assume we have a such code snippet:
public class Test {
public void testArrayValue() {
Object[] objects = new Object[1];
fillObject(objects);
Log.d("test", (String)...
- 13
0
votes
0
answers
563
views
How does the Easy Victory cheat get data from another app in real time?
Easy Victory was developed in Java for Android
I was very curious about how Easy Victory takes data from the game's balls and billiard cue force/velocity to calculate trajectories
This is not a mod ...
1
vote
1
answer
322
views
Removing Ghidra auto-generated labels and create function. Overlapping namespace error
I am attempting to write a script to parse a function table containing structs that look like this:
struct func_table_entry {
void (* func)(void *);
byte unknown1;
byte unknown2;
byte ...
- 11
0
votes
0
answers
193
views
How can I find which JNI library implements a java native method at runtime for Android applications?
I am doing security research, my target application includes some JNI libraries which implements some native java methods I am interested in. This app is obfuscated, I can't directly find the library ...
- 101
2
votes
0
answers
228
views
APK / Decrypting [closed]
I'm new to Reverse Engineering, so I apologize if something is wrong.
There is a free program that requires a license key, which can no longer be bought and obtained. I'm trying to write a KeyGen or ...
- 21
5
votes
1
answer
274
views
Debug problem with Ghidra 3rd party language
I want to reverse engineer some 65816 code using Ghidra. Unfortunately the third-party 65816 language is broken. No problem, I can fix it myself. However, looking at the Ghidra error gives me no clue ...
- 193
3
votes
0
answers
110
views
Java Byte Code Debugger
I'm trying to reverse a highly obfuscated program written in java. None of the deobfuscators seem to work so I have been poking at it in eclipse. I can attach to a running process and have figured ...
- 131
2
votes
0
answers
119
views
Java bytecode dynamic analysis
I've been trying to patch a certain functionality of a jar file, that's essentially a GUI app. I've tried numerous java agents -as it seems to be the only viable option for java- for such a task, ...
- 21
3
votes
0
answers
277
views
How do I log a string in smali without its obfuscated function?
I'm reversing engineering an app and after analyzing with man-in-the-middle, I find that it obfuscates its messages to the server so it looks like a gibberish.
String stc = ("msg=" + ...
2
votes
0
answers
1k
views
frida cant cast string array to java.lang.object
i have a java method i am trying to call manually
public static native Object a(int i, int i2, long j, String str, Object obj);
the last parameter is a string list casted to java.lang.object the way ...
- 191
2
votes
1
answer
273
views
Automatic deobfuscation of Java class/method/parameter names with access to old non obfuscated sources
I am currently trying to de-obfuscate a Java program (i.e. find each class name and namespace, each method name and each method parameter name).
To do so, I started by using Enigma (the fork from ...
- 123
1
vote
0
answers
162
views
Where can I find the hashing algorithm in source code?
When I submit login credentials in an Android Application it POSTs an encrypted string to an API endpoint.
For example, if I enter the following email & pass :
"[email protected]:abc"
it ...
- 11
1
vote
1
answer
240
views
How to set a breakpoint in android's openssl library in running android application?
I'm debugging an obfuscated android application. I use Android Studio's debugger. I attach it remotely to my physical device via adb. I can set a breakpoint in the app smali code, but when I try to ...
- 113
0
votes
1
answer
2k
views
frida returning wrong overload of android method
im trying to hook the C6494a method has 2 parameters the ge6 object and a activity object whenever i try to hook this method with a hook overload that contains both ge6 and the activity object frida ...
- 191
1
vote
0
answers
77
views
Mod Coder Pack for minecraft 1.8.8 failed to decompile
I tried to decompile minecraft 1.8.8 using MCP918 and I have an error that I cannot fix.
Here are the logs:
https://zerobin.net/?07c9671c16bc4011#g6co8FZc8RJkkQiPb6pu65HixcEORkWZGN8qHPXkHew=
Some ...
- 11
2
votes
1
answer
2k
views
[Ghidra]How to set global variable type?
I have created a script in Java and I have a structure type as a string name which I want to set at given global variable which I have the Address of.
However I can't seem to find a way to do this - ...
- 505
1
vote
1
answer
114
views
How to utilize `FillOutStructureCmd`?
Basically I'm extending the CreateStructure.java plugin so it iterates all functions and tries to automatically create structures on all variables.
It looks something like this:
public class ...
- 505
2
votes
0
answers
411
views
Where can I find the encryption algorithm for this POST request in an Android APP?
I have an Android app for which I need to mock an API call outside of that environment. I successfully killed the certificate pinning on this app with Frida in order to access the URL and more, but ...
- 29
0
votes
1
answer
664
views
Decompile obfuscated jar file
Tried java-deobfuscator and other things, detect said it was allatori protected so tried the relevant transformers but to no avail.
Please can someone help, I'm happy to tip for your help :)
https://...
1
vote
1
answer
2k
views
Where can I find the encryption algorithm in source code?
When I submit a Customer Reference ID in an Android Application it POSTs an encrypted string to an API endpoint.
For example, if I enter the following CR ID :
"SR-54585482"
it POSTs the ...
- 13
0
votes
1
answer
375
views
SQLite access from Ghidra script
I would like to access an SQLite database from within a Java Ghidra script. However, if I include the line import java.sql.*; in the script, Ghidra gives the error > Unable to locate script class:. ...
- 101
0
votes
0
answers
239
views
What is this CRC32 algorithm (written in C), and how can it be written in Java or Python?
I've been trying to convert this CRC32 algorithm to Java or Python, but I haven't been successful, I believe it's because I'm not familiar enough with c.
Note that I believe DAT_804818d0 is the seed, ...
- 101
5
votes
0
answers
614
views
Patching Jar File (2022)
Currently reversing a .jar program recreationally, and I understand the workflow proposed here:
https://www.netspi.com/blog/technical/thick-application-penetration-testing/patching-java-executables-...
- 51
4
votes
1
answer
484
views
Determine if exe is written using Java
I'm examining my Windows programs to determine which ones are written in Java, and if so, whether they import a log4j library affected by the log4shell vulnerability.
Programs that are packaged as JAR ...
- 141
0
votes
1
answer
896
views
Ghidra: Iterating over function's codeUnits returns only 1st instruction
public void run() throws Exception {
var cp = currentProgram;
var nsSymbols = ghidra.app.util.NamespaceUtils.getSymbols("myNameSpace", cp);
var glNS = nsSymbols.get(0)...
- 141
0
votes
0
answers
590
views
How to deobfuscate Java application
Hi i am unable to deobfuscate the Advanced String Obfuscation Jar on tryHackMe
I tried
dumping the classes using a dumper javaagent
deobfuscate the jar with java-deobfuscator
threadtear functions
...
1
vote
1
answer
151
views
Java Malware Dollar Sign
I am analyzing a mobile malware sample and got a trouble. When i put sample in JADX, i see some dollar sign. I mean like this;
What does these dollar signs means?
- 11
1
vote
0
answers
53
views
Capturing created and deleted files from a Java file
I am new to the malware analysis field but I do have an issue, a file I am working on creates 2 vbs files, reads from them and deletes them, this all happens in around 2 seconds. Also this is a Java ...
0
votes
0
answers
340
views
Checksum verification of an apk does not the same as my java program
I'm from the sysadmin side of the IT and have not much experience in programing.
I have an app that lets me screen share Android apps on my car's display.
Sadly there is a whitelist baked into the app,...
1
vote
0
answers
143
views
Is this native code possible for further static analysis?
I was trying to reverse engineer a native lib code in an android app. the .so contains many functions. But the function sUQWWyTBEs() was referred in the Java code. I was curious how this function ...
- 309
-1
votes
1
answer
197
views
what do these assembly code doing?
I tried to reverse engineer an apk app, and it was loading a native code. I have observed that the app was using the native code like this
public static String v = sUQWWyTBEs().toString().substring(32,...
- 309
1
vote
0
answers
238
views
What tools can be appropriate to reverse engineer a (open-source) java program?
I am very new reverse engineering, and have the below mentioned tasks to achieve on a open source program called Apache Ant. What (preferably free) tools can be appropriate to achieve these. I have ...
- 111
0
votes
0
answers
167
views
How do I decode or decompile this class It seems codes are encrypted?
I've used JD-Gui, Luyten and other couple of Java Decompilers but it's not working what is the problem in here? Thanks! It's A Mod (Minecraft) and I'm porting into different versions.
Code:
public ...
2
votes
1
answer
2k
views
How to decompile heavily obfuscated classes mixed with Arabic/Chinese/Korean characters?
I recently downloaded a jar file and was curious to see if it was malicious, so I ran it through FernFlower and it wasn't able to deobfuscate it. When I unzipped the jar, I looked inside it and saw ...
1
vote
1
answer
271
views
Java Help Understanding RSA Encrypt/Decrypt file and SD card
I was directed this way from the main superuser site:
I have zero experience with Java or Android apps (I have coding experience in C) and tried reverse engineering a [now defunct/unsupported] app ...
- 11
3
votes
2
answers
2k
views
Frida reading files is slow
I need to read a file around 2 MB into a byte array.
var fis = Java.use("java.io.FileInputStream");
var file = fis.$new("/data/local/file.txt");
var fileBytes = new Uint8Array(file....
- 176