java journal & pyresso: a python-based framework for debugging java

People still use Java?

CFR

FernFlower

JD-GUI

Krakatau

Procyon

IiiIIIIIiI("kq/#;n!+\u0005\u001d\u001e\u0001\u0019oing09SU_Y^un\u0012\u00004!\u0010\u0004\u0003\u0013lj\b\u0010\u0013ac`um"));iIIiiIIiii(".\u0012V|QgKCw3B3[`F3bfP_{p22\u001c&\u0007tdItT0|qC3@`M{\u001230\u0001t1yD|Gm8\u0000>\u000f1\u0001J:w\u001e=\u001c!Gb\t=<EDe\u001dsCb_w\u001dq|_<vGv`\u001dC@\\bv@Gk\\Xz\\\u0018%\u0017(\u001ftKz\f1"));IiiIIIIIiI("R'\"\u001e\u001d#n\u0002\b\u001f\u00078'3yw}urhm"));iIIiiIIiii("\rtV}Z1"));IiiIIIIIiI("nWNk%\u0011\u0014S8npqszm90*8(ic0'3m"));iIIiiIIiii("20\u00115[AfPvV.PlI!")+Server.settings.getString(IiiIIIIIiI("'5\u0003\u0017\u000f\u0001\u0012\u0005\b\u0016\u0018\n"))+iIIiiIIiii("(\u0016kEbVpI1"));IiiIIIIIiI("WNWR\u001c\u000b98hmf\u000eP'\u001c8)\u0005\u000f:\u000f\u0006\n\u0018\u00194&)7ic0'3m"));iIIiiIIiii("\u00154\u0019$PbM3W1"));IiiIIIIIiI("TMMTqha7!>2,m")+Server.settings.getString(iIIiiIIiii("sJtOofnaoWUn4_zG"))+IiiIIIIIiI("tr7!>2,m"));iIIiiIIiii("?Tu\u00132\u0013.`FA{]u\r?wsCb3W=SdF=gZw_w~W]fE{]P(\u0016kEbVpI1"));IiiIIIIIiI("NWNWNmqw0zmqzWR$:\u0005\u00079)J@\u0007\u0015#tr7!>2,m"));iIIiiIIiii("0\u0011)\b\u00154\u0005kEbVpI1")+iIiIIiIiiI2.getAbsolutePath()+IiiIIIIIiI("tr7!>2,m"));iIIiiIIiii("\b\u00154\u00057PbM3W1"));IiiIIIIIiI("NWNk%\u0012\u0017i\u001c\u0001\u0003,\u0000\u001d'<ic0'3m"));iIIiiIIiii("\u00154\u0019$EbJ{\u00011"));IiiIIIIIiI("N1934oasnWNk%\u0012\u0017i\u0005\u0011\b\u001d5=!+!ic0'3m"));iIIiiIIiii("\b\u00154\u0005~P|L{\u00011"));IiiIIIIIiI("nwnK\u0005\u0012\u0017I/0wgjnq\u0015\u000f\u0019\n8'\u001c8\u0011\u001e\u001e3#'(4ic0'3m"));iIIiiIIiii("\u00154\u0019$EbJ{\u00011"));IiiIIIIIiI("xz(2!>m"));iIIiiIIiii("\u00057A|VmZ1"));

Recompile & Debug Create Deobfuscator Dynamic Tracing

Capturing Java method calls

1 Lightweight, extensible, well-documented

2 Doesn’t require user to write Java code

3 Cross-platform & works with latest JVM

4 Captures method args and return values

5 Can begin trace at very first instruction

6 Doesn’t transform target’s bytecode

BTrace

Bytecode Visualizer

Chronon

Greys

InTrace

Java VisualVM

JavaSnoop

JSwat Debugger

Limpid Log

MaintainJ

MethodTracer

…

Built from the ground up

Bluescreen in 3… 2…

public class HelloWorld{

public static void main(String[] args){

System.out.println("Hello, World");}

}

package org.jsocket.b;...public abstract class iIIiiIIiii {

...public static String IIIiIiJSocket(String iIiIIiIiiI) {

int n;

StackTraceElement stackTraceElement = new Exception().getStackTrace()[1];

String string = new StringBuffer(stackTraceElement.getClassName()).append(stackTraceElement.getMethodName()).toString();int n2 = iIiIIiIiiI.length();int n3 = n2 - 1;char[] arrc = new char[n2];int n4 = 5 << 4 ^ 5 << 1;int n5 = (2 ^ 5) << 4 ^ (2 << 2 ^ 3);int n6 = n = string.length() - 1;String string2 = string;while (n3 >= 0) {

int n7 = n3--;arrc[n7] = (char)(n5 ^ (iIiIIiIiiI.charAt(n7) ^ string2.charAt(n)));if (n3 < 0) {

return new String(arrc);}char c = arrc[v3080] = (char)(n4 ^ (iIiIIiIiiI.charAt(n3--) ^ string2.charAt(n)));if (--n < 0) {

n = n6;}int n8 = n3;

}return new String(arrc);

}}

C:\>javajournal.py -jar adwind.jar -include org.jsocket.b.*org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("Jb\")^ "TLS"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("∟}aU<X`]pYVf<@Va⌂D{KPg▬sTi◄zBc")^ "/org/jsocket/resources/key.dll"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("Ez\")^ "win"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("}@m]s^w")^ "OS_NAME"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("e_DsAw")^ "VMWARE"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("^Z|Fj")^ "LINUX"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("⌂Rq")^ "MAC"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("Ba]T`R⌂U[_w@:K%←")^ "ProgramFiles(X86)"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("o]aSp^vne{aFFs⌂p\j3uFw@f3sWvZfz]}A")^ "\Oracle\VirtualBox Guest Additions"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("bA}wChEs}U}B8g&↑&")^ "ProgramFiles(X86)"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("oD^ER`um_eBuK}◄DPqB|")^ "\VMware\VMware Tools"

Just give me the code already

GPL source code and documentation for JavaJournal and pyspresso: https://github.com/CrowdStrike/pyspresso https://pypi.python.org/pypi/pyspresso

pyspresso is still in alpha

Future work Inspection of method arguments in opaque frames for native methods (see Pstack) Improved object abstraction Automatic attaching to child processes GUI with extended capture information (see Rohitab’s API Monitor)

Hecklers be heckling