Upload File

binary patching of java classes for fun and profit - jfokus 2011

  • Home
  • Technology
  • Binary patching of Java classes for fun and profit - Jfokus 2011
27

Upload: anton-arhipov

Post on 10-May-2015

2.806 views

Category:

Technology


2 download

Report

Tags:

TRANSCRIPT

Page 1: Binary patching of Java classes for fun and profit - Jfokus 2011
Page 2: Binary patching of Java classes for fun and profit - Jfokus 2011

Binary patching of Java classes for fun

and profitJfokus 2011, Stockholm

Page 3: Binary patching of Java classes for fun and profit - Jfokus 2011

whoami

http://arhipov.blogspot.com@antonarhipov

@javarebel

Anton ArhipovZeroTurnaround

JRebel

http://arhipov.blogspot.com/
Page 4: Binary patching of Java classes for fun and profit - Jfokus 2011

What’s Binary Patching?

1010101010111000101010101010100010001000111011011101011

1010101010111100001010101010100010001000111011011101110

Ninja.class

Ninja.class’

Page 5: Binary patching of Java classes for fun and profit - Jfokus 2011

Why Binary Patching?

MyClass.class

New code:10010100100100101011001010

ClassLoader

MyObject

JRebel agent

Page 6: Binary patching of Java classes for fun and profit - Jfokus 2011

Why Binary Patching?

MyClass.class

New code:10010100100100101011001010

ClassLoader

MyObject

JRebel agent

Fra

mew

ork

Page 7: Binary patching of Java classes for fun and profit - Jfokus 2011

Why Binary Patching?

MyClass.class

New code:10010100100100101011001010

ClassLoader

MyObject

JRebel agent

Configuration(XML,

annotations)

Fra

mew

ork

Page 8: Binary patching of Java classes for fun and profit - Jfokus 2011

How?

Using –javaagent to hook into class loading processUsing bytecode manipulation libraries (e.g. Javassist)

Page 9: Binary patching of Java classes for fun and profit - Jfokus 2011

java.lang.instrumentimport java.lang.instrument.ClassFileTransformer;import java.lang.instrument.Instrumentation;

public class Agent { public static void premain(String args, Instrumentation inst) throws Exception { inst.addTransformer(new ClassFileTransformer { … }); }}

Page 10: Binary patching of Java classes for fun and profit - Jfokus 2011

java.lang.instrumentimport java.lang.instrument.ClassFileTransformer;import java.lang.instrument.Instrumentation;

public class Agent { public static void premain(String args, Instrumentation inst) throws Exception { inst.addTransformer(new ClassFileTransformer { … }); }}

META-INF/MANIFEST.MFAgent-Class: Agent

Page 11: Binary patching of Java classes for fun and profit - Jfokus 2011

java.lang.instrumentimport java.lang.instrument.ClassFileTransformer;import java.lang.instrument.Instrumentation;

public class Agent { public static void premain(String args, Instrumentation inst) throws Exception { inst.addTransformer(new ClassFileTransformer { … }); }}

META-INF/MANIFEST.MFAgent-Class: Agent

java –javaagent:agent.jar …

Page 12: Binary patching of Java classes for fun and profit - Jfokus 2011

java.lang.instrument + Javassist

new ClassFileTransformer() { public byte[] transform(ClassLoader loader, String className, Class<?>classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer){

}}

Page 13: Binary patching of Java classes for fun and profit - Jfokus 2011

java.lang.instrument + Javassist

new ClassFileTransformer() { public byte[] transform(ClassLoader loader, String className, Class<?>classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer){

ClassPool cp = ClassPool.getDefault(); CtClass ct = pool.makeClass(new ByteArrayInputStream(classfileBuffer));

}}

Page 14: Binary patching of Java classes for fun and profit - Jfokus 2011

java.lang.instrument + Javassist

new ClassFileTransformer() { public byte[] transform(ClassLoader loader, String className, Class<?>classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer){

ClassPool cp = ClassPool.getDefault(); CtClass ct = pool.makeClass(new ByteArrayInputStream(classfileBuffer));

transformClass(ct, cp);

}}

Page 15: Binary patching of Java classes for fun and profit - Jfokus 2011

java.lang.instrument + Javassist

new ClassFileTransformer() { public byte[] transform(ClassLoader loader, String className, Class<?>classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer){

ClassPool cp = ClassPool.getDefault(); CtClass ct = pool.makeClass(new ByteArrayInputStream(classfileBuffer));

transformClass(ct, cp);

return ct.toBytecode(); }}

Page 16: Binary patching of Java classes for fun and profit - Jfokus 2011

JRebel SDK

Page 17: Binary patching of Java classes for fun and profit - Jfokus 2011

Javassist + JRebel

cp.importPackage("org.zeroturnaround.javarebel");

Page 18: Binary patching of Java classes for fun and profit - Jfokus 2011

Javassist + JRebel

cp.importPackage("org.zeroturnaround.javarebel");

ct.addInterface( cp.get(ClassEventListener.class.getName()));

Page 19: Binary patching of Java classes for fun and profit - Jfokus 2011

Javassist + JRebel

cp.importPackage("org.zeroturnaround.javarebel");

ct.addInterface( cp.get(ClassEventListener.class.getName()));

ct.addMethod(CtNewMethod.make("public void onClassEvent(int eventType, Class clazz) {"+ "cache.evict();" + "}", ct));

Page 20: Binary patching of Java classes for fun and profit - Jfokus 2011

Javassist + JRebel

CtClass ct = …CtConstructor[] cs = ct.getConstructors();

Page 21: Binary patching of Java classes for fun and profit - Jfokus 2011

Javassist + JRebel

CtClass ct = …CtConstructor[] cs = ct.getConstructors();

for (CtConstructor c : cs) { if (c.callsSuper()) { c.insertAfter("ReloaderFactory.getInstance() .addClassReloadListener($0);"); }}

Page 22: Binary patching of Java classes for fun and profit - Jfokus 2011

Javassist + JRebel

CtClass ct = …

ct.getDeclaredMethod("service").insertBefore( "ReloaderFactory.getInstance() .checkAndReload(Application.class);");

Page 23: Binary patching of Java classes for fun and profit - Jfokus 2011

Integration Highlights

Implement ClassEventListenerRegister listener instance to JRebel

Trigger the re-load event

ReloaderFactory#addClassReloadListener(…);

ReloaderFactory#checkAndReload(…);

Page 24: Binary patching of Java classes for fun and profit - Jfokus 2011

Pros/Cons

Page 25: Binary patching of Java classes for fun and profit - Jfokus 2011

Pros/Cons

Page 26: Binary patching of Java classes for fun and profit - Jfokus 2011

Pros/Cons

Page 27: Binary patching of Java classes for fun and profit - Jfokus 2011

Thx!

Want JRebel free? Come to our booth!


Patching Strategies and Best Practices - Parallel Patching

patching whitepaper.pdf

JFokus 2015 - Hacking the-monolith

less18 Patching

Patching Potholes

Devoteam Group - Jfokus

Play framework 2.0 - Jfokus

Loom: Continuations & Fibers - Jfokus

Kanban Kata - Jfokus

JFokus 2016 - Beyond Lambdas - the Aftermath

Download - Jfokus

Jfokus - Hazlecast

Android Jumpstart Jfokus

Beagleboard xM - Jfokus

Android my Scala @ JFokus 2013

Patching Procedure

Patching a Patch Software Updates Using Horizontal Patching

Beyond The Basics of Patching (Patching 201)

GPU-Disasm: A GPU-based x86 Disassembler · cial operations for malware analysis, binary-level software protections, debugging, and patching, among many other tasks. Faster binary

Jfokus 2012: PaaSing a Java EE Application

Binary patching for fun and profit @ JUG.ru, 25.02.2012

Exadata Patching

Binary Code Patching: An Ancient Art Refined for the 21st Centurymueller/seminar/fall06/Barton... · 2006. 12. 11. · Parsing binary code a bit of a black art. You can get the 80%

Patching 11

PowerPC Binary Patching for Base Station Analysis

Comparing JVM Web Frameworks - Jfokus 2012

Effective Scala @ Jfokus

Jfokus functional groovy

Online Patching

Patching ppt

Biohacking - Jfokus#JFokus #biohacking @per_siko Disclaimer Me: They’re offering free chip implants and I’m thinking about taking one. What do you think? #JFokus #biohacking @per_siko

SharePoint Patching

Bootiful Applications with Spring Boot - Jfokus

[Jfokus] Riding the Jet Streams

ZERT Binary Patching Gil Dabah. ZERT Binary Patching Who Am I? “Israeli programmer and reverse engineering enthusiast Gil Dabah”, eWeek ( 09/22/06 ) “Israeli