WebApp Sec mailing list archives

Re: Code Cracking in Java

From: "Suresh Ponnusami" <surya () nsecure net>
Date: Wed, 12 May 2004 18:04:11 +0530

hi chitresh,

Nice approach towards .class files. You can use
the Class Construction Kit (CCK) for editing 
the *.class files. It would have been much easier.
Editing the .class files in hex editor does not 
work all the time. 

Class Construction Kit can do anything you wish on
the .class files.

There are lot more ways to overcome the 
restrictions in .class files, even if it is 
obfuscated / encrypted. 

All said, .class files are very vulnerable 
to attack due to their platform independent nature
and open architecture. (Oops! i might spark a debate
due to this statement!). But sadly, it is true.

Also, read the Java JVM vulnerabilities by LSD Group.

cheers,
Suresh Ponnusami,
Technical Architect,
NSECURE SOFTWARE PVT LIMITED,
INDIA

----- Original Message ----- 
From: Chitresh Sen 
Subject: Code Cracking in Java

Code Cracking in Java

Scope 
[Content Too Long, Removed for Readability]

Current thread:

Code Cracking in Java Chitresh Sen (May 12)
- Re: [security] Code Cracking in Java Allen Firstenberg (May 12)
- RE: Code Cracking in Java Oleg Dubovskoy (May 12)
- Re: Code Cracking in Java Peter Conrad (May 12)
- Re: Code Cracking in Java Rogan Dawes (May 12)
- RE: Code Cracking in Java Don Tuer (May 12)
- <Possible follow-ups>
- Re: Code Cracking in Java Suresh Ponnusami (May 12)
  - Re: Code Cracking in Java Frank O'Dwyer (May 13)
  - Code Cracking in Java (Chitresh ) Chitresh Sen (May 17)
- RE: Code Cracking in Java Maxim Kostioukov (May 13)