Re: JAVA Classes - Recompilation condition errors!!

[Stephen de Vries <stephen () corsaire com>]

Hi George,

Decompiling and then recompiling java byte code without the original  
source is not as simple as it seems!  You did not mention in your post  
which Java decompiler you're using?  From the error messages, it looks  
like it could be JAD...?

My personal experience with java decompilers is that they cannot  
reliably produce compilable (never mind workable) java source code -  
but this is highly dependent on the complexity of the code you're  
trying to decompile.  See:  
http://catamaran.labs.cs.uu.nl/twiki/pt/bin/view/Transform/ 
JavaDecompilers for many resources on java decompilers - and also a  
comparative test.

You may find that if you're decompiling a set of java classes, that  
some decompile and recompile without any problems while others cause  
the decompiler to spit out unusable java code.  Since the COMPAS tool  
only needs a single point to hook into the java code, you may have more  
success if you only decompile 1 or 2 classes that you know work  
properly - then insert the COMPASS "hook" and recompile.    Leave the  
complex classes as they are and then repackage all the classes into the  
new app.

The alternative (and better solution IMO) is to request the source code  
from your client.  This saves valuable time in mucking about with flaky  
decompilers which could be better spent in looking at real security  
issues.  Once you have the source - you might not even need the COMPASS  
tool - you could write your own front end!

Hope this helps,

Regards,
Stephen


On Dec 3, 2004, at 9:00 AM, George Fekkas wrote:

> Hi Pen-Testers
>
> I am performing a code injection into JAVA classes. I am working with
> the Java Object Inspector Tool (COMPASS). I injected the desirable code
> in order to inspect JAVA objects. However, when I am trying to  
> recompile
> the classes then the following errors are occurred. I have already
> checked all the "imports" for the right paths and all seems to be
> correct.
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:89: ';' expected
>
> JVM INSTR monitorenter ;
>
> ^
>
> C:\Documents and
>
> Settings\Administrator\Desktop\HackClasses\*****.java:112:not a
> statement
>
> class1;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:113:
>
> ';' expected
>
> JVM INSTR monitorexit ;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:116: not a
> statement exception;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:87: u ndefined
> label: MISSING_BLOCK_LABEL_247
>
> break MISSING_BLOCK_LABEL_247;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:89: c annot
> resolve symbol symbol : class JVM
>
> location: class com.edi.commerce.********
>
> JVM INSTR monitorenter ;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:91: u ndefined
> label: MISSING_BLOCK_LABEL_237
>
> break MISSING_BLOCK_LABEL_237;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:113:cannot  
> resolve
> symbol
>
> symbol : class JVM
>
> location: class com.edi.commerce.*********
>
> JVM INSTR monitorexit ;
>
> ^
>
> C:\Documents and
> Settings\Administrator\Desktop\HackClasses\*****.java:114:
>
> undefined label: MISSING_BLOCK_LABEL_247
>
> break MISSING_BLOCK_LABEL_247;
>
> ^
>
> However, the recompilation was succeeded by comment out the lines in  
> the
> source code (Decompile Java Classes).
>
>  //if(_type !=3D null)
>
> // break MISSING_BLOCK_LABEL_247;
>
> //Class class1 =3D org.omg.CORBA.TypeCode.class;
>
> //JVM INSTR monitorenter;
>
> //if(_type !=3D null)
>
> // break MISSING_BLOCK_LABEL_237;
>
> //class1;
>
> //JVM INSTR monitorexit;
>
> //break MISSING_BLOCK_LABEL_247;
>
> Is this a big problem? If it is what can I do in order to avoid these
> errors?
>
> Thank you for your time.
>
>
>
> ******************************************************************
> Any views expressed in this message are those of the
> individual sender, except where the sender specifically
> states them to be the views of ENCODE S.A.
> ******************************************************************
 ----------------------------------------------------------------------
 CONFIDENTIALITY: This e-mail and any files transmitted with it are
 confidential and intended solely for the use of the recipient(s) only.
 Any review, retransmission, dissemination or other use of, or taking
 any action in reliance upon this information by persons or entities
 other than the intended recipient(s) is prohibited. If you have
 received this e-mail in error please notify the sender immediately
 and destroy the material whether stored on a computer or otherwise.
 ----------------------------------------------------------------------
 DISCLAIMER: Any views or opinions presented within this e-mail are
 solely those of the author and do not necessarily represent those
 of Corsaire Limited, unless otherwise specifically stated.
 ----------------------------------------------------------------------