Breaking Bits
  • What this gitbook is
  • Vulnerability Discovery
    • Reverse Engineering
      • Modern Vulnerability Research Techniques on Embedded Systems
      • Remote Dynamic Blackbox Java App Analysis
    • Emulation
      • QEMU Usermode Tracing
      • Building QEMU on Ubuntu
    • Fuzzing with AFL
    • Automated Vulnerability Discovery
      • Buffer Overflows
      • Analyzing Functions
    • Automatic Exploit Generation
      • Automatic Rop Chain Generation
  • CTF
  • Battelle Shmoocon 2024
    • Time Jump Planner
  • Spaceheros CTF 2022
    • RE: Shai-Hulud
  • UMDCTF 2020
    • UMDCTF 2020: Evil Santa's Mysterious Box of Treats
  • UMDCTF 2022
    • Tracestory
  • Spaceheroes CTF 2023
    • Everything-is-wrong
  • US CyberGames RE-Cruise 4
  • Firmware Emulator
  • Interactive Firmware Emulator Usage
  • Recreating CVE-2015-1187 in the DIR-820L
  • Exploit Development
    • Linux kernel exploit development
      • Setup
      • Interacting with Kernel Modules
      • Kernel stack cookies
      • Kernel Address Space Layout Randomization (KALSR)
      • Supervisor mode execution protection (SMEP)
      • Kernel page table isolation (KPTI)
      • Supervisor Mode Access Prevention (SMAP)
Powered by GitBook
On this page
  • Server side setup
  • Find supported JVM
  • Identify supported JVM
  • Client Side Setup
  • Installation
  • Project Creation
  • Debug Setup
  • Running code

Was this helpful?

  1. Vulnerability Discovery
  2. Reverse Engineering

Remote Dynamic Blackbox Java App Analysis

Java Bytecode Debugging and Dynamic Instrumentation Through Eclipse

PreviousModern Vulnerability Research Techniques on Embedded SystemsNextEmulation

Last updated 6 years ago

Was this helpful?

Run whatever code you want inside of a blackbox java jar

Server side setup

Find supported JVM

On the device running the jar file, you will need to make sure that your local JVM supports debugging.

You can check by running the application with either of the two commands below:

java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=1234 <Application.jar>
java -agentlib:jdwp=transport=dt_socket,server=y,address=1234,suspend=y <Application.jar>

If your JVM does not support debugging, you will see an error message similar to below:

$ java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=1234 <Application.jar>
Unrecognized option: -xDebug

JVMs like do not support the -xDebug flag

Identify supported JVM

The default JVM may not support the xDebug flag, however there may be multiple JVMs installed on the device. Reading the jvm.cfg file located at the java install will show which JVMs are available.

$ cat /usr/lib/jvm/default-java/jre/lib/amd64/jvm.cfg
# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
...
# and may not be available in a future release.
#
-server KNOWN
-client IGNORE
-zero KNOWN
-dcevm KNOWN
#Adding the server JVM flag will force java to call the server JVM
java -server -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=1234 <Application.jar>

Further, if there are folders in your JRE lib folder with other JVMs, you can safely add those JVMs to the JVM.cfg

#client and server are folders that can be added as known JVMs to the jvm.cfg file
ls /home/user/test/jdk1.8.0_181/jre/lib/arm/
client              libhprof.so          libjpeg.so        libnpt.so
jli                 libinstrument.so     libjsdt.so        libresource.so
jvm.cfg             libj2gss.so          libjsig.so        libsaproc.so
libattach.so        libj2pcsc.so         libjsoundalsa.so  libsctp.so
libawt_headless.so  libj2pkcs11.so       libjsound.so      libsplashscreen.so
libawt.so           libjaas_unix.so      libkcms.so        libsunec.so
libawt_xawt.so      libjava_crw_demo.so  liblcms.so        libt2k.so
libbci.so           libjava.so           libmanagement.so  libunpack.so
libdcpr.so          libjawt.so           libmlib_image.so  libverify.so
libdt_socket.so     libjdwp.so           libnet.so         libzip.so
libfontmanager.so   libjfr.so            libnio.so         server

Client Side Setup

Installation

Navigate to: Help -> Eclipse Marketplace

Search for "bytecode visualizer" and install Dr. Garbage's Bytecode Visualizer

Project Creation

Once Eclipse restarts, close the Welcome tab, and in the menu bar go to File → New → Java Project. Specify any project name you like and press the Next button:

In the Java Settings window, click the Libraries tab. In the Libraries tab, press the Add External JARs button and select the JAR file you want to debug, thereby adding it to the Java project’s build path:

In the Package Explorer tab, expand your project’s Referenced Libraries to find your JAR file. Right-click on the class you want to debug and select Open with Bytecode Visualizer:

Set breakpoints

With the JAR’s code now visible in Bytecode Visualizer, you can set breakpoints by double-clicking on the vertical gray bar to the left of the disassembled Java code:

Debug Setup

Create a debug configuration and put in the server's IP and port information.

Running code

Open the "Display" view in eclipse. Window -> Show View

Once a breakpoint has been triggered or a thread has been suspended, code can be written into the Display frame and selected to run inside the suspended thread given the current context of the thread.

References

is required for the plugin required to debug these applications.

Install and the plugin.

This portion taken directly from

JAMVM
Eclipse 4.3
bytecode visualizer
Eclipse Kepler
Bytecode Visualizer
crowdstrike
https://www.crowdstrike.com/blog/native-java-bytecode-debugging-without-source-code/