Remote Dynamic Blackbox Java App Analysis
Java Bytecode Debugging and Dynamic Instrumentation Through Eclipse
Run whatever code you want inside of a blackbox java jar
On the device running the jar file, you will need to make sure that your local JVM supports debugging.
You can check by running the application with either of the two commands below:
java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=1234 <Application.jar>
java -agentlib:jdwp=transport=dt_socket,server=y,address=1234,suspend=y <Application.jar>
If your JVM does not support debugging, you will see an error message similar to below:
$ java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=1234 <Application.jar>
Unrecognized option: -xDebug
The default JVM may not support the xDebug flag, however there may be multiple JVMs installed on the device. Reading the jvm.cfg file located at the java install will show which JVMs are available.
$ cat /usr/lib/jvm/default-java/jre/lib/amd64/jvm.cfg
# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
...
# and may not be available in a future release.
#
-server KNOWN
-client IGNORE
-zero KNOWN
-dcevm KNOWN
#Adding the server JVM flag will force java to call the server JVM
java -server -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=1234 <Application.jar>
Further, if there are folders in your JRE lib folder with other JVMs, you can safely add those JVMs to the JVM.cfg
#client and server are folders that can be added as known JVMs to the jvm.cfg file
ls /home/user/test/jdk1.8.0_181/jre/lib/arm/
client libhprof.so libjpeg.so libnpt.so
jli libinstrument.so libjsdt.so libresource.so
jvm.cfg libj2gss.so libjsig.so libsaproc.so
libattach.so libj2pcsc.so libjsoundalsa.so libsctp.so
libawt_headless.so libj2pkcs11.so libjsound.so libsplashscreen.so
libawt.so libjaas_unix.so libkcms.so libsunec.so
libawt_xawt.so libjava_crw_demo.so liblcms.so libt2k.so
libbci.so libjava.so libmanagement.so libunpack.so
libdcpr.so libjawt.so libmlib_image.so libverify.so
libdt_socket.so libjdwp.so libnet.so libzip.so
libfontmanager.so libjfr.so libnio.so server
Navigate to: Help -> Eclipse Marketplace
Search for "bytecode visualizer" and install Dr. Garbage's Bytecode Visualizer
Once Eclipse restarts, close the Welcome tab, and in the menu bar go to File → New → Java Project. Specify any project name you like and press the Next button:
In the Java Settings window, click the Libraries tab. In the Libraries tab, press the Add External JARs button and select the JAR file you want to debug, thereby adding it to the Java project’s build path:
In the Package Explorer tab, expand your project’s Referenced Libraries to find your JAR file. Right-click on the class you want to debug and select Open with Bytecode Visualizer:
Set breakpoints
With the JAR’s code now visible in Bytecode Visualizer, you can set breakpoints by double-clicking on the vertical gray bar to the left of the disassembled Java code:
Create a debug configuration and put in the server's IP and port information.
Open the "Display" view in eclipse. Window -> Show View
Once a breakpoint has been triggered or a thread has been suspended, code can be written into the Display frame and selected to run inside the suspended thread given the current context of the thread.
