Professional Documents
Culture Documents
Reversing J2ME Applications
Reversing J2ME Applications
Reversing J2ME Applications
by funtikar
=====================================================
INTRODUCTION
---------------------------------------------------------------------------------------------------------
--Info!
J2me apps are just zip file containing codes(class files) and resources( images,audio,text files etc).
++HEXADECIMALS++
Let me explain a little bit about Hexadecimals first..
I will first explain about Bits... Bits are the smallest form of data.. one bit could represent
1 or 0 . The binary number system uses this as its number so a binary system only contains
1 and 0. 8 digits from a binary number system forms a Byte ,for example 0100 0111 is considered
as 1 Byte. 0100 0111 in the form of bytes is 47, whilst 47 is actually in the hexadecimal number
system..Guess what ?
hexadecimal numbers can be converted to decimal numbers ! yes !! the one we use
everyday.. which is 0 until 9...
1
This means
0100 0111 47 71
There are ways to manually convert these type of numbers but I wont explain them..By the way,
the Windows Calculator can do it for you..
++CODES++
-Codes are instruction to be excecuted by a computer/machine
..The codes used in java are compiled in the form of CLASS files in a specific format
..CLASS file are nothing but bits/bytes of data but when fed to the Java Virtual Machine it
becomes instructions/code for the JavaVirtualMachine to be excecuted..
..This means that the CLASS files can be viewed in hexadecimal form,this can be achieved by
using a hex-editor... Almost each of the bytes in the CLASS file represents a bytecode..
e.g
B2 00 0E 12 10 B6 00 16 B1
2
return //equals B1
B2 is the opcode for getstatic whereas the 00 0E are just arguments or in this case locations to
be fed to the opcode.. As you can see..The others are just like that except return cause it
doesn't need arguments
IMPORTANT NOTE!!
for jumps such as ifne ifeq the arguments are not as in displayed.
++CODES:stacks++
Learn about at:
http://en.wikibooks.org/wiki/Java_Programming/Byte_Code
**Since there aren't any debugger I found for java like OllyDbg for .exe's.. I think it's really
hard for beginner to understand stacks if they dont have any experience before ,
on debugging .exe's. I think beginners might think what are stack?whydo they exist?
because even in high level language dont do a lot with stacks**..
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Stacks are like papers you put in a box.. You put it in and you take it out . It uses the LIFO
principal which is Last In First Out
for example :
Lets say in this example the push command store a value on top of the stack and the pop
command takes the most top value on the stack and put it in a variable
:lin1
push "qwerty" After the instruction has been excecuted from |"dvorak"|
push "dvorak" lin1 to lin2 the result in visualization is this--> |"qwerty"|.
3
:lin2
pop man When the excecution reaches lin3 the variable man would contain "dvorak"
:lin3 and left with |"qwerty"|.
pop goo And after it reaches lin4 the variable pop will have "qwerty" and the
:lin4 stack will be empty.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++Resources++
-Resources are things like images,audio,text files, and other things that are not CLASS files..
--Info
-The codes/intstruction are excecuted from top to bottom unless "jumped" or redirected with
opcode like IFNE,GOTO,IF_ICMPEQ,RETURN and some others...
===================
I dont know if you are getting confused by this :)
===================
=======================================================
Reversing J2ME apps or should I say Java 2 Mobile Environment applications
--------------------------------------------------------------
Target: crackmef1.jar
Description:Its created by me
Firstly run the target which is crackmef1.jar with SJboy emulator. There should be a prompt
with Enter Registration.. and a button on which says Register!.. Enter anything
random and press the Register! button then you would see that the code was
5
not correct as it says "Nope that was not the code!". So we know that this is
the badboy message. This time we are going to use patching to make
the app show the goodboy message.
_2. EXTRACTION
Now we are going to extract the class file in this jar file using winrar. Right-click the file
and select "Extract files...". Winrar will then extract the content into a folder
named crackmef1. In real applications there would be lots of class files inside
it but to make it easier I only made one class file.
Now copy the JAD program into the folder and start the Command Prompt.
I placed the folder in
C:\crackmef1. So CHange Directory to that folder and type : "jad -a -s one.txt hehu.class" then
after that type "jad -a -s two.txt hehu.class" . Now there should be two text file generated.
The first one would be the one with the Java source only and the second(two) would be with
Java and disassembler code with it.
Open up hehu.one.txt with notepad and browse around it,try to read it..
You should see at the bottom
if("JavaLang".equalsIgnoreCase(texbux.getString()))
showFatalAlert("funtikar", "Hehe You have cracked this stupid thing. ofcourse this crackme is totally for newbies");
6
else
showFatalAlert("funtikar", "Nope that was not the code!");
this thing means that if the string in the text box is equal to "JavaLang" ignoring the
case then show alert "Hehe You have cracked this stupid thing. ofcourse this
crackme is totally for newbies" or if something else happens it will show us the
alert "Nope that was not the code!".
if("JavaLang".equalsIgnoreCase(texbux.getString()))
//* 0 0:ldc1 #92 <String "JavaLang">
//* 1 2:aload_0
//* 2 3:getfield #31 <Field TextBox texbux>
//* 3 6:invokevirtual #96 <Method String TextBox.getString()>
//* 4 9:invokevirtual #102 <Method boolean String.equalsIgnoreCase(String)>
//* 5 12:ifeq 26
showFatalAlert("funtikar", "Hehe You have cracked this stupid thing. ofcourse this crackme is totally for
newbies");
// 6 15:aload_0
// 7 16:ldc1 #104 <String "funtikar">
// 8 18:ldc1 #106 <String "Hehe You have cracked this stupid thing. ofcourse this crackme is totally for
newbies">
// 9 20:invokevirtual #108 <Method void showFatalAlert(String, String)>
else
//* 10 23:goto 34
showFatalAlert("funtikar", "Nope that was not the code!");
// 11 26:aload_0
// 12 27:ldc1 #104 <String "funtikar">
// 13 29:ldc1 #110 <String "Nope that was not the code!">
// 14 31:invokevirtual #108 <Method void showFatalAlert(String, String)>
// 15 34:return
Its the same thing but with the JAVA Disassembler code
As you can see the invokevirtual <Method boolean String.equalsIgnoreCase(String)> is
called and if the string were equal it would store a value on the stack if the string
7
were not equal it will push zero then the ifeq 26 will jump to :26 thus showing
us the badboy alert.
**The ifeq is also actually an 'if zero' and ifne is actually 'if not zero'. The "zero" it is
referring to is actually the value on stack. you have to imagine this to work this out**
If we change this ifeq 26 to ifne 26 then it would show the goodboy alert when given
any registration code except the real registration code..In hex the opcode
ifeq 26 is 99 00 xx so we need to change it to 9A 00 xx .So open up the original hehu.class
with HexWorkshop or any other hexeditor and search for the
bytes 99 00(make sure its the right place) and replace it with 9A 00. This thing has
been patched. Now update the jar file with this newly patch class file
just drag the class file onto the jar file then winrar will do that for you..
Then to test that this app has been patch successfully, run it on the sjboy emulator..
Try finding other ways to do this..
__REFERENCES
Primer on Reversing Symbian S60 Applications by Shub-Nigurrath / ArTeam
Notes on reversing and cracking Java target_Part1 until Part 3 by ThunderPwr / ArTeam
Reversing Java Programs - Part 1 by CodeRipper / SND
WikiPedia
__THE END
Greetings to Shub-Nigurrath / ArTeam, ThunderPwr / ArTeam and CodeRipper / SND.
I would like to thanks you guys so much for creating such brilliant tutorials
This is one of my first tutorial and I've only done it in a short amount of time .
So the quality isn't that great ,sorry. Excuse me for my english and
8
mistakes that I may have not noticed
funtikar(a)google mail
Comments and suggestion are welcome...