Monday, 23 July 2012

Aim:

To learn how to use the decompiler in reverse engineering.

Input:

You are given a simple crackme (Java .class file)

Tools:

Tutorial:

  1. Lets first run the given crackme file (SimplePasswordCheck.class) and see what happens:

2. If we type "john" as password, it results in "ACESS DENIED" that means the password "john" is wrong.

3. Open the class file ( SimplePasswordCheck.class) in jd-gui decompiler. You will see the following decompiled code:

import java.io.DataInputStream;
import java.io.PrintStream;

class SimplePasswordCheck
{
  public static void main(String[] paramArrayOfString)
    throws Exception
  {
    DataInputStream localDataInputStream = new DataInputStream(System.in);
    String str1 = "shubham";

    System.out.println("\nPlease enter your password: ");
    String str2 = localDataInputStream.readLine();

    if (str2.equals(str1))
    {
      System.out.println("\nACCESS GRANTED :-) ");
    }
    else
    {
      System.out.println("\nACCESS DENIED :-( ");
    }
  }
}

4. The string "shubham" is assigned to String variable 'str1' and the input password is taken in String variable 'str2'.

 5. There is a simple if-else check to compare if 'str1' and 'str2' are equal that means the string "shubham" is a hardcoded password !!

6. So we have fished out the hardcoded password from the decompiled code of the class file. Lets try this fished password to check if it works:

Conclusion:

This tutorial covered how to fish out the password from a class file by using a decompiler. However such technique of using only decompilation is not feasible in complex(obfuscated) programs. In such a case you may need to use other techniques like patching the actual and appropriate bytecode in the class file by studying the check/validation process at a more granular level.

The purpose of this tutorial was to make you understand the use of decompiler in reverse engineering, understand the scope of finding hardcoded password.

However, in the 'Java Reverse Engineering Tutorial#3' , we will reverse engineer this very same crackme with a different approach - Java bytecode patching. This will clear the significance of using both the techniques.

Notes:

In case you are unable to run the given .class file crackme, you can compile for yourself the sourcefile(SimplePasswordCheck.java) for this tutorial.

Downloads:

0 comments:

Post a Comment