Hello Community,
I have been trying to hack this java application for quite a while now, but I've run out of ideas, and the lack of resources online is quite shocking. I know a bit of hacking and a bit of Java.
To give some information about the structure: There is a JavaApplicationStub that gets everything started and a folder full of jars that I assume it uses in the process. I haven't done any analysis on the JavaApplicationStub, only on the .jar files contained in the folder.
What I've tried so far:
1) I first snooped around the decompiled .jar code and added some lines to log the info I'm looking for -> .jar are signed through some external signer, so the recompiled code didn't run because the hash didn't check out. I don't think I'm ready yet to power on my quantum computer and crack the RSA it is signed with.
2) Running Java snoop and intercepting a function call -> Can't run it on my computer bc it's outdated, and I doubt it works with newer java
3) After snooping around even more, found some "Java serialization data, version 5" files that hold the information I'm looking for. -> Since it's serialized, the raw file looks like gibberish, haven't tried deserializing it, but I'm sure there is some security measure as well.
4) Mitmproxy -> All info is transferred through HTTPS, but it somehow detects that I'm using a proxy and doesn't connect
Ideas on how to proceed but seem tedious: Explore the JavaApplicationStub and maybe turn off the jarsigner? Explore the source code and figure out how it detects my proxy and possibly find a way around it?
If someone could point me in the right direction, refer me to resources or even be so kind to help me it be very appreciated.
Lastly, why does hacking Java seem dead, is it that secure or that easy or am I just dumb and approaching it the wrong way?
[link] [comments]
from hacking: security in practice https://ift.tt/3cDEzBA
Comments
Post a Comment