![]() ![]() To call this method, the constant pool needs 6 entries:Ī utf8_info string “bar” – the method name Ī utf8_info string “()V” – the type info for the method (this one is no arguments, and void return type)Ī NameAndType_info linking the above name and typeĪ utf8_info string “Foo” – the name of the classĪ methodref_info linking the class_info and NameAndType_info – Foo/bar()V When the bytecode in a class calls a method in Java, it uses a reference to the method in the Constant Pool.įor example, we have a class Foo, with a method bar: It is important to have a basic understanding of the basic layout of a Java class file, in addition to compiled code, a class file contains a section known as the Constant Pool, which is a list of references to classes, methods, strings and other data types. Now that we know that our code changes will be used by the game, we can work on actually doing something useful. Open the console and type some gibberish, notice no “Unknown command” message. Verify that the file was replaced correctly by opening the jar file in an archive tool. Make a directory called class in the temp directory where the Jar file resides and copy bf.class into it. To put bf.class back into the Jar file, use Java’s JAR command from a command prompt: NOTE: Jar files are case sensitive, but windows is not, which causes problems. Now we need to put the class back into the Jar container. If you go to the same section of code in Ida, you will now see:Ĭool. Open up bf.class in a hex editor and replace each byte between the two offsets with 0×00. Now highlight the final invokevirtual line and notice the offset of the last byte (28AB). In Ida, highlight the first getstatic line and switch to hex view, note the file offset (2892). So theoretically, if we replace the above code with lots of NOPS we will remove the console print out without breaking the rest of the program. In Java bytecode, NOP is 0×00 (it is 0×90 in x86 asm). This is where the game prints the “Unknown command: x” to the console.Īs with x86 machine code, Java bytecode has a NOP instruction, which is a byte that tells the virtual machine to do nothing (No Operation). Invokevirtual java/io/PrintStream.println(Ljava/lang/String )V Invokevirtual java/lang/StringBuilder.toString()Ljava/lang/String Invokevirtual java/lang/StringBuilder.append(Ljava/lang/String )Ljava/lan\ Invokespecial java/lang/StringBuilder.()V Getstatic java/lang/System.out Ljava/io/PrintStream ![]() Search for Unknown in ida pro, and you will land here: ![]() To do this, we will remove the final else of the if.elseif to remove the message that appears when a command is not recognised. If it’s not obvious, this peice of code checks the console input and calls appropriate functions based on what is typed.įirst off, we will prove that we can modify the bytecode and have the game still run. We are interested in the huge if.elseif section at around line 190 in Java Decompiler. Decompile it with Java Decompiler and disassemble it with Ida. This contains the compiled, obfuscated Java class files.Įxtract the bf.class file, this is the file that contains the console related code. Once you have found this file, have a look inside, particular the class folder. You are looking for the one with wurm_banner.jpg, among other things. If you open it in your archive program of choice (it is a JAR) you will see the game client files. On windows 7, the Java client gets downloaded to somewhere in C:\Users\yourname\AppData\LocalLow\Sun\Java\Deployment\cache\Ĭheck each of these folders until you find an file named something like 51d43a93-5922d81c that is around 1.1mb. The first task is to locate the jar file containing the game client. We are not interested in these files, we are interested in to game client, which gets shoved in your Java temporary directory. Wurm online is a JNLP app, so you run the JNLP file and it will download the client, storing its graphics and sound assets in the folder you choose. We will look at a simple example which will inject code into the games console, allowing us to intercept commands typed and call our own Java code.įirst. This tutorial is aimed at the free Java mmorpg Wurm Online. This brief tutorial will (hopefully) introduce you to a method of Java code injection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |