Normally I'm working with firmwares and native code executables, patching small things like constants, jump conditions etc. There I'm using IDA's disassembly to analyse what and where to patch. With Java bytecode I would tend to use the decompiled code from a tool like jd-gui for analysing what to patch. But for actually changing anything I would need a connection between the decompiled code and the bytecode. Is there a tool that can show this
Asked
Active
Viewed 9,991 times
5
-
1I might not understand what you are asking, but isn't JBE or Krakatau is what you are looking for? Also this and this. – Dominik Antal May 14 '15 at 11:17
-
@DominikAntal The last link you gave me explains what I wanted to know.Make this an answer to get your point. – user2011659 May 18 '15 at 14:05
2 Answers
5
- Use JD-GUI to examine the jar file
- Unpack the jar file
jar -xf yourapp.jar
- Modify the .class file with a Java Bytecode Editor
- Repack the modified classes into new archive file
jar -cvf yourapp_patched.jar *.*
Dominik Antal
- 2,038
- 22
- 39
3
For patching, you're usually better off changing things at the bytecode level, since decompilation and compilation are both lossy operations, whereas bytecode patching will always work, even for heavily obfuscated applications. There are a number of tools you can use for this.
As for understanding the connection between source code and bytecode, that's just a matter of practice. I'd recommend starting by reading the JVM specification. Then compile some simple Java examples and take a look at the resulting bytecode. Luckily, Java RE is a lot easier than native code, so you have experience with that, it shouldn't be too hard to learn.
Antimony
- 2,012
- 11
- 16