BACKGROUND
There is a heavily obfuscated online applet with encyption (referred to as applet), there is a program (referred to as program) that reads and modifies the online applet for hacking purposes far more obfuscated than the applet, and then there is me.

In a nutshell: applet's main class defines custom ClassLoader which decrypts a file in the jar then loads the classes. The jar file varies for certain IP ranges, but the patterns of bytecode remain similar. The hacking program modifies the ClassLoader and injects code (interfaces, methods, getters) so that it can read the data via "normal" Java (without reflection or fuzzy stuff) such as an interfaceInstance.getGameData();

Then me. I can decrpyt and deobfuscate the online applet, change the classes as they are loaded and get pieces of the game data. However, I don't have the time to map out the rest of the game data (I have approximately 70 out of 210). I've tried to and failed multiple times to inject my own code into the program, but I get some insane errors such as ClassCirculatoryError because of its heavy obfuscation and who-knows what else. My decision: hack the hacker's hack.

PROBLEM
Given that I have access to the modified java.lang.Class objects within the applet without the original bytecode, is there any way possible to revert it back to bytecode. No access to anything useful except the unmodified byte arrays, but I am looking at the injected methods and interfaces.

The only solution I came up with is to download the Sun JVM source code, have a method called dumpClasses() (in C++). In that method, it would go through all of the modified classes and methods and print out the byte data as it is, modified and all. Doing this however, would force me to familiarize myself with the JVM and the loading and execution of bytecode and the whole lot.

Forum rules: Do provide evidence of having done some work yourself if posting questions from school or work assignments

Peter is right. If you have no code or shown no effort in solving your question, we will not show an effort in doing your work or at least assisting... Assistance is the most you may get really.

I think we are being too hard on OP here. He clearly has put a lot of thought into this problem, ans is now asking for more ideas.
I would be more worried about whether this is intended to circumvent someone's attempt at DRM, and therefore violates DaniWeb rules.

Edited 3 Years Ago by JamesCherrill

Peter: this is a leisure time project that I have already put on many man hours in.
Michael: all I'm asking for is exactly that...a little assistance

James: I'm not disabling features or pirating the material. Rather, I'm using the Reflection API to access some information about the applet. Last time I checked, reflection is allowed :p

Update: to make it slightly clearer, I already have it working, but with a Java Agent and ClassFileTransformer. I'm just looking for a new way to reconstruct the byte array from only the Class object without Java Agents.

This article has been dead for over six months. Start a new discussion instead.