Example 1 with PluginConsole
use of the.bytecode.club.bytecodeviewer.api.PluginConsole in project bytecode-viewer by Konloch.
the class MaliciousCodeScanner method execute.
@Override
public void execute(ArrayList<ClassNode> classNodeList) {
PluginConsole frame = new PluginConsole("Malicious Code Scanner");
StringBuilder sb = new StringBuilder();
for (ClassNode classNode : classNodeList) {
for (Object o : classNode.fields.toArray()) {
FieldNode f = (FieldNode) o;
Object v = f.value;
if (v instanceof String) {
String s = (String) v;
if ((LWW && s.contains("www.")) || (LHT && s.contains("http://")) || (LHS && s.contains("https://")) || (ORE && s.contains("java/lang/Runtime")) || (ORE && s.contains("java.lang.Runtime")) || (ROB && s.contains("java.awt.Robot")) || (ROB && s.contains("java/awt/Robot")) || (LIP && s.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")))
sb.append("Found LDC \"" + s + "\" at field " + classNode.name + "." + f.name + "(" + f.desc + ")" + BytecodeViewer.nl);
}
if (v instanceof String[]) {
for (int i = 0; i < ((String[]) v).length; i++) {
String s = ((String[]) v)[i];
if ((LWW && s.contains("www.")) || (LHT && s.contains("http://")) || (LHS && s.contains("https://")) || (ORE && s.contains("java/lang/Runtime")) || (ORE && s.contains("java.lang.Runtime")) || (ROB && s.contains("java.awt.Robot")) || (ROB && s.contains("java/awt/Robot")) || (LIP && s.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")))
sb.append("Found LDC \"" + s + "\" at field " + classNode.name + "." + f.name + "(" + f.desc + ")" + BytecodeViewer.nl);
}
}
}
boolean prevInsn_aconst_null = false;
for (Object o : classNode.methods.toArray()) {
MethodNode m = (MethodNode) o;
InsnList iList = m.instructions;
for (AbstractInsnNode a : iList.toArray()) {
if (a instanceof MethodInsnNode) {
final MethodInsnNode min = (MethodInsnNode) a;
if ((ORE && min.owner.startsWith("java/lang/reflect")) || (ONE && min.owner.startsWith("java/net")) || (ORU && min.owner.equals("java/lang/Runtime")) || (ROB && min.owner.equals("java/awt/Robot")) || (OIO && min.owner.startsWith("java/io"))) {
sb.append("Found Method call to " + min.owner + "." + min.name + "(" + min.desc + ") at " + classNode.name + "." + m.name + "(" + m.desc + ")" + BytecodeViewer.nl);
}
}
if (a instanceof LdcInsnNode) {
if (((LdcInsnNode) a).cst instanceof String) {
final String s = (String) ((LdcInsnNode) a).cst;
if ((LWW && s.contains("www.")) || (LHT && s.contains("http://")) || (LHS && s.contains("https://")) || (ORE && s.contains("java/lang/Runtime")) || (ORE && s.contains("java.lang.Runtime")) || (ROB && s.contains("java.awt.Robot")) || (ROB && s.contains("java/awt/Robot")) || (LIP && s.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b"))) {
sb.append("Found LDC \"" + s + "\" at method " + classNode.name + "." + m.name + "(" + m.desc + ")" + BytecodeViewer.nl);
}
}
}
// Check if the security manager is getting set to null
if ((a instanceof InsnNode) && (a.opcode() == Opcodes.ACONST_NULL)) {
prevInsn_aconst_null = true;
} else if ((a instanceof MethodInsnNode) && (a.opcode() == Opcodes.INVOKESTATIC)) {
final String owner = ((MethodInsnNode) a).owner;
final String name = ((MethodInsnNode) a).name;
if ((NSM && prevInsn_aconst_null && owner.equals("java/lang/System") && name.equals("setSecurityManager"))) {
sb.append("Found Security Manager set to null at method " + classNode.name + "." + m.name + "(" + m.desc + ")" + BytecodeViewer.nl);
prevInsn_aconst_null = false;
}
} else {
prevInsn_aconst_null = false;
}
}
}
}
frame.appendText(sb.toString());
frame.setVisible(true);
}
Also used :
PluginConsole(the.bytecode.club.bytecodeviewer.api.PluginConsole)
Example 2 with PluginConsole
use of the.bytecode.club.bytecodeviewer.api.PluginConsole in project bytecode-viewer by Konloch.
the class ShowAllStrings method execute.
@Override
public void execute(final ArrayList<ClassNode> classNodeList) {
final PluginConsole frame = new PluginConsole("Show All Strings");
final AtomicBoolean complete = new AtomicBoolean(false);
final Thread backgroundThread = new Thread() {
public void run() {
try {
for (ClassNode classNode : classNodeList) {
for (Object o : classNode.fields.toArray()) {
FieldNode f = (FieldNode) o;
Object v = f.value;
if (v instanceof String) {
String s = (String) v;
if (!s.isEmpty()) {
frame.appendText(String.format("%s.%s%s -> \"%s\"", classNode.name, f.name, f.desc, s.replaceAll("\\n", "\\\\n").replaceAll("\\r", "\\\\r")));
}
}
if (v instanceof String[]) {
for (int i = 0; i < ((String[]) v).length; i++) {
String s = ((String[]) v)[i];
if (!s.isEmpty()) {
frame.appendText(String.format("%s.%s%s[%s] -> \"%s\"", classNode.name, f.name, f.desc, i, s.replaceAll("\\n", "\\\\n").replaceAll("\\r", "\\\\r")));
}
}
}
}
for (Object o : classNode.methods.toArray()) {
MethodNode m = (MethodNode) o;
InsnList iList = m.instructions;
for (AbstractInsnNode a : iList.toArray()) {
if (a instanceof LdcInsnNode) {
if (((LdcInsnNode) a).cst instanceof String) {
final String s = (String) ((LdcInsnNode) a).cst;
if (!s.isEmpty()) {
frame.appendText(String.format("%s.%s%s -> \"%s\"", classNode.name, m.name, m.desc, s.replaceAll("\\n", "\\\\n").replaceAll("\\r", "\\\\r")));
}
}
}
}
}
}
} catch (Exception e) {
new ExceptionUI(e, "konloch@gmail.com");
} finally {
complete.set(true);
}
}
};
frame.setVisible(true);
frame.addWindowListener(new WindowListener() {
@Override
public void windowClosing(WindowEvent e) {
backgroundThread.stop();
complete.set(true);
}
@Override
public void windowOpened(WindowEvent e) {
}
@Override
public void windowClosed(WindowEvent e) {
}
@Override
public void windowIconified(WindowEvent e) {
}
@Override
public void windowDeiconified(WindowEvent e) {
}
@Override
public void windowActivated(WindowEvent e) {
}
@Override
public void windowDeactivated(WindowEvent e) {
}
});
backgroundThread.start();
while (!complete.get()) ;
}
Also used :
WindowListener(java.awt.event.WindowListener)
ExceptionUI(the.bytecode.club.bytecodeviewer.api.ExceptionUI)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
WindowEvent(java.awt.event.WindowEvent)
PluginConsole(the.bytecode.club.bytecodeviewer.api.PluginConsole)
Example 3 with PluginConsole
use of the.bytecode.club.bytecodeviewer.api.PluginConsole in project bytecode-viewer by Konloch.
the class ShowMainMethods method execute.
@Override
public void execute(ArrayList<ClassNode> classNodeList) {
PluginConsole frame = new PluginConsole("Show Main Methods");
for (ClassNode classNode : classNodeList) {
for (Object o : classNode.methods.toArray()) {
MethodNode m = (MethodNode) o;
if (m.name.equals("main") && m.desc.equals("([Ljava/lang/String;)V"))
frame.appendText(classNode.name + "." + m.name + "" + m.desc);
}
}
frame.setVisible(true);
}
Also used :
ClassNode(org.objectweb.asm.tree.ClassNode)
MethodNode(org.objectweb.asm.tree.MethodNode)
PluginConsole(the.bytecode.club.bytecodeviewer.api.PluginConsole)
Aggregations
PluginConsole (the.bytecode.club.bytecodeviewer.api.PluginConsole)3
WindowEvent (java.awt.event.WindowEvent)1
WindowListener (java.awt.event.WindowListener)1
AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1
ClassNode (org.objectweb.asm.tree.ClassNode)1
MethodNode (org.objectweb.asm.tree.MethodNode)1
ExceptionUI (the.bytecode.club.bytecodeviewer.api.ExceptionUI)1
