Search in sources :

Example 1 with PluginConsole

use of the.bytecode.club.bytecodeviewer.api.PluginConsole in project bytecode-viewer by Konloch.

the class MaliciousCodeScanner method execute.

@Override
public void execute(ArrayList<ClassNode> classNodeList) {
    PluginConsole frame = new PluginConsole("Malicious Code Scanner");
    StringBuilder sb = new StringBuilder();
    for (ClassNode classNode : classNodeList) {
        for (Object o : classNode.fields.toArray()) {
            FieldNode f = (FieldNode) o;
            Object v = f.value;
            if (v instanceof String) {
                String s = (String) v;
                if ((LWW && s.contains("www.")) || (LHT && s.contains("http://")) || (LHS && s.contains("https://")) || (ORE && s.contains("java/lang/Runtime")) || (ORE && s.contains("java.lang.Runtime")) || (ROB && s.contains("java.awt.Robot")) || (ROB && s.contains("java/awt/Robot")) || (LIP && s.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")))
                    sb.append("Found LDC \"" + s + "\" at field " + classNode.name + "." + f.name + "(" + f.desc + ")" + BytecodeViewer.nl);
            }
            if (v instanceof String[]) {
                for (int i = 0; i < ((String[]) v).length; i++) {
                    String s = ((String[]) v)[i];
                    if ((LWW && s.contains("www.")) || (LHT && s.contains("http://")) || (LHS && s.contains("https://")) || (ORE && s.contains("java/lang/Runtime")) || (ORE && s.contains("java.lang.Runtime")) || (ROB && s.contains("java.awt.Robot")) || (ROB && s.contains("java/awt/Robot")) || (LIP && s.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")))
                        sb.append("Found LDC \"" + s + "\" at field " + classNode.name + "." + f.name + "(" + f.desc + ")" + BytecodeViewer.nl);
                }
            }
        }
        boolean prevInsn_aconst_null = false;
        for (Object o : classNode.methods.toArray()) {
            MethodNode m = (MethodNode) o;
            InsnList iList = m.instructions;
            for (AbstractInsnNode a : iList.toArray()) {
                if (a instanceof MethodInsnNode) {
                    final MethodInsnNode min = (MethodInsnNode) a;
                    if ((ORE && min.owner.startsWith("java/lang/reflect")) || (ONE && min.owner.startsWith("java/net")) || (ORU && min.owner.equals("java/lang/Runtime")) || (ROB && min.owner.equals("java/awt/Robot")) || (OIO && min.owner.startsWith("java/io"))) {
                        sb.append("Found Method call to " + min.owner + "." + min.name + "(" + min.desc + ") at " + classNode.name + "." + m.name + "(" + m.desc + ")" + BytecodeViewer.nl);
                    }
                }
                if (a instanceof LdcInsnNode) {
                    if (((LdcInsnNode) a).cst instanceof String) {
                        final String s = (String) ((LdcInsnNode) a).cst;
                        if ((LWW && s.contains("www.")) || (LHT && s.contains("http://")) || (LHS && s.contains("https://")) || (ORE && s.contains("java/lang/Runtime")) || (ORE && s.contains("java.lang.Runtime")) || (ROB && s.contains("java.awt.Robot")) || (ROB && s.contains("java/awt/Robot")) || (LIP && s.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b"))) {
                            sb.append("Found LDC \"" + s + "\" at method " + classNode.name + "." + m.name + "(" + m.desc + ")" + BytecodeViewer.nl);
                        }
                    }
                }
                // Check if the security manager is getting set to null
                if ((a instanceof InsnNode) && (a.opcode() == Opcodes.ACONST_NULL)) {
                    prevInsn_aconst_null = true;
                } else if ((a instanceof MethodInsnNode) && (a.opcode() == Opcodes.INVOKESTATIC)) {
                    final String owner = ((MethodInsnNode) a).owner;
                    final String name = ((MethodInsnNode) a).name;
                    if ((NSM && prevInsn_aconst_null && owner.equals("java/lang/System") && name.equals("setSecurityManager"))) {
                        sb.append("Found Security Manager set to null at method " + classNode.name + "." + m.name + "(" + m.desc + ")" + BytecodeViewer.nl);
                        prevInsn_aconst_null = false;
                    }
                } else {
                    prevInsn_aconst_null = false;
                }
            }
        }
    }
    frame.appendText(sb.toString());
    frame.setVisible(true);
}
Also used : PluginConsole(the.bytecode.club.bytecodeviewer.api.PluginConsole)

Example 2 with PluginConsole

use of the.bytecode.club.bytecodeviewer.api.PluginConsole in project bytecode-viewer by Konloch.

the class ShowAllStrings method execute.

@Override
public void execute(final ArrayList<ClassNode> classNodeList) {
    final PluginConsole frame = new PluginConsole("Show All Strings");
    final AtomicBoolean complete = new AtomicBoolean(false);
    final Thread backgroundThread = new Thread() {

        public void run() {
            try {
                for (ClassNode classNode : classNodeList) {
                    for (Object o : classNode.fields.toArray()) {
                        FieldNode f = (FieldNode) o;
                        Object v = f.value;
                        if (v instanceof String) {
                            String s = (String) v;
                            if (!s.isEmpty()) {
                                frame.appendText(String.format("%s.%s%s -> \"%s\"", classNode.name, f.name, f.desc, s.replaceAll("\\n", "\\\\n").replaceAll("\\r", "\\\\r")));
                            }
                        }
                        if (v instanceof String[]) {
                            for (int i = 0; i < ((String[]) v).length; i++) {
                                String s = ((String[]) v)[i];
                                if (!s.isEmpty()) {
                                    frame.appendText(String.format("%s.%s%s[%s] -> \"%s\"", classNode.name, f.name, f.desc, i, s.replaceAll("\\n", "\\\\n").replaceAll("\\r", "\\\\r")));
                                }
                            }
                        }
                    }
                    for (Object o : classNode.methods.toArray()) {
                        MethodNode m = (MethodNode) o;
                        InsnList iList = m.instructions;
                        for (AbstractInsnNode a : iList.toArray()) {
                            if (a instanceof LdcInsnNode) {
                                if (((LdcInsnNode) a).cst instanceof String) {
                                    final String s = (String) ((LdcInsnNode) a).cst;
                                    if (!s.isEmpty()) {
                                        frame.appendText(String.format("%s.%s%s -> \"%s\"", classNode.name, m.name, m.desc, s.replaceAll("\\n", "\\\\n").replaceAll("\\r", "\\\\r")));
                                    }
                                }
                            }
                        }
                    }
                }
            } catch (Exception e) {
                new ExceptionUI(e, "konloch@gmail.com");
            } finally {
                complete.set(true);
            }
        }
    };
    frame.setVisible(true);
    frame.addWindowListener(new WindowListener() {

        @Override
        public void windowClosing(WindowEvent e) {
            backgroundThread.stop();
            complete.set(true);
        }

        @Override
        public void windowOpened(WindowEvent e) {
        }

        @Override
        public void windowClosed(WindowEvent e) {
        }

        @Override
        public void windowIconified(WindowEvent e) {
        }

        @Override
        public void windowDeiconified(WindowEvent e) {
        }

        @Override
        public void windowActivated(WindowEvent e) {
        }

        @Override
        public void windowDeactivated(WindowEvent e) {
        }
    });
    backgroundThread.start();
    while (!complete.get()) ;
}
Also used : WindowListener(java.awt.event.WindowListener) ExceptionUI(the.bytecode.club.bytecodeviewer.api.ExceptionUI) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) WindowEvent(java.awt.event.WindowEvent) PluginConsole(the.bytecode.club.bytecodeviewer.api.PluginConsole)

Example 3 with PluginConsole

use of the.bytecode.club.bytecodeviewer.api.PluginConsole in project bytecode-viewer by Konloch.

the class ShowMainMethods method execute.

@Override
public void execute(ArrayList<ClassNode> classNodeList) {
    PluginConsole frame = new PluginConsole("Show Main Methods");
    for (ClassNode classNode : classNodeList) {
        for (Object o : classNode.methods.toArray()) {
            MethodNode m = (MethodNode) o;
            if (m.name.equals("main") && m.desc.equals("([Ljava/lang/String;)V"))
                frame.appendText(classNode.name + "." + m.name + "" + m.desc);
        }
    }
    frame.setVisible(true);
}
Also used : ClassNode(org.objectweb.asm.tree.ClassNode) MethodNode(org.objectweb.asm.tree.MethodNode) PluginConsole(the.bytecode.club.bytecodeviewer.api.PluginConsole)

Aggregations

PluginConsole (the.bytecode.club.bytecodeviewer.api.PluginConsole)3 WindowEvent (java.awt.event.WindowEvent)1 WindowListener (java.awt.event.WindowListener)1 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1 ClassNode (org.objectweb.asm.tree.ClassNode)1 MethodNode (org.objectweb.asm.tree.MethodNode)1 ExceptionUI (the.bytecode.club.bytecodeviewer.api.ExceptionUI)1