java journal & pyresso: a python-based framework for debugging java
TRANSCRIPT
![Page 1: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/1.jpg)
![Page 2: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/2.jpg)
People still use Java?
![Page 3: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/3.jpg)
![Page 4: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/4.jpg)
CFR
FernFlower
JD-GUI
Krakatau
Procyon
![Page 5: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/5.jpg)
IiiIIIIIiI("kq/#;n!+\u0005\u001d\u001e\u0001\u0019oing09SU_Y^un\u0012\u00004!\u0010\u0004\u0003\u0013lj\b\u0010\u0013ac`um"));iIIiiIIiii(".\u0012V|QgKCw3B3[`F3bfP_{p22\u001c&\u0007tdItT0|qC3@`M{\u001230\u0001t1yD|Gm8\u0000>\u000f1\u0001J:w\u001e=\u001c!Gb\t=<EDe\u001dsCb_w\u001dq|_<vGv`\u001dC@\\bv@Gk\\Xz\\\u0018%\u0017(\u001ftKz\f1"));IiiIIIIIiI("R'\"\u001e\u001d#n\u0002\b\u001f\u00078'3yw}urhm"));iIIiiIIiii("\rtV}Z1"));IiiIIIIIiI("nWNk%\u0011\u0014S8npqszm90*8(ic0'3m"));iIIiiIIiii("20\u00115[AfPvV.PlI!")+Server.settings.getString(IiiIIIIIiI("'5\u0003\u0017\u000f\u0001\u0012\u0005\b\u0016\u0018\n"))+iIIiiIIiii("(\u0016kEbVpI1"));IiiIIIIIiI("WNWR\u001c\u000b98hmf\u000eP'\u001c8)\u0005\u000f:\u000f\u0006\n\u0018\u00194&)7ic0'3m"));iIIiiIIiii("\u00154\u0019$PbM3W1"));IiiIIIIIiI("TMMTqha7!>2,m")+Server.settings.getString(iIIiiIIiii("sJtOofnaoWUn4_zG"))+IiiIIIIIiI("tr7!>2,m"));iIIiiIIiii("?Tu\u00132\u0013.`FA{]u\r?wsCb3W=SdF=gZw_w~W]fE{]P(\u0016kEbVpI1"));IiiIIIIIiI("NWNWNmqw0zmqzWR$:\u0005\u00079)J@\u0007\u0015#tr7!>2,m"));iIIiiIIiii("0\u0011)\b\u00154\u0005kEbVpI1")+iIiIIiIiiI2.getAbsolutePath()+IiiIIIIIiI("tr7!>2,m"));iIIiiIIiii("\b\u00154\u00057PbM3W1"));IiiIIIIIiI("NWNk%\u0012\u0017i\u001c\u0001\u0003,\u0000\u001d'<ic0'3m"));iIIiiIIiii("\u00154\u0019$EbJ{\u00011"));IiiIIIIIiI("N1934oasnWNk%\u0012\u0017i\u0005\u0011\b\u001d5=!+!ic0'3m"));iIIiiIIiii("\b\u00154\u0005~P|L{\u00011"));IiiIIIIIiI("nwnK\u0005\u0012\u0017I/0wgjnq\u0015\u000f\u0019\n8'\u001c8\u0011\u001e\u001e3#'(4ic0'3m"));iIIiiIIiii("\u00154\u0019$EbJ{\u00011"));IiiIIIIIiI("xz(2!>m"));iIIiiIIiii("\u00057A|VmZ1"));
![Page 6: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/6.jpg)
Recompile & Debug Create Deobfuscator Dynamic Tracing
![Page 7: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/7.jpg)
Capturing Java method calls
![Page 8: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/8.jpg)
1 Lightweight, extensible, well-documented
2 Doesn’t require user to write Java code
3 Cross-platform & works with latest JVM
4 Captures method args and return values
5 Can begin trace at very first instruction
6 Doesn’t transform target’s bytecode
![Page 9: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/9.jpg)
BTrace
Bytecode Visualizer
Chronon
Greys
InTrace
Java VisualVM
JavaSnoop
JSwat Debugger
Limpid Log
MaintainJ
MethodTracer
…
![Page 10: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/10.jpg)
Built from the ground up
![Page 11: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/11.jpg)
![Page 12: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/12.jpg)
Bluescreen in 3… 2…
![Page 13: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/13.jpg)
public class HelloWorld{
public static void main(String[] args){
System.out.println("Hello, World");}
}
![Page 14: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/14.jpg)
![Page 15: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/15.jpg)
package org.jsocket.b;...public abstract class iIIiiIIiii {
...public static String IIIiIiJSocket(String iIiIIiIiiI) {
int n;
StackTraceElement stackTraceElement = new Exception().getStackTrace()[1];
String string = new StringBuffer(stackTraceElement.getClassName()).append(stackTraceElement.getMethodName()).toString();int n2 = iIiIIiIiiI.length();int n3 = n2 - 1;char[] arrc = new char[n2];int n4 = 5 << 4 ^ 5 << 1;int n5 = (2 ^ 5) << 4 ^ (2 << 2 ^ 3);int n6 = n = string.length() - 1;String string2 = string;while (n3 >= 0) {
int n7 = n3--;arrc[n7] = (char)(n5 ^ (iIiIIiIiiI.charAt(n7) ^ string2.charAt(n)));if (n3 < 0) {
return new String(arrc);}char c = arrc[v3080] = (char)(n4 ^ (iIiIIiIiiI.charAt(n3--) ^ string2.charAt(n)));if (--n < 0) {
n = n6;}int n8 = n3;
}return new String(arrc);
}}
![Page 16: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/16.jpg)
C:\>javajournal.py -jar adwind.jar -include org.jsocket.b.*org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("Jb\")^ "TLS"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("∟}aU<X`]pYVf<@Va⌂D{KPg▬sTi◄zBc")^ "/org/jsocket/resources/key.dll"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("Ez\")^ "win"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("}@m]s^w")^ "OS_NAME"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("e_DsAw")^ "VMWARE"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("^Z|Fj")^ "LINUX"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("⌂Rq")^ "MAC"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("Ba]T`R⌂U[_w@:K%←")^ "ProgramFiles(X86)"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("o]aSp^vne{aFFs⌂p\j3uFw@f3sWvZfz]}A")^ "\Oracle\VirtualBox Guest Additions"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("bA}wChEs}U}B8g&↑&")^ "ProgramFiles(X86)"org.jsocket.b.iIIiiIIiii.IIIiIiJSocket("oD^ER`um_eBuK}◄DPqB|")^ "\VMware\VMware Tools"
![Page 17: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/17.jpg)
Just give me the code already
![Page 18: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/18.jpg)
GPL source code and documentation for JavaJournal and pyspresso: https://github.com/CrowdStrike/pyspresso https://pypi.python.org/pypi/pyspresso
pyspresso is still in alpha
Future work Inspection of method arguments in opaque frames for native methods (see Pstack) Improved object abstraction Automatic attaching to child processes GUI with extended capture information (see Rohitab’s API Monitor)
![Page 19: Java Journal & Pyresso: A Python-Based Framework for Debugging Java](https://reader034.vdocuments.mx/reader034/viewer/2022042517/587743991a28ab342e8b75fb/html5/thumbnails/19.jpg)
Hecklers be heckling