Skip to content

Instantly share code, notes, and snippets.

@deeso

deeso/Basic Java Reversing with Radare

Created January 26, 2014 07:39
Show Gist options
  • Save deeso/8629732 to your computer and use it in GitHub Desktop.
Save deeso/8629732 to your computer and use it in GitHub Desktop.
Download ZIP
r2 session demonstrating basic Java analysis features.
Raw
Basic Java Reversing with Radare
r2 malloc://4096
-- duck my sick!
[0x00000000]> e asm.comments=false
[0x00000000]> e asm.cmtflgrefs=false
[0x00000000]> e asm.xrefs=false
[0x00000000]> wx cafebabe00000033001707000201001b7261646172655f746573745f63617365732f6368616c6c656e67650700040100106a6176612f6c616e672f4f626a6563740100063c696e69743e010003282956010004436f64650a000300090c0005000601000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301001d4c7261646172655f746573745f63617365732f6368616c6c656e67653b01001573696d706c655f636173655f73746d745f3476616c01000328294901000169010001490100016a0100016b01000d537461636b4d61705461626c6501000a536f7572636546696c6501000e6368616c6c656e67652e6a617661002100010003000000000002000100050006000100070000002f00010001000000052ab70008b100000002000a00000006000100000003000b0000000c000100000005000c000d00000008000e000f00010007000000c10002000300000048033b033ca7003c1a08703d1caa0000000000003200000000000000030000002000000026000000320000002c840202a70011840203a7000b840209a70005033c1a100aa1ffc41bac00000003000a0000002a000a000000050004000600070007000b0008002c00090032000a0038000b003e000c004000060046000f000b0000002000030002004600100011000000040044001200110001000b00350013001100020014000000110006fd00070101fc002401050505fa000100010015000000020016
[0x00000000]> ib;if;
file malloc://4096
type JAVA CLASS
pic false
has_va false
root class
class 0x3300 0x0000
lang java
arch java
bits 32
machine Java VM
os any
subsys any
endian little
strip false
static false
linenum true
lsyms true
relocs false
rpath NONE
type JAVA CLASS
os any
arch Java VM
bits 32
endian little
file malloc://4096
fd 14570176
size 0x1000
mode r--
block 0x100
uri malloc://4096
[0x0000016a]> s sym.java_lang_Object._init_; pd 3;
;-- sym.java_lang_Object._init_:
0x0000012d 2a aload_0
0x0000012e b70008 invokespecial java/lang/Object/<init>()V
0x00000000(0x0)
0x00000131 b1 return
[0x0000012d]> s sym.radare_test_cases_challenge.simple_case_stmt_4val; pd 28
;-- sym.radare_test_cases_challenge.simple_case_stmt_4val:
0x0000016a 03 iconst_0
0x0000016b 3b istore_0
0x0000016c 03 iconst_0
0x0000016d 3c istore_1
,=< 0x0000016e a7003c goto 0x01aa
.-----> 0x00000171 1a iload_0
| | 0x00000172 08 iconst_5
| | 0x00000173 70 irem
| | 0x00000174 3d istore_2
| | 0x00000175 1c iload_2
| | 0x00000176 aa000000000. tableswitch default: 0x01a8
| | 0x00000186 00000020 case 0: goto 0x0196
| | 0x0000018a 00000026 case 1: goto 0x019c
| | 0x0000018e 00000032 case 2: goto 0x01a8
| | 0x00000192 0000002c case 3: goto 0x01a2
| | 0x00000196 840202 iinc 2 2
| ,==< 0x00000199 a70011 goto 0x01aa
| || 0x0000019c 840203 iinc 2 3
| ,===< 0x0000019f a7000b goto 0x01aa
| ||| 0x000001a2 840209 iinc 2 9
|,====< 0x000001a5 a70005 goto 0x01aa
||||| 0x000001a8 03 iconst_0
||||| 0x000001a9 3c istore_1
|````-> 0x000001aa 1a iload_0
| 0x000001ab 100a bipush 10
`=====< 0x000001ad a1ffc4 if_icmplt 0x0171
0x000001b0 1b iload_1
0x000001b1 ac ireturn
[0x0000016a]> s 0xa00
[0x00000a00]> wx cafebabe0000003300180700020100177261646172655f746573745f63617365732f6c6f6f70730700040100106a6176612f6c616e672f4f626a6563740100063c696e69743e010003282956010004436f64650a000300090c0005000601000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100194c7261646172655f746573745f63617365732f6c6f6f70733b01000f73696d706c655f666f725f6c6f6f7001000328294201000169010001490100016a0100016b01000d537461636b4d61705461626c6501001c73696d706c655f666f725f6c6f6f705f6d756c74695f72657475726e01000a536f7572636546696c6501000a6c6f6f70732e6a617661002100010003000000000003000100050006000100070000002f00010001000000052ab70008b100000002000a00000006000100000003000b0000000c000100000005000c000d00000008000e000f000100070000006c0002000300000017033d033b043d10643ca700068400011a1ba1fffb1c91ac00000003000a0000000e000300000006000200080014000b000b000000200003000400130010001100000009000e001200110001000200150013001100020014000000090002fe000c0101010200080015000f0001000700000095000200030000002b033d033b043d10643ca7001a1c1a823d1c1100ffa000061c91ac1c1100ff703d8400011a1ba1ffe71c91ac00000003000a0000002200080000000e00020010000c00110010001300170014001a00150020001000280018000b00000020000300040027001000110000000900220012001100010002002900130011000200140000000a0003fe000c0101010d0800010016000000020017
[0x00000a00]> ib;af;pdf
/ (fcn) sym.radare_test_cases_challenge.simple_case_stmt_4val 72
| 0x0000016a 03 iconst_0
| 0x0000016b 3b istore_0
| 0x0000016c 03 iconst_0
| 0x0000016d 3c istore_1
| 0x0000016e a7003c goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x00000171 1a iload_0
| 0x00000172 08 iconst_5
| 0x00000173 70 irem
| 0x00000174 3d istore_2
| 0x00000175 1c iload_2
| 0x00000176 aa000000000. tableswitch default: 0x01a8
| 0x00000186 00000020 case 0: goto 0x0196
| 0x0000018a 00000026 case 1: goto 0x019c
| 0x0000018e 00000032 case 2: goto 0x01a8
| 0x00000192 0000002c case 3: goto 0x01a2
| 0x00000196 840202 iinc 2 2
| 0x00000199 a70011 goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x0000019c 840203 iinc 2 3
| 0x0000019f a7000b goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x000001a2 840209 iinc 2 9
| 0x000001a5 a70005 goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x000001a8 03 iconst_0
| 0x000001a9 3c istore_1
| 0x000001aa 1a iload_0
| 0x000001ab 100a bipush 10
| 0x000001ad a1ffc4 if_icmplt 0x0171
| 0x000001b0 1b iload_1
\ 0x000001b1 ac ireturn
[0x0000016a]> s sym.radare_test_cases_challenge.simple_case_stmt_4val; pdf
/ (fcn) sym.radare_test_cases_challenge.simple_case_stmt_4val 72
| 0x0000016a 03 iconst_0
| 0x0000016b 3b istore_0
| 0x0000016c 03 iconst_0
| 0x0000016d 3c istore_1
| 0x0000016e a7003c goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x00000171 1a iload_0
| 0x00000172 08 iconst_5
| 0x00000173 70 irem
| 0x00000174 3d istore_2
| 0x00000175 1c iload_2
| 0x00000176 aa000000000. tableswitch default: 0x01a8
| 0x00000186 00000020 case 0: goto 0x0196
| 0x0000018a 00000026 case 1: goto 0x019c
| 0x0000018e 00000032 case 2: goto 0x01a8
| 0x00000192 0000002c case 3: goto 0x01a2
| 0x00000196 840202 iinc 2 2
| 0x00000199 a70011 goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x0000019c 840203 iinc 2 3
| 0x0000019f a7000b goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x000001a2 840209 iinc 2 9
| 0x000001a5 a70005 goto 0x01aa ; (sym.radare_test_cases_challenge.simple_case_stmt_4val)
| 0x000001a8 03 iconst_0
| 0x000001a9 3c istore_1
| 0x000001aa 1a iload_0
| 0x000001ab 100a bipush 10
| 0x000001ad a1ffc4 if_icmplt 0x0171
| 0x000001b0 1b iload_1
\ 0x000001b1 ac ireturn
[0x0000016a]> a!pc
import radare_test_cases.challenge;
import java.lang.Object;
class radare_test_cases/challenge { // @0x0000
// Methods defined in the class
public void <init>(); // @0x0117
static int simple_case_stmt_4val(); // @0x0154
}
[0x0000016a]> a!pm
public void <init>(); // @0x0117
static int simple_case_stmt_4val(); // @0x0154
[0x0000016a]> a!pi
import radare_test_cases.challenge;
import java.lang.Object;
[0x0000016a]> a!pm
public void <init>(); // @0x0117
static int simple_case_stmt_4val(); // @0x0154
[0x0000016a]> ic
class 0 = radare_test_cases/challenge
super = java/lang/Object
[0x0000016a]> iz
addr=0x00000000 off=0x0000000d ordinal=002 sz=27 section=constant_pool string=radare_test_cases_challenge
addr=0x00000000 off=0x0000002e ordinal=004 sz=16 section=constant_pool string=java_lang_Object
addr=0x00000000 off=0x00000041 ordinal=005 sz=6 section=constant_pool string=_init_
addr=0x00000000 off=0x0000004a ordinal=006 sz=3 section=constant_pool string=__V
addr=0x00000000 off=0x00000050 ordinal=007 sz=4 section=constant_pool string=Code
addr=0x00000000 off=0x00000061 ordinal=010 sz=15 section=constant_pool string=LineNumberTable
addr=0x00000000 off=0x00000073 ordinal=011 sz=18 section=constant_pool string=LocalVariableTable
addr=0x00000000 off=0x00000088 ordinal=012 sz=4 section=constant_pool string=this
addr=0x00000000 off=0x0000008f ordinal=013 sz=29 section=constant_pool string=Lradare_test_cases_challenge_
addr=0x00000000 off=0x000000af ordinal=014 sz=21 section=constant_pool string=simple_case_stmt_4val
addr=0x00000000 off=0x000000c7 ordinal=015 sz=3 section=constant_pool string=__I
addr=0x00000000 off=0x000000cd ordinal=016 sz=1 section=constant_pool string=i
addr=0x00000000 off=0x000000d1 ordinal=017 sz=1 section=constant_pool string=I
addr=0x00000000 off=0x000000d5 ordinal=018 sz=1 section=constant_pool string=j
addr=0x00000000 off=0x000000d9 ordinal=019 sz=1 section=constant_pool string=k
addr=0x00000000 off=0x000000dd ordinal=020 sz=13 section=constant_pool string=StackMapTable
addr=0x00000000 off=0x000000ed ordinal=021 sz=10 section=constant_pool string=SourceFile
addr=0x00000000 off=0x000000fa ordinal=022 sz=14 section=constant_pool string=challenge.java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment