Closed Kawanaao closed 6 months ago
I would like to have the class file to debug the problem. I don't want to implement heavy-handed restrictions for classes that are valid.
@Kawanaao what Java version are you using to run this class? I cannot get the JVM to parse it properly.
I don't have a lot of time to look at this yet, but I'm guessing a custom ClassLoader is used to parse it. Seems like every UTF-8 string in the constant pool beginning with forge
is set to be seven bytes too large. Some other clever manipulation is done to string lengths, I didn't catch it all.
The constant pool also defines strings of interest:
Ldev/xdark/iras/api/antitamper/RECrash;
Oh, great observation about the pattern. I ditched the class after noticing the incorrectly reported sizes. This is of course beyond the scope of cafedude so perhaps this issue should be closed @Col-E?
The invalid string length is definitely out of scope, but I'm curious how @Kawanaao got that far. Maybe the bug raised in the first post is in-scope. Then again, the relevant anti-RE author is a semi-frequent contributor to this repo. Someone should reach out to them and ask ;)
Today I tried to deobfuscate a class using the library manually, as well as using RecafX4, all the errors indicated a lack of memory, while investigating in the library I found this stack frame
the class file itself is working and can be launched