Col-E
commented
8 months ago I would like to have the class file to debug the problem. I don't want to implement heavy-handed restrictions for classes that are valid.
Closed Kawanaao closed 6 months ago
Col-E
commented
8 months ago I would like to have the class file to debug the problem. I don't want to implement heavy-handed restrictions for classes that are valid.
notiska
commented
7 months ago @Kawanaao what Java version are you using to run this class? I cannot get the JVM to parse it properly.
c01dc0ffee
commented
7 months ago I don't have a lot of time to look at this yet, but I'm guessing a custom ClassLoader is used to parse it. Seems like every UTF-8 string in the constant pool beginning with forge is set to be seven bytes too large. Some other clever manipulation is done to string lengths, I didn't catch it all.
The constant pool also defines strings of interest:
KawanaaoLdev/xdark/iras/api/antitamper/RECrash;Oh, great observation about the pattern. I ditched the class after noticing the incorrectly reported sizes. This is of course beyond the scope of cafedude so perhaps this issue should be closed @Col-E?
c01dc0ffee
commented
7 months ago The invalid string length is definitely out of scope, but I'm curious how @Kawanaao got that far. Maybe the bug raised in the first post is in-scope. Then again, the relevant anti-RE author is a semi-frequent contributor to this repo. Someone should reach out to them and ask ;)
Today I tried to deobfuscate a class using the library manually, as well as using RecafX4, all the errors indicated a lack of memory, while investigating in the library I found this stack frame
the class file itself is working and can be launched