search

NickstaDB / SerializationDumper

A tool to dump Java serialization streams in a more human readable form.
MIT License
992 stars 125 forks source link

Deserialization Error... #10

Closed Tronix82 closed 4 years ago

Tronix82 commented 4 years ago

java -jar SerializationDumper-v1.11.jar file.bin

Unknown RMI packet type - 0xef STREAM_MAGIC - 0xfe fb Invalid STREAM_MAGIC, should be 0xac ed

NickstaDB commented 4 years ago

Hi @Tronix82, looks like your data isn't in Java's serialization format. Data in this format begins with the hex bytes AC ED, although SerializationDumper also supports dumping data from Java Remote Method Invocation packets which start with a byte in the range hex 50 to hex 54. Your data begins with hex EF FE.

Where did you get the data in file.bin from? Are you certain it was written using ObjectOutputStream.write*? Are you able to read it using ObjectInputStream.read*?

Tronix82 commented 4 years ago

Hello,  My file is 100% Java serialized file. The magic stream bytes are inside file. The serialized file was made using apache serialization utility. Can I send you the to check?  Thank for your help.  Best Regards,  Sent from Yahoo Mail on Android

NickstaDB commented 4 years ago

If you can share a sample of the file that would certainly help. Also, what version of Java and Apache Commons Lang/SerializationUtils was used to create the file?

I've created my own test file using SerializationUtils from Apache Commons Lang 2.6 and the data that was output was in Java's serialization format, but your output from SerializationDumper indicates that the file you were trying to dump began with the hex bytes EF FE FB, rather than the AC ED that SerializationDumper expects.

Tronix82 commented 4 years ago

Hello, Please, find the attached file. The Apache version used is 2.5. This file contains a public RSA value. Best Regards, Tronix

NickstaDB commented 4 years ago

Hi @Tronix82, there's no file attached to your reply. You may need to attach the file via github.com rather than in an email response.

Tronix82 commented 4 years ago

RSA-KEY.zip

NickstaDB commented 4 years ago

Ah I missed the issue in your first comment, the problem is in how you're running the tool.

Usage:
    SerializationDumper <hex-ascii-data>
    SerializationDumper -f <file-containing-hex-ascii>
    SerializationDumper -r <file-containing-raw-data>

Rebuild a dumped stream:
    SerializationDumper -b <input-file> <output-file>

When you run SerializationDumper.jar with a single parameter it is expected to be the raw data encoded as hex, not a filename. Your sample file contains raw serialized data so you'll want to run SerializationDumper.jar -r file.bin.

Tronix82 commented 4 years ago

Yes.. Thank you its working now..