search

NickstaDB / SerializationDumper

A tool to dump Java serialization streams in a more human readable form.
MIT License
994 stars 125 forks source link

Data must have a length that is a multiple of 2 #16

Closed prashast closed 3 years ago

prashast commented 3 years ago

Hi, it seems that the same issue similar to #13 is popping up again while trying to deserialize a payload I generated using ysoserial. Could you let me know if there is something that I am doing wrong? I tried both the release binary and building the jar file from scratch as well with the same error output.

Steps to reproduce

java -jar ysoserial-0.0.6-SNAPSHOT-all.jar Clojure /bin/ls > payload.bin
java -jar SerializationDumper-v1.13.jar payload.bin

Versions

javac 11.0.11
openjdk 11.0.11
NickstaDB commented 3 years ago

The error is because by default it expects a single argument to be a hex string (I was originally using this to decode short chunks of data copied out of pcaps so this made sense). The error is because the string payload.bin isn't a hex string.

What you want to do here is decode a raw file with the -r switch:

java -jar SerializationDumper-v1.13.jar -r payload.bin