2.7.0
01/11/2015 - Improved the Refresh Class function to be used as the default compile function. 01/11/2015 - Implemented better error handling for decompiling class files. 01/15/2015 - CTRL + O will open the add file interface. 01/15/2015 - CTRL + N will open the net workspace interface. 01/15/2015 - It will now save the last directory you opened. 01/15/2015 - Some how the URL for the auto updater change log got changed, this has been fixed. 01/15/2015 - Slightly updated the change log display, it'll now show all the changes since your version. 01/16/2015 - Made EZ-Injection UI look a bit nicer. 01/27/2015 - Decided to scrap the JVM Sandbox POC and use the Security Manager. 01/27/2015 - BCV now blocks exec and won't allow any ports to be bound.
This commit is contained in:
Kalen Kinloch
parent
bc9cfe13f3
commit
d9f35b8288
5 changed files with 37 additions and 28 deletions
Binary file not shown.
|
|
@ -14,8 +14,8 @@ Code from various projects has been used, including but not limited to:
|
|||
Procyon by Mstrobel
|
||||
CFR by Lee Benfield
|
||||
CFIDE by Bibl
|
||||
Smali by JesusFreke
|
||||
Dex2Jar by pxb1..?
|
||||
Smali by JesusFreke
|
||||
Dex2Jar by pxb1..?
|
||||
|
||||
Contributors:
|
||||
Konloch
|
||||
|
|
|
|||
|
|
@ -80,12 +80,8 @@ import the.bytecode.club.bytecodeviewer.plugins.PluginManager;
|
|||
* Option to make the bytecode pane automatically scroll to where the source code pane is
|
||||
* Replacing all string field calls with the string instance - would require EZ-Injection to run code?
|
||||
* Spiffy up the plugin console with red text optional, would require JTextPane, not JTextArea.
|
||||
* Add robot to malware scanner
|
||||
* Add right click on tab > close other tabs > close this tab
|
||||
* Try automatic insert return null for all runtime.exec methods via ASM3; //maybe just do AMS5 then obfuscate the dex2jar shit.
|
||||
*
|
||||
* Look at Desktop.getDesktop().open();
|
||||
* refine POC and just use sec man
|
||||
* maybe just do AMS5 then obfuscate the dex2jar shit.
|
||||
*
|
||||
* ----Beta 1.0.0-----:
|
||||
* 10/4/2014 - Designed a POC GUI, still needs a lot of work.
|
||||
|
|
@ -304,15 +300,12 @@ import the.bytecode.club.bytecodeviewer.plugins.PluginManager;
|
|||
* 01/16/2015 - Made EZ-Injection UI look a bit nicer.
|
||||
* 01/27/2015 - Decided to scrap the JVM Sandbox POC and use the Security Manager.
|
||||
* 01/27/2015 - BCV now blocks exec and won't allow any ports to be bound.
|
||||
* 01/27/2015 - Added java.awt.Robot to the malicious code scanner.
|
||||
*
|
||||
* @author Konloch
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Store the inst object and original class bytes, then allow optional real time toggling?
|
||||
*/
|
||||
|
||||
public class BytecodeViewer {
|
||||
|
||||
public static MainViewerGUI viewer = null;
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import java.awt.event.ActionEvent;
|
|||
public class MaliciousCodeScannerOptions extends JFrame {
|
||||
public MaliciousCodeScannerOptions() {
|
||||
this.setIconImages(BytecodeViewer.iconList);
|
||||
setSize(new Dimension(250, 300));
|
||||
setSize(new Dimension(250, 323));
|
||||
setResizable(false);
|
||||
setTitle("Malicious Code Scanner Options");
|
||||
getContentPane().setLayout(null);
|
||||
|
|
@ -38,11 +38,11 @@ public class MaliciousCodeScannerOptions extends JFrame {
|
|||
|
||||
final JCheckBox chckbxJavanet = new JCheckBox("java/net");
|
||||
chckbxJavanet.setSelected(true);
|
||||
chckbxJavanet.setBounds(6, 59, 232, 23);
|
||||
chckbxJavanet.setBounds(6, 81, 232, 23);
|
||||
getContentPane().add(chckbxJavanet);
|
||||
|
||||
final JCheckBox chckbxJavaio = new JCheckBox("java/io");
|
||||
chckbxJavaio.setBounds(6, 85, 232, 23);
|
||||
chckbxJavaio.setBounds(6, 104, 232, 23);
|
||||
getContentPane().add(chckbxJavaio);
|
||||
|
||||
final JCheckBox chckbxJavalangruntime = new JCheckBox(
|
||||
|
|
@ -54,48 +54,57 @@ public class MaliciousCodeScannerOptions extends JFrame {
|
|||
final JCheckBox chckbxLdcContainswww = new JCheckBox(
|
||||
"LDC contains 'www.'");
|
||||
chckbxLdcContainswww.setSelected(true);
|
||||
chckbxLdcContainswww.setBounds(6, 111, 232, 23);
|
||||
chckbxLdcContainswww.setBounds(6, 130, 232, 23);
|
||||
getContentPane().add(chckbxLdcContainswww);
|
||||
|
||||
final JCheckBox chckbxLdcContainshttp = new JCheckBox(
|
||||
"LDC contains 'http://'");
|
||||
chckbxLdcContainshttp.setSelected(true);
|
||||
chckbxLdcContainshttp.setBounds(6, 137, 232, 23);
|
||||
chckbxLdcContainshttp.setBounds(6, 156, 232, 23);
|
||||
getContentPane().add(chckbxLdcContainshttp);
|
||||
|
||||
final JCheckBox chckbxLdcContainshttps = new JCheckBox(
|
||||
"LDC contains 'https://'");
|
||||
chckbxLdcContainshttps.setSelected(true);
|
||||
chckbxLdcContainshttps.setBounds(6, 163, 232, 23);
|
||||
chckbxLdcContainshttps.setBounds(6, 182, 232, 23);
|
||||
getContentPane().add(chckbxLdcContainshttps);
|
||||
|
||||
final JCheckBox chckbxLdcMatchesIp = new JCheckBox(
|
||||
"LDC matches IP regex");
|
||||
chckbxLdcMatchesIp.setSelected(true);
|
||||
chckbxLdcMatchesIp.setBounds(6, 189, 232, 23);
|
||||
chckbxLdcMatchesIp.setBounds(6, 208, 232, 23);
|
||||
getContentPane().add(chckbxLdcMatchesIp);
|
||||
|
||||
final JCheckBox chckbxNullSecMan = new JCheckBox(
|
||||
"SecurityManager set to null");
|
||||
chckbxNullSecMan.setSelected(true);
|
||||
chckbxNullSecMan.setBounds(6, 215, 232, 23);
|
||||
chckbxNullSecMan.setBounds(6, 234, 232, 23);
|
||||
getContentPane().add(chckbxNullSecMan);
|
||||
|
||||
final JCheckBox chckbxJavaawtrobot = new JCheckBox("java/awt/Robot");
|
||||
chckbxJavaawtrobot.setSelected(true);
|
||||
chckbxJavaawtrobot.setBounds(6, 59, 232, 23);
|
||||
getContentPane().add(chckbxJavaawtrobot);
|
||||
|
||||
JButton btnNewButton = new JButton("Start Scanning");
|
||||
btnNewButton.addActionListener(new ActionListener() {
|
||||
public void actionPerformed(ActionEvent arg0) {
|
||||
PluginManager.runPlugin(new MaliciousCodeScanner(
|
||||
chckbxJavalangreflection.isSelected(),
|
||||
chckbxJavalangruntime.isSelected(), chckbxJavanet
|
||||
.isSelected(), chckbxJavaio.isSelected(),
|
||||
chckbxJavalangruntime.isSelected(),
|
||||
chckbxJavanet.isSelected(),
|
||||
chckbxJavaio.isSelected(),
|
||||
chckbxLdcContainswww.isSelected(),
|
||||
chckbxLdcContainshttp.isSelected(),
|
||||
chckbxLdcContainshttps.isSelected(), chckbxLdcMatchesIp
|
||||
.isSelected(), chckbxNullSecMan.isSelected()));
|
||||
chckbxLdcContainshttps.isSelected(),
|
||||
chckbxLdcMatchesIp.isSelected(),
|
||||
chckbxNullSecMan.isSelected(),
|
||||
chckbxJavaawtrobot.isSelected()));
|
||||
dispose();
|
||||
}
|
||||
});
|
||||
btnNewButton.setBounds(6, 245, 232, 23);
|
||||
|
||||
btnNewButton.setBounds(6, 264, 232, 23);
|
||||
getContentPane().add(btnNewButton);
|
||||
this.setLocationRelativeTo(null);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,11 +28,11 @@ import the.bytecode.club.bytecodeviewer.api.PluginConsole;
|
|||
|
||||
public class MaliciousCodeScanner extends Plugin {
|
||||
|
||||
public boolean ORE, ONE, ORU, OIO, LWW, LHT, LHS, LIP, NSM;
|
||||
public boolean ORE, ONE, ORU, OIO, LWW, LHT, LHS, LIP, NSM, ROB;
|
||||
|
||||
public MaliciousCodeScanner(boolean reflect, boolean runtime, boolean net,
|
||||
boolean io, boolean www, boolean http, boolean https, boolean ip,
|
||||
boolean nullSecMan) {
|
||||
boolean nullSecMan, boolean robot) {
|
||||
ORE = reflect;
|
||||
ONE = net;
|
||||
ORU = runtime;
|
||||
|
|
@ -42,6 +42,7 @@ public class MaliciousCodeScanner extends Plugin {
|
|||
LHS = https;
|
||||
LIP = ip;
|
||||
NSM = nullSecMan;
|
||||
ROB = robot;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -59,6 +60,8 @@ public class MaliciousCodeScanner extends Plugin {
|
|||
|| (LHS && s.contains("https://"))
|
||||
|| (ORE && s.contains("java/lang/Runtime"))
|
||||
|| (ORE && s.contains("java.lang.Runtime"))
|
||||
|| (ROB && s.contains("java.awt.Robot"))
|
||||
|| (ROB && s.contains("java/awt/Robot"))
|
||||
|| (LIP && s
|
||||
.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")))
|
||||
sb.append("Found LDC \"" + s + "\" at field "
|
||||
|
|
@ -73,6 +76,8 @@ public class MaliciousCodeScanner extends Plugin {
|
|||
|| (LHS && s.contains("https://"))
|
||||
|| (ORE && s.contains("java/lang/Runtime"))
|
||||
|| (ORE && s.contains("java.lang.Runtime"))
|
||||
|| (ROB && s.contains("java.awt.Robot"))
|
||||
|| (ROB && s.contains("java/awt/Robot"))
|
||||
|| (LIP && s
|
||||
.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")))
|
||||
sb.append("Found LDC \"" + s + "\" at field "
|
||||
|
|
@ -93,8 +98,8 @@ public class MaliciousCodeScanner extends Plugin {
|
|||
final MethodInsnNode min = (MethodInsnNode) a;
|
||||
if ((ORE && min.owner.startsWith("java/lang/reflect"))
|
||||
|| (ONE && min.owner.startsWith("java/net"))
|
||||
|| (ORU && min.owner
|
||||
.equals("java/lang/Runtime"))
|
||||
|| (ORU && min.owner.equals("java/lang/Runtime"))
|
||||
|| (ROB && min.owner.equals("java/awt/Robot"))
|
||||
|| (OIO && min.owner.startsWith("java/io"))) {
|
||||
sb.append("Found Method call to " + min.owner + "."
|
||||
+ min.name + "(" + min.desc + ") at "
|
||||
|
|
@ -110,6 +115,8 @@ public class MaliciousCodeScanner extends Plugin {
|
|||
|| (LHS && s.contains("https://"))
|
||||
|| (ORE && s.contains("java/lang/Runtime"))
|
||||
|| (ORE && s.contains("java.lang.Runtime"))
|
||||
|| (ROB && s.contains("java.awt.Robot"))
|
||||
|| (ROB && s.contains("java/awt/Robot"))
|
||||
|| (LIP && s
|
||||
.matches("\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b"))) {
|
||||
sb.append("Found LDC \"" + s + "\" at method "
|
||||
|
|
|
|||
Loading…
Reference in a new issue