[TUTORIAL|ADVANCED] Beyond Reflection - AspectJ - Tracing

Discussion in 'Resources' started by Icyene, Sep 1, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    md_5

    Nice!
    I am strongly against rejecting a plugin just because of the way one particular decompile looks at it, can you please PM me the jar you used in the decompilation example in the 3rd post.
     
  2. Offline

    Icyene

    md_5 Thanks :D
    I don't have the jar, as it is from a post on StackOverflow on the subject of decompilin AJ code. It is here.

    EDIT: Is modifing a users JRE allowed? It would be the easiest way to get the attach.(dll|so) into it. I'd rather not have to make an injector for that as well. All it would do is get attach.(dll|so) and copy it into the jre/bin directory. This does pose problems about the validity of the dll, but wouldn't hashing it and comparing it to the attach.dll of your JDK provide enough evidence?
     
  3. Offline

    Jacek

    Icyene Since you tagged me here is what I think about all of this :p To be confident that a plugin is not doing evil stuff I need to be able to decompile and read all of the code.

    I don't know exactly how this looks when decompiled but from the StackOverflow link and considering that is probably a particularly bad example it's not likely to be much worse than some obfuscation can be but whether it's too unreadable or not can only really be decided on a case by case basis.

    You could decompile it yourself before uploading to see if there are any really broken bits and if there is anything you can do to get rid of them which would be helpful :)

    This also looks like it could be amazingly fun !
     
  4. Offline

    Icyene

    Jacek Thanks! At the moment, I am working on a better implementation, which uses a late-binding ASM agent. So damn close to done, works perfectly... All I need to do now it generate a ClassDefinition given a class. Any ideas?
     
  5. Offline

    Jacek

    Not a clue ! I have been trying find a way to do something along those lines for a long time though so let me know how it goes !
     
  6. Offline

    Icyene

    Jacek Its going pretty well :p I got the instrumenting working, and it says its working yet it fails to print out the correct info... This is small log of a small program after its been attached:

    Code:
    Instrumenting class: java/lang/instrument/ClassDefinition
    Instrumenting class: com/github/Icyene/HackLib/Main
    Profiled <init> in class com/github/Icyene/HackLib/Main.
    Profiled main in class com/github/Icyene/HackLib/Main.
    Profiled bye in class com/github/Icyene/HackLib/Main.
    Profiled sayHello in class com/github/Icyene/HackLib/Main.
    
    At least attaching is working. Thats half the battle.

    The way I am doing this is more hacky than I'd like to admit (hence the name, HackLib). I create a temporary jar, with a manifest allowing retransformation of classes. I then get the PID of the JVM and attach to it with a native library. Kind of like a C++ injector. I then attach my agent to the JVM.

    EDIT: Ohhhhhh.... Appears ASM is not compatible with AspectJ... It was throwing hundreds of silent exceptions...
     
  7. Offline

    Icyene

    Haha I'm an idiot >.< I was profiling properly, but my profiler profiled the profiler which then profiled the latter profiler ad infinatum. Nearly finished!
     
  8. Offline

    Icyene

    WOOOHOOO! md_5 Jacek I got it to work! The process:

    1. Get the PID of current JVM (thanks md_5, saved alot of time)
    2. Attach Agent.class to it using native library attach.(dll|so)
    4. Get ClassDefinition (class, byte[] representing class) of Test.class
    3. On agentmain(String, Instrumentation) retransform ClassDef of Test.class
    4. In transformation, get the bytecode equivalent of Profiler.start and Profiler.end
    5. Inject that bytecode into every method of Test.class, calling end on Opcodes.RETURN etc.
    6. Detatch from JVM

    Seems easier than it really is. With a Test.class like this:

    Code:Java
    1.  
    2. public class Test {
    3.  
    4. public static void main(String[] args) {
    5.  
    6. HackUtil.loadItUp();
    7. sayHello();
    8. sayWorld();
    9.  
    10. }
    11.  
    12. public static void sayHello() {
    13. System.out.println("Hello");
    14. }
    15.  
    16. public static void sayWorld() {
    17. System.out.println("World!");
    18. }
    19.  
    20. }
    21.  


    You get this logged:

    Code:
    Agent loaded!
    Instrumenting class: java/lang/instrument/ClassDefinition
    java/lang/instrument/ClassDefinition is not using the system loader, and so cannot be loaded!
    Instrumenting class: com/github/Icyene/Test/Test
    Profiled <init> in class com/github/Icyene/Test/Test.
    Profiled main in class com/github/Icyene/Test/Test.
    Profiled sayHello in class com/github/Icyene/Test/Test.
    Profiled sayWorld in class com/github/Icyene/Test/Test.
    Returning reinstrumented class: com/github/Icyene/Test/Test
    Instrumenting class: com/github/Icyene/HackLib/Main
    com/github/Icyene/HackLib/Main is part of profiling classes. No StackOverflow for you!
    Instrumenting class: com/github/Icyene/HackLib/Profile
    com/github/Icyene/HackLib/Profile is part of profiling classes. No StackOverflow for you!
    com/github/Icyene/Test/Test    sayHello    start    1346807375267
    Hello
    com/github/Icyene/Test/Test    sayHello    end    1346807375267
    com/github/Icyene/Test/Test    sayWorld    start    1346807375267
    World!
    com/github/Icyene/Test/Test    sayWorld    end    1346807375267
     
    
    The ending number is the current milliseconds at that specific point. I'll write a better explanation tomorrow. If you trust me enough to use uninspected code written by me, I've uploaded it here.
     

    Attached Files:

    • com.zip
      File size:
      4.9 KB
      Views:
      20
    robxu9 likes this.
  9. Offline

    Jacek

    Cool ! I feel like I want to play around with this but I have no idea what to use it for :p That is something for tomorrow I think.
     
  10. Offline

    Icyene

    :p You could use it to match, say, all h_ functions for your BloodMoon plugin. Then you wouldn't have to create a custom entity for everything; you could just fire the event then and there. Protip: Never make it profile the profiling class. It causes a forking stackoverflow...
     
  11. Why not opensource your plugin on github, than they can see that you used AspectJ and they can look at your source:)
    Btw, i love AspectJ from the moment i saw you using it :D
     
  12. Offline

    md_5

    /me demands example github repo
     
    robxu9 and blackwolf12333 like this.
  13. Offline

    Icyene

    Because if I have a boolean doScrew = false; if(doScrew) {//Screw computer}, and AspectJ makes doScrew undecompilable, how would they know if doScrew is true or false? I could make if false on the github, (I release all plugins either under WTFPL or LGPL), but in the actual source it could be true, and they can't tell the difference because it appears as '???'.

    I'll make one when I get home.
     
  14. Offline

    PandazNWafflez

    Wow, no offence, but I'd have thought the Bukkit team would have hired at least one person that could read bytecode.
     
  15. Offline

    Icyene

    PandazNWafflez If that isn't a joke, let me say something:

    Reading bytecode is easy. Understanding what large chunks of bytecode do is very hard. Bytecode literally looks like

    "ldc("Test)
    INVOKESTATIC a B
    "

    While it does share some common traits with normal Java (Imports, etc), it in itself is a very hard "language" to learn, and quite pointless seeing as Java is a much nicer "wrapper" around it.
     
  16. Offline

    PandazNWafflez

    Of course I wasn't joking. And besides, it's no harder to learn than Assembly, and I know several people who picked that up in about 4 years of practice. I do know some people that know bytecode, but not on this forum, and not very well either.
     
  17. Offline

    Icyene

    No harder to learn? Sure. About 4 years? I know some who learned assembly in a summer. But its pointless to do so nowadays; a proper compiler can produce better assembler than the best assembler programmer. Same with the Java compiler. The area of usage for knowing bytecode is extremely limited, so few people would bother to learn it...
     
  18. Offline

    Gravity

    PandazNWafflez - quit your trolling, it's not appreciated by anyone here working for you.
     
  19. Offline

    PandazNWafflez

    4 years of unfocused amidst other things learning, and also knowledge of the whole thing, not just the basics.

    Trolling? It is simply my opinion.
     
    Guy_de_Siguro likes this.
  20. Offline

    Icyene

    My point still stands valid: it is NEARLY USELESS today.

    md_5 I finished the ASM version and have started writing a tutorial based on it. Github repo will follow shortly.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 28, 2016
  21. How about normal obfuscation, like in the minecraft client and server, would you deny plugins that would look like that? Because i am gonna report a plugin in that case :p

    Btw great tutorials, this one and that one about asm, i would love to understand it fully, but that will take some time:( and that's the only thing i don't have atm...
     
  22. Offline

    PandazNWafflez

    Can I resubmit a plugin loads until you are the one that reviews it? :p
     
  23. Offline

    Icyene

    If its already been approved, that means its already been gone through.
     
  24. Hmm yeah, didn't think of that :p
     
  25. Offline

    Supertt007

    Icyene Hello!
    I have setup aspectj but I am having problem hacking into net.minecraft.server. How do I hook aspectj into the server jar?
     
  26. Offline

    Icyene

    Supertt007 You can't :) Read the Beyond Reflection - ASM. Its a bit more advanced (as in alot), but it can do that, unlike AspectJ.
     
  27. Offline

    Supertt007

    Can't believe I missed it! Thanks's a lot!
     
Thread Status:
Not open for further replies.

Share This Page