Skip to content
This repository has been archived by the owner on Dec 4, 2024. It is now read-only.

Commit

Permalink
new readme me
Browse files Browse the repository at this point in the history
  • Loading branch information
4ra1n committed Sep 14, 2023
1 parent 0734389 commit 38f5535
Show file tree
Hide file tree
Showing 7 changed files with 35 additions and 19 deletions.
26 changes: 17 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,16 @@

![hex](img/003.png)

使用指定参数启动即可禁止 `Java Agent` 动态 `dump` 字节码

![](img/007.png)

对于更资深的黑客,他们会想到 `sa-jdi``HSDB``dump` 字节码

我参考 `Beichen` 师傅议题的思路,从 `JVM` 里禁用了 `gHotSpotVMStructs` 函数

![](img/008.png)

## 快速开始

加密解密部分使用`C`做一层加密,使用`汇编`二层加密,已提供编译好的`Release`版本`DLL/SO`文件嵌入`Jar`包中
Expand Down Expand Up @@ -46,7 +56,7 @@ java -jar code-encryptor-plus.jar export
注意必须有两个参数`PACKAGE_NAME``KEY`

```shell
java -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar
java -XX:+DisableAttachMechanism -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar
```

![](img/006.png)
Expand All @@ -63,6 +73,7 @@ java -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-ke
- 原文章的代码仅是`Demo`级别,无法直接上手测试和使用
- 原文章没有加入具体的加密算法,仅是简单的运算,需要加强
- 原文章的代码存在一些`BUG`和优化空间
- 使用某些魔法操作,使字节码无法被 `dump` 进一步保证安全

目前的加密解密算法:
- 汇编实现的多次位运算,交换字节等
Expand All @@ -82,18 +93,15 @@ java -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-ke

## 其他

不适用于`SpringBoot`场景,存在两个问题:
- `SpringBoot`不允许压缩`lib`依赖(这个有解决办法)
- `SpringBoot`启动扫描会分析`class`由于加密报错

网上提供了两种办法,可以参考
不适用于启动扫描 `class` 的项目

参考:https://zhuanlan.zhihu.com/p/545268749

类似地,启动扫描`class`的代码是无法使用这种加密的
防止 `sa-jdi` 的思路仅在 `windows` 中测试

## 参考

特别感谢 `BeichenDream` 师傅

感谢以下项目或文章提供的思路:
- https://mp.weixin.qq.com/s/89Bmvy_uY97TZm3vR9lyWw
- https://juejin.cn/post/6844903487784894477
- https://github.com/sea-boat/ByteCodeEncrypt
28 changes: 18 additions & 10 deletions doc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,16 @@ Apart from retaining the `Magic` part at the beginning, the rest becomes unrecog

![hex](../img/003.png)

Use some param to prevent `Java Agent` to `dump` byte code.

![](../img/007.png)

Some hackers may found `sa-jdi` and `HSDB` to `dump` byte code.

Refer to `Beichen` articles, prevent `gHotSpotVMStructs` function of `JVM`.

![](../img/008.png)

## Quick Start

The encryption and decryption process involves two layers of encryption: the first layer in `C` and the second layer in `assembly`. Precompiled `Release` versions of `DLL/SO` files are included in the `Jar` package.
Expand All @@ -43,7 +53,7 @@ Launching the Jar Package with Decryption DLL/SO: (Using the `-agentpath` Parame

Please note that you must provide two parameters: `PACKAGE_NAME` and `KEY`.
```shell
java -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar
java -XX:+DisableAttachMechanism -agentpath:D:\abs-path\decrypter.dll=PACKAGE_NAME=com.your.pack,KEY=your-key --jar your-jar.jar
```

![](../img/006.png)
Expand All @@ -61,6 +71,7 @@ Compared to publicly available articles/code online, this project has several ad
- The original article's code was only at a demo level, making it difficult for users to test and use directly.
- The original article did not include specific encryption algorithms; it only involved simple operations and needed enhancement.
- The original article's code had some bugs and room for optimization.
- Use some magic that hackers can not dump any byte code.

The current encryption and decryption algorithm includes:

Expand All @@ -81,19 +92,16 @@ The `native` directory is built using `cmake`, generating `dll` and `so` files t

## Notes

This solution is not suitable for `SpringBoot` scenarios due to two issues:
- `SpringBoot` does not allow the compression of `lib` dependencies (there are workarounds).
- `SpringBoot` startup scanning will analyze `class` files, leading to errors when encrypted.

Two solutions are available online, which you can refer to:
This approach is not suitable for scanning projects that involve launching the scanning of `class` files.

Reference: https://zhuanlan.zhihu.com/p/545268749
The prevention strategy using `sa-jdi` is only tested on `Windows`.

Similarly, this encryption method cannot be used with code that scans `class` files during startup.
## Refer

## References
Thanks to `BeichenDream`

Thanks to the following projects or articles for providing insights:
Thanks for these articles:
- https://mp.weixin.qq.com/s/89Bmvy_uY97TZm3vR9lyWw
- https://juejin.cn/post/6844903487784894477
- https://github.com/sea-boat/ByteCodeEncrypt

Binary file added img/007.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added img/008.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified src/main/resources/decrypter.dll
Binary file not shown.
Binary file modified src/main/resources/encryptor.dll
Binary file not shown.
Binary file added tools.jar
Binary file not shown.

0 comments on commit 38f5535

Please sign in to comment.