mirror/bd-jb
1
0
Fork 0
mirror of https://github.com/TheOfficialFloW/bd-jb synced 2025-02-12 13:20:09 -05:00
Code Issues Projects Releases Wiki Activity

Make API, JIT and Screen classes public.

Browse Source
This commit is contained in:
Andy Nguyen 2021-10-25 09:31:37 +02:00
parent c7f1c7f53b
commit 6be7872c8b
3 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
com/bdjb/API.java
View File

@ -13,7 +13,7 @@ import java.lang.reflect.Field;
import java.lang.reflect.Method; import java.lang.reflect.Method;
/** API class to access native data and execute native code. */ /** API class to access native data and execute native code. */
final class API { public final class API {
static final int INT8_SIZE = 1; static final int INT8_SIZE = 1;
static final int INT16_SIZE = 2; static final int INT16_SIZE = 2;
static final int INT32_SIZE = 4; static final int INT32_SIZE = 4;
@ -71,7 +71,7 @@ final class API {
this.init(); this.init();
} }
static synchronized API getInstance() throws Exception { public static synchronized API getInstance() throws Exception {
if (instance == null) { if (instance == null) {
instance = new API(); instance = new API();
} }
@ -257,7 +257,7 @@ final class API {
write64(contextData + 0x118, 0x41414141); write64(contextData + 0x118, 0x41414141);
} }
long call(long func, long arg0, long arg1, long arg2, long arg3, long arg4, long arg5) { public long call(long func, long arg0, long arg1, long arg2, long arg3, long arg4, long arg5) {
long fakeCallKlass = malloc(0x400); long fakeCallKlass = malloc(0x400);
memset(fakeCallKlass, 0, 0x400); memset(fakeCallKlass, 0, 0x400);
@ -320,31 +320,31 @@ final class API {
return read64(ret); return read64(ret);
} }
long call(long func, long arg0, long arg1, long arg2, long arg3, long arg4) { public long call(long func, long arg0, long arg1, long arg2, long arg3, long arg4) {
return call(func, arg0, arg1, arg2, arg3, arg4, (long) 0); return call(func, arg0, arg1, arg2, arg3, arg4, (long) 0);
} }
long call(long func, long arg0, long arg1, long arg2, long arg3) { public long call(long func, long arg0, long arg1, long arg2, long arg3) {
return call(func, arg0, arg1, arg2, arg3, (long) 0); return call(func, arg0, arg1, arg2, arg3, (long) 0);
} }
long call(long func, long arg0, long arg1, long arg2) { public long call(long func, long arg0, long arg1, long arg2) {
return call(func, arg0, arg1, arg2, (long) 0); return call(func, arg0, arg1, arg2, (long) 0);
} }
long call(long func, long arg0, long arg1) { public long call(long func, long arg0, long arg1) {
return call(func, arg0, arg1, (long) 0); return call(func, arg0, arg1, (long) 0);
} }
long call(long func, long arg0) { public long call(long func, long arg0) {
return call(func, arg0, (long) 0); return call(func, arg0, (long) 0);
} }
long call(long func) { public long call(long func) {
return call(func, (long) 0); return call(func, (long) 0);
} }
long dlsym(long handle, String symbol) { public long dlsym(long handle, String symbol) {
int oldHandle = (int) RTLD_DEFAULT; int oldHandle = (int) RTLD_DEFAULT;
try { try {
if (executableHandle != 0) { if (executableHandle != 0) {
@ -365,7 +365,7 @@ final class API {
} }
} }
long addrof(Object obj) { public long addrof(Object obj) {
try { try {
unsafe.putObject(LONG_VALUE, longValueOffset, obj); unsafe.putObject(LONG_VALUE, longValueOffset, obj);
return unsafe.getLong(LONG_VALUE, longValueOffset); return unsafe.getLong(LONG_VALUE, longValueOffset);
@ -374,86 +374,86 @@ final class API {
} }
} }
byte read8(long addr) { public byte read8(long addr) {
return unsafe.getByte(addr); return unsafe.getByte(addr);
} }
short read16(long addr) { public short read16(long addr) {
return unsafe.getShort(addr); return unsafe.getShort(addr);
} }
int read32(long addr) { public int read32(long addr) {
return unsafe.getInt(addr); return unsafe.getInt(addr);
} }
long read64(long addr) { public long read64(long addr) {
return unsafe.getLong(addr); return unsafe.getLong(addr);
} }
void write8(long addr, byte val) { public void write8(long addr, byte val) {
unsafe.putByte(addr, val); unsafe.putByte(addr, val);
} }
void write16(long addr, short val) { public void write16(long addr, short val) {
unsafe.putShort(addr, val); unsafe.putShort(addr, val);
} }
void write32(long addr, int val) { public void write32(long addr, int val) {
unsafe.putInt(addr, val); unsafe.putInt(addr, val);
} }
void write64(long addr, long val) { public void write64(long addr, long val) {
unsafe.putLong(addr, val); unsafe.putLong(addr, val);
} }
long malloc(long size) { public long malloc(long size) {
return unsafe.allocateMemory(size); return unsafe.allocateMemory(size);
} }
long realloc(long ptr, long size) { public long realloc(long ptr, long size) {
return unsafe.reallocateMemory(ptr, size); return unsafe.reallocateMemory(ptr, size);
} }
void free(long ptr) { public void free(long ptr) {
unsafe.freeMemory(ptr); unsafe.freeMemory(ptr);
} }
long memcpy(long dest, long src, long n) { public long memcpy(long dest, long src, long n) {
for (int i = 0; i < n; i++) { for (int i = 0; i < n; i++) {
write8(dest + i, read8(src + i)); write8(dest + i, read8(src + i));
} }
return dest; return dest;
} }
long memcpy(long dest, byte[] src, long n) { public long memcpy(long dest, byte[] src, long n) {
for (int i = 0; i < n; i++) { for (int i = 0; i < n; i++) {
write8(dest + i, src[i]); write8(dest + i, src[i]);
} }
return dest; return dest;
} }
byte[] memcpy(byte[] dest, long src, long n) { public byte[] memcpy(byte[] dest, long src, long n) {
for (int i = 0; i < n; i++) { for (int i = 0; i < n; i++) {
dest[i] = read8(src + i); dest[i] = read8(src + i);
} }
return dest; return dest;
} }
long memset(long s, int c, long n) { public long memset(long s, int c, long n) {
for (int i = 0; i < n; i++) { for (int i = 0; i < n; i++) {
write8(s + i, (byte) c); write8(s + i, (byte) c);
} }
return s; return s;
} }
byte[] memset(byte[] s, int c, long n) { public byte[] memset(byte[] s, int c, long n) {
for (int i = 0; i < n; i++) { for (int i = 0; i < n; i++) {
s[i] = (byte) c; s[i] = (byte) c;
} }
return s; return s;
} }
int memcmp(long s1, long s2, long n) { public int memcmp(long s1, long s2, long n) {
for (int i = 0; i < n; i++) { for (int i = 0; i < n; i++) {
byte b1 = read8(s1 + i); byte b1 = read8(s1 + i);
byte b2 = read8(s2 + i); byte b2 = read8(s2 + i);
@ -464,7 +464,7 @@ final class API {
return 0; return 0;
} }
int memcmp(long s1, byte[] s2, long n) { public int memcmp(long s1, byte[] s2, long n) {
for (int i = 0; i < n; i++) { for (int i = 0; i < n; i++) {
byte b1 = read8(s1 + i); byte b1 = read8(s1 + i);
byte b2 = s2[i]; byte b2 = s2[i];
@ -475,11 +475,11 @@ final class API {
return 0; return 0;
} }
int memcmp(byte[] s1, long s2, long n) { public int memcmp(byte[] s1, long s2, long n) {
return memcmp(s2, s1, n); return memcmp(s2, s1, n);
} }
int strcmp(long s1, long s2) { public int strcmp(long s1, long s2) {
int i = 0; int i = 0;
while (true) { while (true) {
byte b1 = read8(s1 + i); byte b1 = read8(s1 + i);
@ -494,7 +494,7 @@ final class API {
} }
} }
int strcmp(long s1, String s2) { public int strcmp(long s1, String s2) {
byte[] bytes = toCBytes(s2); byte[] bytes = toCBytes(s2);
int i = 0; int i = 0;
while (true) { while (true) {
@ -510,11 +510,11 @@ final class API {
} }
} }
int strcmp(String s1, long s2) { public int strcmp(String s1, long s2) {
return strcmp(s2, s1); return strcmp(s2, s1);
} }
long strcpy(long dest, long src) { public long strcpy(long dest, long src) {
int i = 0; int i = 0;
while (true) { while (true) {
byte ch = read8(src + i); byte ch = read8(src + i);
@ -527,7 +527,7 @@ final class API {
return dest; return dest;
} }
long strcpy(long dest, String src) { public long strcpy(long dest, String src) {
byte[] bytes = toCBytes(src); byte[] bytes = toCBytes(src);
int i = 0; int i = 0;
while (true) { while (true) {
@ -541,7 +541,7 @@ final class API {
return dest; return dest;
} }
String readString(long src, int n) { public String readString(long src, int n) {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
int i = 0; int i = 0;
while (true) { while (true) {
@ -555,11 +555,11 @@ final class API {
return outputStream.toString(); return outputStream.toString();
} }
String readString(long src) { public String readString(long src) {
return readString(src, -1); return readString(src, -1);
} }
byte[] toCBytes(String str) { public byte[] toCBytes(String str) {
byte[] bytes = new byte[str.length() + 1]; byte[] bytes = new byte[str.length() + 1];
System.arraycopy(str.getBytes(), 0, bytes, 0, str.length()); System.arraycopy(str.getBytes(), 0, bytes, 0, str.length());
return bytes; return bytes;

6
com/bdjb/JIT.java
View File

@ -13,7 +13,7 @@ import java.io.RandomAccessFile;
* JIT class that exploits a vulnerability in the runtime-compiler protocol to map payloads to * JIT class that exploits a vulnerability in the runtime-compiler protocol to map payloads to
* executable memory. * executable memory.
*/ */
final class JIT { public final class JIT {
static final int BDJ_MODULE_HANDLE = 0; static final int BDJ_MODULE_HANDLE = 0;
static final int MAX_JIT_SIZE = 24 * 1024 * 1024; // Actually max is 30MB, but let's be safe. static final int MAX_JIT_SIZE = 24 * 1024 * 1024; // Actually max is 30MB, but let's be safe.
@ -56,7 +56,7 @@ final class JIT {
this.init(); this.init();
} }
static synchronized JIT getInstance() throws Exception { public static synchronized JIT getInstance() throws Exception {
if (instance == null) { if (instance == null) {
instance = new JIT(); instance = new JIT();
} }
@ -112,7 +112,7 @@ final class JIT {
api.read32(compilerAgentSocketOpcode + api.read32(compilerAgentSocketOpcode + 0x3) + 0x7); api.read32(compilerAgentSocketOpcode + api.read32(compilerAgentSocketOpcode + 0x3) + 0x7);
} }
long mapPayload(String path) throws Exception { public long mapPayload(String path) throws Exception {
RandomAccessFile file = new RandomAccessFile(path, "r"); RandomAccessFile file = new RandomAccessFile(path, "r");
// TODO: Currently we just use maximum size so that the address is predictable. // TODO: Currently we just use maximum size so that the address is predictable.

6
com/bdjb/Screen.java
View File

@ -13,18 +13,18 @@ import java.awt.Font;
import java.awt.Graphics; import java.awt.Graphics;
import java.util.ArrayList; import java.util.ArrayList;
class Screen extends Container { public class Screen extends Container {
private static final Font FONT = new Font(null, Font.PLAIN, 36); private static final Font FONT = new Font(null, Font.PLAIN, 36);
private static final ArrayList messages = new ArrayList(); private static final ArrayList messages = new ArrayList();
private static final Screen instance = new Screen(); private static final Screen instance = new Screen();
static Screen getInstance() { public static Screen getInstance() {
return instance; return instance;
} }
static void println(String msg) { public static void println(String msg) {
messages.add(msg); messages.add(msg);
instance.repaint(); instance.repaint();
} }