Just An Application

September 5, 2014

The Mystery Of The Unsigned JAR: Part One — Enter A Small JAR, Furtively

Filed under: Security, Things That Go Bump In The Night — Tags: , , — Simon Lewis @ 6:41 am

The unsolicited contributions to my PDF collection seem to have dried up which is a bit of a disappointment. I hope it wasn’t something I said.

I have had a couple more ZIPed .exes but they are not really my kind of thing, then I got sent a JAR file.

Initially I suspected it might be a ZIPed .exe in disguise, which would have been something of an anti-climax, but it turns out to be an actual JAR with a manifest and everything.

Its not exactly the world’s biggest JAR file. Its about 50KB and contains a manifest, four class files and a dll.

More accurately it contains

  • a manifest which is definitely a manifest

  • four class files which are definitely class files since javap can parse them, and

  • a file which has the suffix .dll but which file cannot identify

After taking a quick look at the class files courtesy of ‘javap -c -private‘ there are three things that stand out

  1. there is a ‘sekrit method’

  2. there is a class loader without any classes to load unless it is a very narcissistic class loader which only loads itself

  3. there is something which purports to be a dll and in all probability isn’t


Copyright (c) 2014 By Simon Lewis. All Rights Reserved.

Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and owner Simon Lewis is strictly prohibited.

Excerpts and links may be used, provided that full and clear credit is given to Simon Lewis and justanapplication.wordpress.com with appropriate and specific direction to the original content.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: