X hits on this document

355 views

0 shares

0 downloads

0 comments

33 / 120

5.2 Java Bytecode Reversing and Patching Exercise

This section introduces an exercise that is the Java Bytecode equivalent of the

exercise given in Section 4.2 for Wintel machine code. Imagine that you have just

implemented a Java version of a console application called “Password Vault” that helps

computer users create and manage their passwords in a secure and convenient way.

Before releasing a limited trial version of the application on your company’s Web site,

you would like to understand how difficult it would be for a reverse engineer to

circumvent a limitation in the trial version that exists to encourage purchases of the full

version; the trial version of the application limits the number of password records a user

may create to five.

The Java version of the Password Vault application (included with this text) was

developed to provide a non-trivial application for reversing exercises without the myriad

of legal concerns involved with reverse engineering software owned by others. The Java

version of the Password Vault application employs 128-bit AES encryption, using Sun's

Java Cryptography Extensions (JCE), to securely store passwords for multiple users—

each in separate, encrypted XML files.

25

Document info
Document views355
Page views356
Page last viewedWed Dec 07 17:32:11 UTC 2016
Pages120
Paragraphs2913
Words25794

Comments