X hits on this document

481 views

0 shares

0 downloads

0 comments

33 / 120

5.2 Java Bytecode Reversing and Patching Exercise

This section introduces an exercise that is the Java Bytecode equivalent of the

exercise given in Section 4.2 for Wintel machine code. Imagine that you have just

implemented a Java version of a console application called “Password Vault” that helps

computer users create and manage their passwords in a secure and convenient way.

Before releasing a limited trial version of the application on your company’s Web site,

you would like to understand how difficult it would be for a reverse engineer to

circumvent a limitation in the trial version that exists to encourage purchases of the full

version; the trial version of the application limits the number of password records a user

may create to five.

The Java version of the Password Vault application (included with this text) was

developed to provide a non-trivial application for reversing exercises without the myriad

of legal concerns involved with reverse engineering software owned by others. The Java

version of the Password Vault application employs 128-bit AES encryption, using Sun's

Java Cryptography Extensions (JCE), to securely store passwords for multiple users—

each in separate, encrypted XML files.

25

Document info
Document views481
Page views482
Page last viewedFri Jan 20 02:25:02 UTC 2017
Pages120
Paragraphs2913
Words25794

Comments