5.2 Java Bytecode Reversing and Patching Exercise
This section introduces an exercise that is the Java Bytecode equivalent of the
exercise given in Section 4.2 for Wintel machine code. Imagine that you have just
implemented a Java version of a console application called “Password Vault” that helps
computer users create and manage their passwords in a secure and convenient way.
Before releasing a limited trial version of the application on your company’s Web site,
you would like to understand how difficult it would be for a reverse engineer to
circumvent a limitation in the trial version that exists to encourage purchases of the full
version; the trial version of the application limits the number of password records a user
may create to five.
The Java version of the Password Vault application (included with this text) was
developed to provide a non-trivial application for reversing exercises without the myriad
of legal concerns involved with reverse engineering software owned by others. The Java
version of the Password Vault application employs 128-bit AES encryption, using Sun's
Java Cryptography Extensions (JCE), to securely store passwords for multiple users—
each in separate, encrypted XML files.