Chapter 5  ■ Bypassing Client-Side Controls

N OT E

The idea of attacking a Java-based game to submit an arbitrary score

may appear frivolous. However, thick-client components are employed by many

casino web sites, which play for real money. Posting an arbitrary score to an

application like this may be a very serious business!

Decompiling Java Bytecode

A much more promising approach is to decompile the applet to obtain its

source code. Languages like Java are not compiled into native machine

instructions, but to an intermediate language called bytecode, which is inter-

preted at runtime by a virtual machine. Normally, Java bytecode can be

decompiled to recover its original source code without too many problems.

To decompile a client-side applet, you first need to save a copy of it to disk.

You can do this simply by using your browser to request the URL specified in

the 

code

attribute of the 

applet

tag shown previously.

There are various tools available that can decompile Java bytecode. The fol-

lowing example shows partial output from one such tool, Jad:

E:\>jad.exe JavaGame.class

Parsing JavaGame.class... Generating JavaGame.jad

E:\>type JavaGame.jad

// Decompiled by Jad v1.5.8f. Copyright 2001 Pavel Kouznetsov.

// Jad home page: http://www.kpdus.com/jad.html

// Decompiler options: packimports(3)

// Source File Name:   JavaGame.java

import java.applet.Applet;

import java.awt.Graphics;

public class JavaGame extends Applet

{

public int getScore()

{

play();

return score;

}

public String getObsScore()

{

return obfuscate(Integer.toString(score) + “|” +

Double.toString(Math.random()));

}

public static String obfuscate(String input)

{

Download 5,76 Mb.

Do'stlaringiz bilan baham: