You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the wrong tools it will for sure be a week long task to deobfuscate some jrat obfuscation.
Ghidra is an inferior tool for java bytecode analysis. Ghidra has absolutely no focus on java bytecode.
Java bytecode has no direct memory access capabilities, uses a stack and has other limitations, Ghidra having java bytecode support is very basic thing.
After analysis of the obfuscation used, using decompilers and deobfuscators up to the task (like bytecodeviewer + krakatau)
deobfuscation using the there-linked java-deobfuscator is a handleable task, reversal of the jrat sample shall be a thing of minutes to hours (depending on whether own transformer for java bytecode has to be written, how complex the obfuscation is, own knowledge and experience. etc).
The text was updated successfully, but these errors were encountered:
With the wrong tools it will for sure be a week long task to deobfuscate some jrat obfuscation.
Ghidra is an inferior tool for java bytecode analysis. Ghidra has absolutely no focus on java bytecode.
Java bytecode has no direct memory access capabilities, uses a stack and has other limitations, Ghidra having java bytecode support is very basic thing.
It shall be adviced to pick tools from this list: https://github.com/GenericException/SkidSuite
After analysis of the obfuscation used, using decompilers and deobfuscators up to the task (like bytecodeviewer + krakatau)
deobfuscation using the there-linked java-deobfuscator is a handleable task, reversal of the jrat sample shall be a thing of minutes to hours (depending on whether own transformer for java bytecode has to be written, how complex the obfuscation is, own knowledge and experience. etc).
The text was updated successfully, but these errors were encountered: