[arbiter]

Whipped up a quickie example of how to apply reverse engineering principles and Java ASM Tree API to an existing code base. I hope some of you find it useful for purely educational purposes. The GNU General Public License applies, as included in the source zip.

Executable: idea-toolkit-1.0.1.jar
Example Usage: java -jar idea-toolkit-1.0.1.jar "C:\Program Files (x86)\JetBrains\IntelliJ 15.0.3\lib\idea.jar"
Source: idea-toolkit-1.0.1-sources.zip

The process itself is simple. It locates a particular class of interest with some crude identifiers. Then it manipulates a key method that originally decrypts the user submitted input and returns the decrypted, (mostly) JSON result. It replaces this method with simply piping the input through to the output with no decryption. Now one could provide an un-encrypted input like the one below and the whole decryption process would be avoided. Since this logic is common among their multiple products, this process will work across all of them.

For any curious souls, this method works for all of the following products.

• IntelliJ 15.0.3 [Confirmed - C:\Program Files (x86)\JetBrains\IntelliJ 15.0.2\lib\idea.jar]
  
• PhpStorm 10.0.3, 10.0.4, 2016.2.1 [Confirmed - C:\Program Files (x86)\JetBrains\PhpStorm 10.0.3\lib\phpstorm.jar]
• WebStorm
• PyCharm
• RubyMine
• AppCode
• CLion
• ReSharper
• dotMemory
  
• dotCover

Commercial-
{
  "licenseId": "Commercial",
  "licenseeName": "Arbiter",
  "products": [
  {
  "code": "II",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "PS",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "WS",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "PC",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "RM",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "AC",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "CL",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "RS0",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "DM",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "DC",
  "paidUpTo": "2038-01-19"
  }
  ]
}

Legacy Versions:

Spoiler

Executable: idea-toolkit-1.0.0.jar
Example Usage: java -jar idea-toolkit-1.0.0.jar "C:\Program Files (x86)\JetBrains\IntelliJ 15.0.2\lib\idea.jar"
Source: idea-toolkit-1.0.0-sources.zip

 

[viewer]

 

[infidelallah]

Woah, This is a really good starting point for me, I never really bothered to look into java RE but this gives me a good place to start. Any small games/projects that you would suggest tinkering with?

 

[creativeself]

Thats awesome, as an aspiring reverse engineer I find this highly motivational. Did you just use a Java Decompiler and locate the "Particular class of interest"?. How did you know which class to find?

 

[savior]

I wish it was educational, but just looking at the source doesn't help me understand shit lol. GJ tho!

 

[eagles13]

@Arbiter It doesn't seem to work with PyCharm.

 

[arbiter]

@Arbiter It doesn't seem to work with PyCharm.

Haven't tested with PyCharm, but what jar are you running this tool yet? You could unzip it and make sure the path it's looking for exists. Let me know your findings.
 
Version 1.0.1 adapts to some changes JetBrains made in an update to certain products, such as PhpStorm and PyCharm, that broke the previous pattern. New pattern has been tested against both those that were and weren't broken by this update. @Eagles13 @frazboyz

 

[infidelallah]

Found this:

Bytecode Viewer - Java & Android APK Reverse Engineering Suite/Tool

Konloch/bytecode-viewer · GitHub

Bytecode Viewer - The Bytecode Club Wiki

 

[arbiter]

Found this:

Bytecode Viewer - Java & Android APK Reverse Engineering Suite/Tool

Konloch/bytecode-viewer · GitHub

Bytecode Viewer - The Bytecode Club Wiki

Bytecode Viewer is good, but for rapid manipulation I use JBE - Java Bytecode Editor. It allows for inline modification, but will require the ability to write bytecode from scratch.

 

[infidelallah]

mhm, Digging around really fast,

For really really new people, glanced at this guys blog and contained decent info
Hacking Java Bytecode for Programmers (Part1) -The Birds and the Bees of Hex Editing

haven't done of them, But taking a glance they look solid, Will prob do them soon and report back.
CrackMes - The Bytecode Club Wiki



Time to go find some applets to play around with...

 

[arbiter]

mhm, Digging around really fast,

For really really new people, glanced at this guys blog and contained decent info
Hacking Java Bytecode for Programmers (Part1) -The Birds and the Bees of Hex Editing

haven't done of them, But taking a glance they look solid, Will prob do them soon and report back.
CrackMes - The Bytecode Club Wiki



Time to go find some applets to play around with...

Search for simple Java games. Those are always a good place to start. Plus infinite health is always fun.
 
Confirmed working with IntelliJ 15.0.3 and PyCharm.

 

[eagles13]

Works on OSX. Noice.

 

[frazboyz]

@Arbiter This works for RubyMine, Clion and Webstorm aswell.

 

[liamjke]

Hey @Arbiter, is it possible that you could reupload the source?

I am curious about how you knew what to look for with the identifier. I am a noob at this and want to learn, how did you know where to look once you decompiled idea.jar, is there a way to step through the obfuscated code or see what happens?

 

[sami muhammed]

Version 1.0.1 adapts to some changes JetBrains made in an update to certain products, such as PhpStorm and PyCharm, that broke the previous pattern. New pattern has been tested against both those that were and weren't broken by this update. @Eagles13 @frazboyz

Starting with version 2017.2.1 , even though the class of interest is found and manipulated, it doesn't seem to work

 

[infidelallah]

Can we get a reupload or source on svn/git somewhere?