Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

Sign up now!

Resource [Educational] Reverse Engineering Example - IntelliJ 15.0.2 & Other JetBrains Products

Mod Automation
Joined
Jul 26, 2013
Messages
2,986
Whipped up a quickie example of how to apply reverse engineering principles and Java ASM Tree API to an existing code base. I hope some of you find it useful for purely educational purposes. The GNU General Public License applies, as included in the source zip.

Executable: idea-toolkit-1.0.1.jar
Example Usage: java -jar idea-toolkit-1.0.1.jar "C:\Program Files (x86)\JetBrains\IntelliJ 15.0.3\lib\idea.jar"
Source: idea-toolkit-1.0.1-sources.zip

The process itself is simple. It locates a particular class of interest with some crude identifiers. Then it manipulates a key method that originally decrypts the user submitted input and returns the decrypted, (mostly) JSON result. It replaces this method with simply piping the input through to the output with no decryption. Now one could provide an un-encrypted input like the one below and the whole decryption process would be avoided. Since this logic is common among their multiple products, this process will work across all of them.

For any curious souls, this method works for all of the following products.
  • IntelliJ 15.0.3 [Confirmed - C:\Program Files (x86)\JetBrains\IntelliJ 15.0.2\lib\idea.jar]
  • PhpStorm 10.0.3, 10.0.4, 2016.2.1 [Confirmed - C:\Program Files (x86)\JetBrains\PhpStorm 10.0.3\lib\phpstorm.jar]
  • WebStorm
  • PyCharm
  • RubyMine
  • AppCode
  • CLion
  • ReSharper
  • dotMemory
  • dotCover

JavaScript:
Commercial-
{
  "licenseId": "Commercial",
  "licenseeName": "Arbiter",
  "products": [
  {
  "code": "II",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "PS",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "WS",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "PC",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "RM",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "AC",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "CL",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "RS0",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "DM",
  "paidUpTo": "2038-01-19"
  },
   {
  "code": "DC",
  "paidUpTo": "2038-01-19"
  }
  ]
}

Legacy Versions:
Executable: idea-toolkit-1.0.0.jar
Example Usage: java -jar idea-toolkit-1.0.0.jar "C:\Program Files (x86)\JetBrains\IntelliJ 15.0.2\lib\idea.jar"
Source: idea-toolkit-1.0.0-sources.zip
 
Last edited:
Discretion is advised
Joined
Jan 2, 2014
Messages
306
YiGCg7T.jpg
 
Joined
Nov 22, 2015
Messages
45
Woah, This is a really good starting point for me, I never really bothered to look into java RE but this gives me a good place to start. Any small games/projects that you would suggest tinkering with?
 
Joined
Jul 16, 2015
Messages
212
Thats awesome, as an aspiring reverse engineer I find this highly motivational. Did you just use a Java Decompiler and locate the "Particular class of interest"?. How did you know which class to find?
 
Java Warlord
Joined
Nov 17, 2014
Messages
4,906
I wish it was educational, but just looking at the source doesn't help me understand shit lol. GJ tho! :)
 
Mod Automation
Joined
Jul 26, 2013
Messages
2,986
@Arbiter It doesn't seem to work with PyCharm.
Haven't tested with PyCharm, but what jar are you running this tool yet? You could unzip it and make sure the path it's looking for exists. Let me know your findings.
 
Version 1.0.1 adapts to some changes JetBrains made in an update to certain products, such as PhpStorm and PyCharm, that broke the previous pattern. New pattern has been tested against both those that were and weren't broken by this update. @Eagles13 @frazboyz
 
Mod Automation
Joined
Jul 26, 2013
Messages
2,986
mhm, Digging around really fast,

For really really new people, glanced at this guys blog and contained decent info
Hacking Java Bytecode for Programmers (Part1) -The Birds and the Bees of Hex Editing

haven't done of them, But taking a glance they look solid, Will prob do them soon and report back.
CrackMes - The Bytecode Club Wiki



Time to go find some applets to play around with...
Search for simple Java games. Those are always a good place to start. Plus infinite health is always fun. :)
 
Confirmed working with IntelliJ 15.0.3 and PyCharm.
 
Joined
Mar 14, 2016
Messages
1
Hey @Arbiter, is it possible that you could reupload the source?

I am curious about how you knew what to look for with the identifier. I am a noob at this and want to learn, how did you know where to look once you decompiled idea.jar, is there a way to step through the obfuscated code or see what happens?
 
Joined
Aug 4, 2017
Messages
1
Version 1.0.1 adapts to some changes JetBrains made in an update to certain products, such as PhpStorm and PyCharm, that broke the previous pattern. New pattern has been tested against both those that were and weren't broken by this update. @Eagles13 @frazboyz

Starting with version 2017.2.1 , even though the class of interest is found and manipulated, it doesn't seem to work
 
Top