Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

In Java 6 and before, classes were verified at runtime with a special verifier which would emulate if the actions were legal or not.

In Java 7 and after, there is compiler information added known as Stack Map Frames that make it trivially easy to verify whether or not a class is legit or not.

The remain backwards compatible, both of these methods are still added with each version of Java; they are compiled into separate libraries. Different methods are used depending on the version of the class file.

So, what is the vulnerability here? Well, it is pretty simply: let's just hook the libraries! Because these libraries have no protections, we can hook the functions in Rust and return true.

This does not feel as useful as first finding (in older versions), as it cannot be used in browser exploits. However, this still does have impact, if running the code on your local machine.