A simple small trick that could destory lots of Decompilers

Question

A simple small trick that could destory lots of Decompilers

Closed this issue 6 years ago · 3 comments

Set Class & Package Name to Some format like
../../../../../../../test'\u0000'.class
This is Famous as Zip Slip trick.
You can see here:
https://github.com/snyk/zip-slip-vulnerability

Date Time Attr Size Compressed Name

2019-01-15 20:01:29 ..... 19 19 res.test
2019-01-15 20:01:29 ..... 20 20 ................................................................................\hello\test.java

2019-01-15 20:01:29 39 39 2 files
Result:
Console > Hello World!

And the Other is Encoding trick like this one:

See the cheat client this guy had uploaded:
java-deobfuscator/deobfuscator#358

JbyteMod will failed to load
http://prntscr.com/mg9g6h

Answer 1 · 2019-02-04T05:23:24.000Z

Can't you just use the repackage setting in the renamer to reproduce the same result?

Also, some encodings are platform-dependent so I'm not sure if I will implement that.

Answer 2 · 2019-02-04T07:11:52.000Z

if System == Windows
Encoding trick should work well

Answer 3 · 2019-02-04T07:12:47.000Z

You could close this.
Thanks for reply!