Iwan. J :
I'm looking to overwrite a method in the com.sun.crypto.provider.AESCrypt
class at run time to aid in reverse engineering a piece of malware, the malware uses a custom AES implementation that I am trying to replicate in the expandToSubKey
method. How would I go about overwriting the method at run time so that I could setup a standard AES decrypt method to use my modified function
ilooner :
This is possible. There seem to be two approaches.
- ClassTransformer Approach: Transform the byte code for the
com.sun.crypto.provider.AESCrypt
class when you start the java process using java assist. There is a very good blog outlining everything you need to do here. - Boot Classpath Approach: This is probably the easiest way to go. Java has a mechanism that allows you to patch core java classes for your application, this mechanism is the boot classpath and is described in this book.