Example PoC of ACE to link on README.md about threadtear HOT 6 OPEN

Interesting, didn't know you could bypass the security manager like that. Check out the latest commit.

from threadtear.

If you find another bypass, let me know!

from threadtear.

Your latest commit will actually break your other executions in certain cases (notably, the ones for Stringer) as some decryptor methods actually make use of some of the classes you prohibited with that commit.

Examples:

• Stringer 3.x.x string encryption with bytecode integrity checking (uses the Sun API to fetch the constant pool size of the callee's containing class).
• Stringer 3.x.x/9.x.x string encryption with JAR integrity checking which utilizes java.lang.reflect to check parts of the JAR to compute a key.
• Stringer 3.x.x/9.x.x hide access obfuscation which utilizes classes from java.lang.reflect to produce either CallSite or a java.lang.reflect.{Method/Field} to the appropriate class member.

Furthermore, the presence of the VM can still be found with something such as if (PoC.class.getClassLoader().getClass().getName().startsWith("me.nov")) throw new RuntimeException("Found deobfuscator instance").

from threadtear.

Oops, didn't notice that. You can't really hide the VM instance, but that's not that important IMO. Gotta find a workaround for that.

from threadtear.

It is gonna be pretty hard to block bypasses using reflection, as ReflectPermission does not provide a way to get the context (e. g. allow reflection for everything, except java.lang.System). For now I'm disabling reflection checks for these executions you listed.

from threadtear.

Java doesn't allow me to redefine java.lang.reflect.AccessibleObject either. Still haven't found any way to only block certain reflection.

from threadtear.