Menu
Suppose one learned that certain developer hardcoded a bunch of usernames and passwords into application, which made it into Production. Oh-oh ..!
You know both username and password - is there a way to scan the bytecode and identify whether in fact username, password was hardcoded?
650
A simple way to see what String literals are used in a ". class" file is to use the javap utility in your JDK installation to dump the file using the "-v" option. Then grep for text that looks like <String "..."> where ... is the String you are looking for.
A CLASS file is a compiled . JAVA file created by the Java compiler. It contains bytecode, which is binary program code that is executable when run by a Java Virtual Machine (JVM).
The language it produces is still bytecode (not anything like Java), but it's fairly readable and extremely instructive. Also, if you really want to, you can open up any . class file in a hex editor and read the bytecode directly. The result is identical to using javap .
What's in a class file? The Java class file contains everything a JVM needs to know about one Java class or interface. In their order of appearance in the class file, the major components are: magic, version, constant pool, access flags, this class, super class, interfaces, fields, methods, and attributes.
A simple way to see what String literals are used in a ".class" file is to use the javap utility in your JDK installation to dump the file using the "-v" option. Then grep for text that looks like <String "..."> where ... is the String you are looking for.
UPDATE
The latest documentation for javap is here, but the old version looks nicer IMO.
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
