[Cp-tools-discuss] java assembler/disassembler

[Daniel Reynaud]

Hello,

I have had some discussion with the guys at address@hidden about some 
tools I am working on. I am currently studying the security of J2ME, and I 
decided I would focus on the KVM verifier. However I have not found any 
tools for generating invalid class files easily, I have therefore decided to 
write my own. I am actively working on them, they are not quite finished for 
the moment but some early releases are available on 
http://tinapoc.sourceforge.net.

I have seen you also had some discussion about this kind of tools, so tell 
me if you're interested. The toolkit includes :

- zip2xml : a "disassembler" for zip files (ie jar files too)

- xml2zip : same thing, kind of "assembler" for zip files

- dejasmin : a class disassembler, support for Jasmin output. However it 
includes some other interesting features as well, I have designed it to 
allow for the analysis of malware, so it should also work against 
broken/invalid/truncated class files. It can also dump the *whole* content 
of a class (even attributes it doesn't recognize or unused constant pool 
items). It makes use of the BCEL to produce Jasmin output, otherwise I have 
developed a very basic API to parse class files.

- jasmin : Jon Meyer added me as a developer of Jasmin, so I am now working 
on an updated version of Jasmin. The goal is to extend the language so that 
we have more control over the generated classes and include new features of 
the Java language. For example, I have added support for offsets instead of 
labels as branch targets. I am also going to include support for Signature 
and StackMap attributes.


I would be interested to know what you think about this project.

Regards,
Daniel