• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

JBET

Description

The Java Binary Enhancement Tool (JBET) is a general Java program analysis and manipulation tool. Existing class files can be disassembled, reassembled, or edited programmatically through the JBET API. JBET can also be used to create new Java class files from scratch. JBET uses a convenient internal representation of all the contents of Java binary (.class) files, allowing the user to edit the classes easily, in a structured manner.

JBET was developed as part of the DARPA Self-Protecting Mobile Agents project under the OASIS and Active Networks programs (contract number N66001-00-C-8602) in order to study automated software obfuscation. The Java language was chosen for this project because of the (relative) ease of constructing binary editing tools provided by the large amount of type information present in the class files. Our two reports, the Obfuscation Techniques Evaluation Report, and the Obfuscation Report, are available from the download area. The obfuscation tool developed is not part of this release.

JBET was also used in the DARPA/AFRL Survivable Server project (contract number F30602-00-C-0183) to add additional security checks to the Java Standard Library. (The Java SecurityManager API does not support many desirable security checks, such as continued authorization of file accesses after opening.) JBET was used to replace the native method references in the Java standard library with stubs that call a pluggable security policy. This tool, called Jpolicy, is also available for download at this website. Jpolicy is very incomplete at this time, but may be interesting to those working in Java security or changing the standard library themselves.

The internal representation

The internal representation of Java class files used by JBET is intented to make it easy for programmers to write Java binary code transforms. Each element of Java class files has a corresponding internal data structure: ClassInfo for entire classes, MethodInfo for methods, FieldInfo for fields, Snippit for code blocks, and Instruction for individual instructions. Snippit and Instruction understand Java opcode syntax and semantics, allowing automated creation of valid Java programs. A Java-compatible class verifier is also included.

The graph representation of code

Some code transforms are difficult to program directly by manipulating Java instructions. For those transforms, a directed acyclic graph (DAG) representation of code is available. In the DAG representation, each basic block has a corresponding DAG, with a set of input and output nodes. Edges in the graph connect "producer" nodes (such as constants, or the result of calculations) to "user" nodes (such as method calls or other calculations). Methods are divided into basic blocks and control flow is stored at the basic block level (possible because Java has only fixed jump targets)

Supported Platforms

JBET requires a Java 1.4 virtual machine to run, although it can operate on class files from earlier Java versions. The packaging and build environment supplied supports Linux and Windows with Cygwin; however, the build process is simple and could be performed manually on other platforms. Perl is required for regression testing.

Jpolicy requires a Java 1.4 virtual machine to build, either Linux or Windows NT/XP with Cygwin. gcc is required for building on Windows (supplied with Cygwin). The runtime system can be either Java 1.3 or 1.4 (with Sun's JVM only), running on Linux or Windows NT/XP. Windows 9x and Windows 2000 may work as well, but have not been tested.

Developers

• Andrew Reisse
• Larry D'Anna
• Tom Van Vleck
• Lee Badger
• Brian Matt

Current Status

The latest version is Version 3, Release 1.

License

JBET is free software, available under a BSD-style license:

Copyright (c) 2003 Networks Associates Technology, Inc.

This software was developed under DARPA/SPAWAR contracts N66001-00-C-8602 "SPMA" and F30602-00-C-0183 "Survivable Server" as part of the DARPA OASIS research program.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Downloads

• The JBET software: jbet3-R1.tgz.
• A prebuilt JAR file of JBET: jbet3-R1.jar.
• SPMA Obfuscation Techniques Evaluation Report: obfeval.pdf.
• SPMA Obfuscation Report: obfreport.pdf.

Point of Contact

To contact the developers of this project, please email ISSO-jbet at sparta.com.