Math Obfuscation Of Java Bytecode

Earlier today, I visited the Tigress C obfuscator website today (I haven’t for awhile) and it looks much nicer now ;). Anyways, something that particularly interested me was Tigress’s page on EncodeArithmetic. Since I, a maintainer of a Java bytecode obfuscator, am always looking for cool things to try, found the book they linked of interest.

In said book, several identities are given (if the notation is unfamiliar to you, perhaps visit Wikipedia’s page on Boolean Algebra) but here are the ones relevant to today’s blog post

Now, the relevant opcodes for these identities are ineg, iadd, isub, ixor, ior, and iand.

Note that Java’s logical operator NOT is not present in the identities. This is because $\neg x$ is compiled to $x\oplus-1$.

Also note that these “identities” are not limited to just the ones I just ran through - there are a lot more if you choose to find them yourself. With some creativity, you can apply this not only to integers, but floats as well.

Here are some of what the above identities implemented as a transformer would do:

ineg

Before

iload 0   // x
ineg

After

iload 0   // x
iconst_m1
ixor
iconst_1
iadd

iadd

Before

iload 0   // x
iload 1   // y
iadd

After

iload 0   // x
iload 1   // y
ior
iconst_1
ishl
iload 0   // x
iload 1   // y
ixor
isub

isub

Before

iload 0   // x
iload 1   // y
isub

After

iload 0   // x
iload 1   // y
iconst_m1
ixor
iadd
iconst_1
iadd

ixor

Before

iload 0   // x
iload 1   // y
ixor

After

iload 0   // x
iload 1   // y
ior
iload 0   // x
iload 1   // y
iand
isub

ior

Before

iload 0   // x
iload 1   // y
ior

After

iload 0   // x
iload 1   // y
iconst_m1
ixor
iand
iload 1   // y
iadd

iand

Before

iload 0   // x
iload 1   // y
iand

After

iload 0   // x
iconst_m1
ixor
iload 1   // y
ior
iload 0   // x
iconst_m1
ixor
isub

Continue Reading »

Ice Cream In Isolation

Isolation. The fearful enemy.. the enemy who takes away the feeling of life. Together with COVID-19… a powerful couple which completely drains even the strongest of all purpose. Every day we spend in isolation is another day we spend our short lives doing nothing. However, a worthy opponent approaches! And that worthy opponent is… salted caramel ice cream! Oh, how salted caramel ice scream is so brave… it fights off the possessiveness of isolation and restores life to us all! Salted caramel ice cream is our true hero in these dark times.

Thank you for attending my TED talk. Have a good night folks!

Continue Reading »

Warsaw Crackme 1

Link: http://crackmes.cf/users/warsaw/java_crackme_1.1/
Answer: -975145735

Chucking this into MapleIL gives us

public final class Code extends java/io/PrintStream {
     // Code.main([Ljava/lang/String;)V
     public static final synchronized void main(java.lang.String[] arg0) {
         A:
            lvar0 = arg0
         B:
         C: // Exception handler: Block G [java.lang.Throwable]
            goto D
         D: // Exception handler: Block G [java.lang.Throwable]
            if (java.lang.Integer.decode(lvar0[0]).intValue() * -37 + 42 != 1720653869)
               goto E
         F: // Exception handler: Block G [java.lang.Throwable]
            lvar2 = "Correct!"
            goto H
         E: // Exception handler: Block G [java.lang.Throwable]
            lvar2 = "Incorrect"
         G: // Exception handler: Block G [java.lang.Throwable]
            lvar1 = catch()
            lvar2 = "Please enter a 32bit signed int"
            goto H
         H: // Exception handler: Block G [java.lang.Throwable]
            java.lang.System.out.println(lvar2)
            return
     }
}

Now it seems like obviously you just solve for the inverse of $f(x)=x*-37 + 42$ which is $f(x)^{-1}=\frac{x-42}{-37}$, but you will find that if you try to do this, you won’t be able to obtain the correct key. This is because the intended solution relies on the reverser to solve for integer overflowing. I’m way too lazy to do that so I just bruteforced the correct key through jshell.

jshell> for (int i = 0; i < Integer.MAX_VALUE; i++) { if ((i * 37) == (1720653869 - 42)) System.out.println(i); }
975145735

Therefore, the answer is -975145735.

Continue Reading »

Euler's Integral Of The Second Kind

Evaluate $\displaystyle \int_1^\infty \left(\frac{\ln x}{x}\right)^{2011}\,dx$.

I had this rather fun problem on my calculus homework so I thought I should share a solution :0

We can rewrite this integral to $\displaystyle\int_1^\infty\frac{\ln x^{2011}}{x^{2011}}\,dx$ and then try integration by parts. Let $u=\ln^{2011}x$ and $dv = x^{-2011}\,dx$. This gives us

Integrating by parts gives us

Note that because $2010x^{2011}$ will dominate $\ln^{2011}x$ as $x$ approaches $\infty$, we can assume the first term to be to be $0$. Therefore, we are left with $\displaystyle\frac{2011}{2010}\int_{1}^\infty\frac{\ln^{2010}x}{x^{2011}}\,dx$.

By repeating integration by parts, we eventually begin to see a pattern

Formally, we can use induction to show that $\displaystyle \int_1^\infty\frac{\ln^{2011}x}{x^{2011}}\,dx=\boxed{\frac{2011!}{2010^{2012}}}$ or we could just notice how the exponent in the numerator changes in relation to the constant we move outside the integral each time we integrate by parts.


Alternative solution

We noted that we were able to solve this problem via integrating successively; however, there is a much quicker and cleaner way to evaluate this integral by utilizing Euler’s integral of the second kind.

In short, Euler’s integral of the second kind describes a derived form of the gamma function $\Gamma(n)=(n-1)!$. When put in integral form, we get $\displaystyle\Gamma(z)=\int_0^\infty x^{z-1}e^{-x}\,dx$.

To show this is relevant to our problem, we integrate by substitution. Let $u=\ln x$ and $x=e^u$. This gives us $dx = e^u\,du$. Therefore

By letting $z=2010$, we can rewrite the integral as

Continue Reading »

Infinite Nested Radicals

Not too long ago, a person who shall not be named challenged me to a math problem apparently believing I wouldn’t be able to solve it. Little did they know I had been introduced to it when I took intro to number theory. ;)

Despite the solution being quite easy, I consider this to be one of my favorite problems. Therefore, I shall do a writeup.

The problem is to solve for $x$

These kind of problems are called infinitely nested radicals and look daunting but are actually quite easy to solve. The hurdle people are confused by is the concept of infinity. For this particular case, the trick is just realizing that $x$ appears in its own definition.

Using the quadratic formula and verifying your outputs will give you $\boxed{\frac{1+\sqrt{21}}{2}}$ as the answer.

Now, here’s a challenge for you :)

Find $x$ when

Continue Reading »