Unpacking Odin Anticheat

Edit: This JAR was protected with the Paramorphism Java obfuscator by Anthony Som. Edit #2: Removed JAR link at request of the author. While this JAR wasn’t too hard to poke around in and figure out what is going on, I found this one of the more unique obfuscations I have seen in attempting to prevent Java reverse-engineering. In this image, we can see the JAR has duplicated entries. I later found out after attempting to use my own Java obfuscator, Radon, to deobfuscate the JAR using my shrinker transformers, the entry duplication results in the fake classes being written to the JAR instead of the correct ones. [Read More]

Patching Java-AntiDecompiler

Site of Product: https://www.bisguard.com/ Java-AntiDecompiler is an anti-reverse-engineering product by BIS Guard & Co. which encrypts Java classes and decrypts them on runtime and loads them into memory. This writeup is intended to show how the weak anti-attachment mechanism protection in Java-AntiDecompiler can be easily disabled in under 2 minutes with Krakatau allowing for easy access to the classes loaded in memory. First, let’s disassemble the entry point method (main) with Krakatau [Read More]