Ciro Santilli
OurBigBook.comTODO it would be cool to have a look at the JARs and see if they have anything in common that makes for a good fringerprint. Would not help find new ones, but would help to confirm possible hits.
The most advanced reverse engineering effort so far has been by GitHub user quat1024, an undergratuate student at Ohio State University and Minecraft modding extraordinaire. Minecraft is written in Java, which partly explains his Java skills.He managed to deobfuscate the strings present inthe JARs using Enigma, possibly github.com/FabricMC/Enigma, a Java reverse engineering tool. Cool findings on web.archive.org/web/20110208072027/http://newsupdatesite.com/update.jar include:
applet.configs1deobfuscated contains a date:Also cool is the present of a timeszone, "EST" unsurprisingly.Fri Feb 05 12:04:29 EST 2010
.
./c
./c/b
./c/b/b.class
./c/b/c.class
./c/b/d.class
./c/b/a
./c/b/a/a.class
./c/b/a/b.class
./c/b/a/c.class
./c/b/a/d.class
./c/a
./c/a/a.class
./c/a/b.class
./c/a/c.class
./b
./b/a
./b/a/a
./b/a/a/e.class
./b/a/a/f.class
./b/a/a/a.class
./b/a/a/b.class
./b/a/a/g.class
./b/a/a/c.class
./b/a/a/d.class
./META-INF
./META-INF/MANIFEST.MF
./a
./a/cre
./a/a
./a/a/b
./a/a/b/a.class
./a/a/a
./a/a/a/e.class
./a/a/a/applet.configs
./a/a/a/b
./a/a/a/b/e.class
./a/a/a/b/f.class
./a/a/a/b/b.class
./a/a/a/b/g.class
./a/a/a/b/c.class
./a/a/a/b/d.class
./a/a/a/b/a
./a/a/a/b/a/a.class
./a/a/a/b/a/b.class
./a/a/a/b/a/c.class
./a/a/a/c.class
./a/a/a/d.class
./a/a/a/a
./a/a/a/a/a.class./META-INF/MANIFEST.MFManifest-Version: 1.0
Ant-Version: Apache Ant 1.7.1
Created-By: 1.5.0_17-b04 (Sun Microsystems Inc.)Other files whose existence might help to fingerprint include:
a/a/a/applet.configs- empty
a/cre
A quick:does not reveal any obvious cryptography calls.
find . -type f | xargs strings | sort -uweb.archive.org/web/20110207204640/http://flyingtimeline.com/aircraft.jar is very similar looking.
META-INF/MANIFEST.MF is identical:Manifest-Version: 1.0
Ant-Version: Apache Ant 1.7.1
Created-By: 1.5.0_17-b04 (Sun Microsystems Inc.)web.archive.org/web/20110202185659/http://differentviewtoday.com/bwm.jar is a bit different with tree:and:
META-INF/MANIFEST.MF
a/a.class
b/a/a/a.class
b/a/a/b.class
b/a/a/c.class
b/a/b/a.class
b/a/b/b.class
b/a/b/c.class
b/a/b/d.class
b/a/b/e.class
b/a/bw.properties
b/a/c.class
c/a/a/a.class
c/a/a/b.class
c/a/a/c.class
c/a/a/d.class
c/a/b.class
c/a/c.class
c/a/d.class
c/a/e.class
c/b/a.class
c/b/b.class
c/b/c.classMETA-INF/MANIFEST.MF
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.6.5
Created-By: 1.5.0_12-b04 (Sun Microsystems Inc.)