ID photo of Ciro Santilli taken in 2013 right eyeCiro Santilli OurBigBook logoOurBigBook.com  Sponsor 中国独裁统治 China Dictatorship 新疆改造中心、六四事件、法轮功、郝海东、709大抓捕、2015巴拿马文件 邓家贵、低端人口、西藏骚乱

CIA 2010 covert communication websites / JAR reverse engineering

TODO it would be cool to have a look at the JARs and see if they have anything in common that makes for a good fringerprint. Would not help find new ones, but would help to confirm possible hits.
The most advanced reverse engineering effort so far has been by GitHub user quat1024, an undergratuate student at Ohio State University, Minecraft modding extraordinaire and furry afficionado. Minecraft is written in Java, which may partly explains his Java skills.
He managed to deobfuscate the strings present inthe JARs using Enigma, possibly github.com/FabricMC/Enigma, a Java reverse engineering tool. Cool findings on web.archive.org/web/20110208072027/http://newsupdatesite.com/update.jar include:
  • applet.configs1 deobfuscated contains a date:
     Fri Feb 05 12:04:29 EST 2010
    Also cool is the present of a timeszone, "EST" unsurprisingly.
web.archive.org/web/20110208072027/http://newsupdatesite.com/update.jar unzips to:
.
./c
./c/b
./c/b/b.class
./c/b/c.class
./c/b/d.class
./c/b/a
./c/b/a/a.class
./c/b/a/b.class
./c/b/a/c.class
./c/b/a/d.class
./c/a
./c/a/a.class
./c/a/b.class
./c/a/c.class
./b
./b/a
./b/a/a
./b/a/a/e.class
./b/a/a/f.class
./b/a/a/a.class
./b/a/a/b.class
./b/a/a/g.class
./b/a/a/c.class
./b/a/a/d.class
./META-INF
./META-INF/MANIFEST.MF
./a
./a/cre
./a/a
./a/a/b
./a/a/b/a.class
./a/a/a
./a/a/a/e.class
./a/a/a/applet.configs
./a/a/a/b
./a/a/a/b/e.class
./a/a/a/b/f.class
./a/a/a/b/b.class
./a/a/a/b/g.class
./a/a/a/b/c.class
./a/a/a/b/d.class
./a/a/a/b/a
./a/a/a/b/a/a.class
./a/a/a/b/a/b.class
./a/a/a/b/a/c.class
./a/a/a/c.class
./a/a/a/d.class
./a/a/a/a
./a/a/a/a/a.class
so it is fully obfuscated.
./META-INF/MANIFEST.MF
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.7.1
Created-By: 1.5.0_17-b04 (Sun Microsystems Inc.)
Other files whose existence might help to fingerprint include:
  • a/a/a/applet.configs
  • empty a/cre
A quick:
find . -type f | xargs strings | sort -u
does not reveal any obvious cryptography calls.
web.archive.org/web/20110207204640/http://flyingtimeline.com/aircraft.jar is very similar looking. META-INF/MANIFEST.MF is identical:
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.7.1
Created-By: 1.5.0_17-b04 (Sun Microsystems Inc.)
web.archive.org/web/20110202185659/http://differentviewtoday.com/bwm.jar is a bit different with tree:
META-INF/MANIFEST.MF
a/a.class
b/a/a/a.class
b/a/a/b.class
b/a/a/c.class
b/a/b/a.class
b/a/b/b.class
b/a/b/c.class
b/a/b/d.class
b/a/b/e.class
b/a/bw.properties
b/a/c.class
c/a/a/a.class
c/a/a/b.class
c/a/a/c.class
c/a/a/d.class
c/a/b.class
c/a/c.class
c/a/d.class
c/a/e.class
c/b/a.class
c/b/b.class
c/b/c.class
and:
META-INF/MANIFEST.MF
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.6.5
Created-By: 1.5.0_12-b04 (Sun Microsystems Inc.)

Ancestors (15)

  1. Communication mechanism
  2. Reverse engineering
  3. Methodology
  4. CIA 2010 covert communication websites
  5. Central Intelligence Agency
  6. American intelligence agency
  7. United States Intelligence Community
  8. Intelligence community
  9. Secret service
  10. Espionage
  11. War
  12. Social science
  13. Scientific method
  14. Science
  15. Home