CORBA Packet Sniffing/Class Patching Hack

Posted 2008-12-08 in Java by Johann.

This is a nasty, ugly hack for situations where you are forced at gunpoint to deal with the abomination that is CORBA. It lets you see incoming CORBA data – without using an actual packet sniffer/network protocol analyzer.

What we will be doing is:

  1. Take the source from one JDK class
  2. modify it and
  3. place it before the actual JDK class with the -Xbootclasspath/p: switch.

In essence, this lets you patch or edit any JDK or application class, which is good for a variety of scenarios, including closed-source software.

The Class

The class to patch is com.sun.corba.se.impl.encoding.EncapsInputStream. This class is responsible for receiving the GIOP-encoded CORBA data.

The original constructor code:

    public EncapsInputStream(org.omg.CORBA.ORB orb, byte[] buf, 
                 int size, boolean littleEndian,
                 GIOPVersion version) {
        super(orb, ByteBuffer.wrap(buf), size, littleEndian,
          version, Message.CDR_ENC_VERSION,
          BufferManagerFactory.newBufferManagerRead(
                      BufferManagerFactory.GROW,
                      Message.CDR_ENC_VERSION,
                      (ORB)orb));

    wrapper = ORBUtilSystemException.get( (ORB)orb, 
        CORBALogDomains.RPC_ENCODING ) ;

        performORBVersionSpecificInit();
    }

The Modification

Modifying this class involves creating the ByteBuffer in a static method and printing the data contained in buf there. Something like this:

    private static ByteBuffer wrap(byte[] buf) {
        System.out.println(new HexDumpEncoder().encode(buf));
        return ByteBuffer.wrap(buf);
    }

    // corba/EncapsOutputStream
    // corba/ORBSingleton
    // iiop/ORB
    public EncapsInputStream(org.omg.CORBA.ORB orb, byte[] buf, 
                 int size, boolean littleEndian,
                 GIOPVersion version) {
        super(orb, wrap(buf), size, littleEndian,
          version, Message.CDR_ENC_VERSION,
          BufferManagerFactory.newBufferManagerRead(
                      BufferManagerFactory.GROW,
                      Message.CDR_ENC_VERSION,
                      (ORB)orb));

    wrapper = ORBUtilSystemException.get( (ORB)orb, 
        CORBALogDomains.RPC_ENCODING ) ;

        performORBVersionSpecificInit();
    }

The Launch

With the class patched, we need to prepend the directory or JAR it is located in to the bootstrap classpath.

>java -X
…
    -Xbootclasspath/p:<directories  ; by separated files jar zip and>
                      prepend in front of bootstrap class path

If your classes are compiled to the bin directory, -Xbootclasspath/p:bin is enough. You might need some libraries which can be appended to the bootstrap class path like so -Xbootclasspath/p:bin:lib/junit.jar:lib/wljmsclient.jar.

The Result

Each CORBA packet that your computer receives is neatly dumped to the console.

Subscribe

RSS 2.0, Atom or subscribe by Email.

Top Posts

  1. DynaCloud - a dynamic JavaScript tag/keyword cloud with jQuery
  2. 6 fast jQuery Tips: More basic Snippets
  3. xslt.js version 3.2 released
  4. xslt.js version 3.0 released XML XSLT now with jQuery plugin
  5. Forum Scanners - prevent forum abuse
  6. Automate JavaScript compression with YUI Compressor and /packer/

Categories

Navigation