BSidesSF 2023 Writeups: Flat White (simpler Java reversing)

This is a write-up for flat-white and flat-white-extra-shot, which are easier Java reverse engineering challenges.


Back in February when I worked on CVE-2023-0669, I had to learn a bunch of Java stuff quickly! The vulnerability is basically a Java object that’s serialized and encrypted with a static key. I’m actually writing this challenge and CTF write-up on February 8, 2023, only a couple days after the AttackerKB write-up of the vulnerability. Now that’s a pipeline!

In order to reverse engineer the encryption code, I wanted to make sure I was getting the correct values and found myself trying to call a variety of functions in their .jar files, some of which were protected or private. I’d never done that before, so I had to learn how! And it seemed like a useful skill to pass on to others, hence this challenge.

It turns out, it’s super simple. If it’s a public function in a .jar file, you can just call the function from your code:

public class Solve
  public static void main(String[] args) {

And then include the .jar file in your classpath when you compile:

$ javac -cp '.:FlatWhite.jar'
$ java -cp '.:FlatWhite.jar' Solve

If it’s a private function, which is what flat-white-extra-shot uses, it’s a bit more complex. Instead of just calling the function, you have to use reflection:

import java.lang.reflect.Method;

public class Solve
  public static void main(String[] args) throws Exception {
    Method method = org.bsidessf.ctf.Flag.class.getDeclaredMethod("printFlag");

Then you can compile and run it the same way:

$ javac -cp '.:FlatWhiteExtraShot.jar'
$ java -cp '.:FlatWhiteExtraShot.jar' Solve

And by the way, the reason for the name, besides being a type of coffee drink and thematically fitting in with the Java idea, is because my co-creator Matir ordered one at a recent meetup and I didn’t know what it was. So this is to honor him and his great taste in drinks!


Join the conversation on this Mastodon post (replies will appear below)!

    Loading comments...