It is currently Mon Mar 18, 2024 11:42 pm

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
Offline
 Post subject: WBaduk Java client on Linux
Post #1 Posted: Mon Mar 30, 2015 1:08 pm 
Dies in gote

Posts: 43
Liked others: 4
Was liked: 22
Hi! So I wanted to try out CyberOro/WBaduk again after a while - on Linux, without Oracle Java. Well, that was a fun ride! This is a very raw and extremely technical guide, *not* really a step-by-step non-programmer thing, maybe someone will polish it up. (It took me about an hour to figure this out, especially the super-weird icedtea security restrictions, but it might have taken longer if I didn't have prior experience with creating cgoban-h.)

tl;dr - to make wbaduk run in IcedTea, grab the wbaduk app jar archive, hexedit the class file not to indirectly invoke System.exit(), then convince your firefox to run the customized applet.


Basically, the problem is that for Java applets, modern Linux distributions (esp. Debian) do not offer pre-packaged Oracle Java, but instead an open solution "IcedTea" - which is supposed to be more secure, but is somewhat more restrictive. So when you open the Java client, after some security confirmation dialogs you see just "please reopen web browser" popup. If you peek into ~/.xsession_errors (or stderr of firefox), you'll see an actual backtrace:

Code:
java.security.AccessControlException: Applets may not call System.exit()
        at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkExit(JNLPSecurityManager.java:391)
        at javax.swing.JFrame.setDefaultCloseOperation(JFrame.java:388)
        at com.cyberoro.wbaduk.CGameApp.<init>(CGameApp.java:65)
...


There seems to be no reasonable way to make icedtea allow System.exit(). So what does a hacker do? Let's fix the applet!

Code:
mkdir -p ~/go/wbaduk; cd ~/go/wbaduk
wget http://www.wbaduk.com/download/wbaduk_new.jar; unzip wbaduk_new.jar
wget http://varaneckas.com/jad/jad158e.linux.static.zip; unzip jad158e.linux.static.zip
./jad -s .java -t com/cyberoro/wbaduk/CGameApp.class


Looking at CGameApp.java constructor, we see a setDefaultCloseOperation(3); call there, and that was in the crash trace. So let's try what would happen if we made it pass for example zero?

Code:
javap -v -c gnu.bytecode.dump com/cyberoro/wbaduk/CGameApp.class | less
...
  public com.cyberoro.wbaduk.CGameApp();
    ...
        17: invokevirtual #83                 // Method setSize:(II)V
        20: aload_0       
        21: iconst_3     
        22: invokevirtual #87                 // Method setDefaultCloseOperation:(I)V


According to http://en.wikipedia.org/wiki/Java_bytec ... n_listings the bytecode instruction for iconst_3 is (confusingly) encoded as 0x06, while invokevirtual is 0xb6. Ok, let's open com/cyberoro/wbaduk/CGameApp.class in your favorite hexeditor (I used hed), find 0x06b6 in the file, and replace the 0x06 with 0x03, which is the repr of iconst_0. You can re-jed the file to verify that the call got updated.

Part of the jar archive is, conveniently, com.cyberoro.wbaduk.WBaduk1355292282641.html which we could just open as a disk file in firefox to make the wbaduk client run. In theory. In practice, icedtea will run it sandboxed (e.g. no network connection to wbaduk server) because the code is unsigned - jeez! One way to deal it would be re-packing the jar and signing it, but I just created (after a lot of fighting with lack of docs and the supposedly user friendly IcedTea GUI tools) file ~/.config/icedtea-web/security/java.policy containing

Code:
grant codeBase "file:///home/pasky/go/wbaduk" {
   permission java.security.AllPermission;
};


(edit for your path).

Now, just

Code:
firefox file:///home/pasky/go/wbaduk/com.cyberoro.wbaduk.WBaduk1355292282641.html


and things should go smoothly. I didn't get around to playing yet, but there are no graphics glitches and observing games, estimating score etc. works absolutely fine too!

(P.S.: Long-term solution might be to tell the developers to get rid of that function call; e.g. tightvncviewer used to have same problem, apparently. But I've heard that wbaduk people are not very responsive to emails... P.P.S.: Maybe there is a more elegant approach at things, but I'm just a dabbler at Java stuff, and kind of hate Java actually.)

_________________
Go programmer and researcher: http://pasky.or.cz/~pasky/go/
EGF 1921, KGS ~1d and getting weaker


Last edited by pasky on Mon Mar 30, 2015 9:46 pm, edited 1 time in total.

This post by pasky was liked by 4 people: ez4u, Solomon, xed_over, Xylol
Top
 Profile  
 
Offline
 Post subject: Re: WBaduk Java client on Linux
Post #2 Posted: Mon Mar 30, 2015 1:12 pm 
Oza
User avatar

Posts: 2777
Location: Seattle, WA
Liked others: 251
Was liked: 549
KGS: oren
Tygem: oren740, orenl
IGS: oren
Wbaduk: oren
Very nice job. :)

Top
 Profile  
 
Offline
 Post subject: Re: WBaduk Java client on Linux
Post #3 Posted: Mon Mar 30, 2015 3:40 pm 
Oza
User avatar

Posts: 2401
Location: Tokyo, Japan
Liked others: 2337
Was liked: 1332
Rank: Jp 6 dan
KGS: ez4u
Thanks for this pasky. You are obviously crazy, but in the nicest possible way!! :clap: :tmbup:

_________________
Dave Sigaty
"Short-lived are both the praiser and the praised, and rememberer and the remembered..."
- Marcus Aurelius; Meditations, VIII 21

Top
 Profile  
 
Offline
 Post subject: Re: WBaduk Java client on Linux
Post #4 Posted: Mon Mar 30, 2015 7:58 pm 
Oza

Posts: 2264
Liked others: 1180
Was liked: 552
pasky wrote:
Ok, let's open com/cyberoro/wbaduk/CGameApp.class in your favorite hexeditor (I used hed), find 0x06b9 in the file, and replace the 0x06 with 0x03,

I don't find 0x06b9 in the file.

Code:
$ od -X wbaduk/com/cyberoro/wbaduk/CGameApp.class | grep b9
0012620          00b39d00        3900b23f        bb9e00b8        b759a200
0013120          b300b8b2        a7b900b6        00b80600        2800b2bc
0014200          4200b900        16000000        14000200        f1004300
0017340          bb9401b8        b759a200        00b8a400        01b62a9e


I wonder if the http://www.wbaduk.com/download/wbaduk_new.jar has already been updated since you hacked yours?
I got this one:
Code:
$ cat wbaduk/version.txt
version 4.233


do you have a jad for Mac?
I'll have to find a linux box later.

edit: nevermind... I found the mac jad decompiler on the http://varaneckas.com/jad/ page

Top
 Profile  
 
Offline
 Post subject: Re: WBaduk Java client on Linux
Post #5 Posted: Mon Mar 30, 2015 9:46 pm 
Dies in gote

Posts: 43
Liked others: 4
Was liked: 22
xed_over wrote:
pasky wrote:
Ok, let's open com/cyberoro/wbaduk/CGameApp.class in your favorite hexeditor (I used hed), find 0x06b9 in the file, and replace the 0x06 with 0x03,

I don't find 0x06b9 in the file.


I'm so sorry - I have meant 0xb6, not 0xb9 - you can verify the repr on the Wikipedia page I've linked. I'll also update the original writeup.

(I did this all last night.)

_________________
Go programmer and researcher: http://pasky.or.cz/~pasky/go/
EGF 1921, KGS ~1d and getting weaker

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group