WBaduk Java client on Linux

[pasky]

Hi! So I wanted to try out CyberOro/WBaduk again after a while - on Linux, without Oracle Java. Well, that was a fun ride! This is a very raw and extremely technical guide, *not* really a step-by-step non-programmer thing, maybe someone will polish it up. (It took me about an hour to figure this out, especially the super-weird icedtea security restrictions, but it might have taken longer if I didn't have prior experience with creating cgoban-h.)

tl;dr - to make wbaduk run in IcedTea, grab the wbaduk app jar archive, hexedit the class file not to indirectly invoke System.exit(), then convince your firefox to run the customized applet.


Basically, the problem is that for Java applets, modern Linux distributions (esp. Debian) do not offer pre-packaged Oracle Java, but instead an open solution "IcedTea" - which is supposed to be more secure, but is somewhat more restrictive. So when you open the Java client, after some security confirmation dialogs you see just "please reopen web browser" popup. If you peek into ~/.xsession_errors (or stderr of firefox), you'll see an actual backtrace:

Code: Select all

java.security.AccessControlException: Applets may not call System.exit()
        at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkExit(JNLPSecurityManager.java:391)
        at javax.swing.JFrame.setDefaultCloseOperation(JFrame.java:388)
        at com.cyberoro.wbaduk.CGameApp.<init>(CGameApp.java:65)
...

There seems to be no reasonable way to make icedtea allow System.exit(). So what does a hacker do? Let's fix the applet!

Code: Select all

mkdir -p ~/go/wbaduk; cd ~/go/wbaduk
wget http://www.wbaduk.com/download/wbaduk_new.jar; unzip wbaduk_new.jar
wget http://varaneckas.com/jad/jad158e.linux.static.zip; unzip jad158e.linux.static.zip
./jad -s .java -t com/cyberoro/wbaduk/CGameApp.class

Looking at CGameApp.java constructor, we see a setDefaultCloseOperation(3); call there, and that was in the crash trace. So let's try what would happen if we made it pass for example zero?

Code: Select all

javap -v -c gnu.bytecode.dump com/cyberoro/wbaduk/CGameApp.class | less
...
  public com.cyberoro.wbaduk.CGameApp();
    ...
        17: invokevirtual #83                 // Method setSize:(II)V
        20: aload_0       
        21: iconst_3      
        22: invokevirtual #87                 // Method setDefaultCloseOperation:(I)V

According to http://en.wikipedia.org/wiki/Java_bytec ... n_listings the bytecode instruction for iconst_3 is (confusingly) encoded as 0x06, while invokevirtual is 0xb6. Ok, let's open com/cyberoro/wbaduk/CGameApp.class in your favorite hexeditor (I used hed), find 0x06b6 in the file, and replace the 0x06 with 0x03, which is the repr of iconst_0. You can re-jed the file to verify that the call got updated.

Part of the jar archive is, conveniently, com.cyberoro.wbaduk.WBaduk1355292282641.html which we could just open as a disk file in firefox to make the wbaduk client run. In theory. In practice, icedtea will run it sandboxed (e.g. no network connection to wbaduk server) because the code is unsigned - jeez! One way to deal it would be re-packing the jar and signing it, but I just created (after a lot of fighting with lack of docs and the supposedly user friendly IcedTea GUI tools) file ~/.config/icedtea-web/security/java.policy containing

Code: Select all

grant codeBase "file:///home/pasky/go/wbaduk" {
   permission java.security.AllPermission;
};

(edit for your path).

Now, just

Code: Select all

firefox file:///home/pasky/go/wbaduk/com.cyberoro.wbaduk.WBaduk1355292282641.html

and things should go smoothly. I didn't get around to playing yet, but there are no graphics glitches and observing games, estimating score etc. works absolutely fine too!

(P.S.: Long-term solution might be to tell the developers to get rid of that function call; e.g. tightvncviewer used to have same problem, apparently. But I've heard that wbaduk people are not very responsive to emails... P.P.S.: Maybe there is a more elegant approach at things, but I'm just a dabbler at Java stuff, and kind of hate Java actually.)

[oren]

Very nice job.

[ez4u]

Thanks for this pasky. You are obviously crazy, but in the nicest possible way!!

[xed_over]

Ok, let's open com/cyberoro/wbaduk/CGameApp.class in your favorite hexeditor (I used hed), find 0x06b9 in the file, and replace the 0x06 with 0x03,

I don't find 0x06b9 in the file.

Code: Select all

$ od -X wbaduk/com/cyberoro/wbaduk/CGameApp.class | grep b9
0012620          00b39d00        3900b23f        bb9e00b8        b759a200
0013120          b300b8b2        a7b900b6        00b80600        2800b2bc
0014200          4200b900        16000000        14000200        f1004300
0017340          bb9401b8        b759a200        00b8a400        01b62a9e

I wonder if the http://www.wbaduk.com/download/wbaduk_new.jar has already been updated since you hacked yours?
I got this one:

Code: Select all

$ cat wbaduk/version.txt 
version 4.233

do you have a jad for Mac?
I'll have to find a linux box later.

edit: nevermind... I found the mac jad decompiler on the http://varaneckas.com/jad/ page

[pasky]

Ok, let's open com/cyberoro/wbaduk/CGameApp.class in your favorite hexeditor (I used hed), find 0x06b9 in the file, and replace the 0x06 with 0x03,

I don't find 0x06b9 in the file.

I'm so sorry - I have meant 0xb6, not 0xb9 - you can verify the repr on the Wikipedia page I've linked. I'll also update the original writeup.

(I did this all last night.)