Comments (12)
Basically:
If you do not aim to catch evasive (by obfuscation etc.) bad java plugins, this is idea not for you.
My thought was watching the execution of certain methods, one can do it with a security manager as plugin or with jdi (as plugin or as separate process).
Then you can use asm or javassist to redefine some classes of spigot and know when certain methods are executed, also you can get all loaded classes in case some plugins use class encryption and dynamically loaded a class.
You could also require special spigot startup arguments and use a java agent (java.lang.instrument) (or let it connect to a running mcantimalware-debugger) to catch which class loader loaded the additional class).
I'm just showing up possibilities.
from mcantimalware.
Possibly, i'm not really 100% sure how i'd go about some of those.
Which would be effective and worth adding and which would be completely useless
from mcantimalware.
No matter what a spigot plugin is going to be useless due to it easily being bypassable, again by just loading a jar before that and then deleting it
from mcantimalware.
Premain agent through startup arguments would run before spigot main.
You could provide a jar to replace spigot.jar with which would start another jvm with a java agent or debugger connected through startup arguments.
from mcantimalware.
Providing a full working spigot jar would
- Most likely not be allowed on spigot
- That's a different jar for every version and/or fork
- That's going to either make the Anti-Malware a few GBs, or have to be downloaded off the internet
from mcantimalware.
spigot jar would still sit in the same folder lol, sorry I was not very specific there
from mcantimalware.
Ah xD
I mean, i could ASM some code in to the spigot jar,
but i'd still have to take into consideration jars being renamed, versions, spigot, bukkit, paper, any other fork..
and even then my ASM knowledge is incredibly limiting so 🤷♂ 🤷♀
from mcantimalware.
If you're able to code some of your ideas your self, i suggest forking and PRing 😅 .
from mcantimalware.
Looking through things again
#249 MIGHT be a better solution, assuming it doesn't replace the jars code permanently.
It would appear Javassist requires you to modify the jar which means the jar would call methods it can't access if the AntiMalware isn't used to start said jar
from mcantimalware.
Looking more into it, the project needs to be modular to make supporting this easier due to the requirements of NMS/OBC for both Mixins AND Javassist
from mcantimalware.
The only versions where it's not a huge issue is any version before 1.4.5 however going that far back will have its own issues in some way, shape or form.
from mcantimalware.
Both #249 and the current SecurityManager will help with this, closed
from mcantimalware.
Related Issues (20)
- These two for loops are the same thing, should be moved into a method HOT 1
- Single-file execute scans additional files HOT 4
- serverJar is not a recognized option HOT 2
- Unreachable code HOT 1
- [BUG] HOT 1
- [False Positive] HOT 2
- [False Positive] HOT 2
- [Look into optimizing this class if possible (Performance tuned for 2.0 (JDK1.4]...
- [Bug]: StackOverflowError
- [Bug]: Main thread terminated by WatchDog due to hard crash HOT 1
- [Feature Request]: Automatically stop HOT 1
- [Feature Request]: fractureiser recognition (CF distibuted malware) HOT 2
- Add these to database
- Fully implement this HOT 1
- Convert this to the new Database once created HOT 2
- [False-Positive]: It's True or not? I reinstalled the plugins HOT 3
- Make this a separate check
- Make these a separate check
- [Bug]: ProviderNotFoundException
- [False-Positive]: Spigot.MALWARE.Antieffects.A
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mcantimalware.