Add Java serialization documentation

Signed-off-by: Malfurious <m@lfurio.us>

1 files changed, 41 insertions, 0 deletions

diff --git a/docs/forensics/java_object_serialization.txt b/docs/forensics/java_object_serialization.txt
new file mode 100644
index 0000000..732efc4
--- /dev/null
+++ b/docs/forensics/java_object_serialization.txt
@@ -0,0 +1,41 @@
+https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/
+
+
+# TODO - The rest of this file pertains to a specific example and should become generalized
+
+Server's AuthState object:
+
+magic nuber:        ac ed
+protocol version:   00 05
+TC_OBJECT:          73
+TC_CLASSESC:        72
+class name len:     00 09
+class name:         41 75 74 68 53 74 61 74 65 (AuthState)
+serial uid:         00 00 00 00 07 57 d9 c6
+SC_SERIALIZABLE:    02
+variable count:     00 02
+
+type code:          5a (boolean primitive?)
+variable name len:  00 08
+variable name:      6c 6f 67 67 65 64 49 6e (loggedIn)
+
+type code:          4c (class)
+variable name len:  00 08
+variable name:      75 73 65 72 6e 61 6d 65 (username)
+value?:             74 (TC_STRING)
+class name len:     00 12
+class name:         4c 6a 61 76 61 2f 6c 61 6e 67 2f 53 74 72 69 6e 67 3b (Ljava/lang/String;)
+
+
+TC_ENDBLOCKDATA:    78
+NULL REF (end cls): 70
+
+value (loggedIn):   00
+
+value (username):   74 (TC_STRING)
+string length:      00 05
+string data:        47 75 65 73 74 (Guest)
+
+
+
+\xac\xed\x00\x05\x77\x04\x00\x00\x00\x02\x73\x72\x00\x09\x41\x75\x74\x68\x53\x74\x61\x74\x65\x00\x00\x00\x00\x07\x57\xd9\xc6\x02\x00\x02\x5a\x00\x08\x6c\x6f\x67\x67\x65\x64\x49\x6e\x4c\x00\x08\x75\x73\x65\x72\x6e\x61\x6d\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x78\x70\x01\x74\x00\x05admin