Michael Brunner

This looks like latest ZKM with string obfuscation using DES cipher. Will maybe do this, but currently don't know how to generate string obf with DES cipher samples. Maybe it's...

You can use "remove unnecessary try catch blocks" though if you want a better overview.

I need more samples to make a deobfuscator for this one. Edit: not needed anymore.

The problem with newer ZKM files is that it uses method parameters as decryption values that are stored before method invocation (at the references), and it also combines resource and...

Interesting, didn't know you could bypass the security manager like that. Check out the latest commit.

If you find another bypass, let me know!

Oops, didn't notice that. You can't really hide the VM instance, but that's not that important IMO. Gotta find a workaround for that.

It is gonna be pretty hard to block bypasses using reflection, as `ReflectPermission` does not provide a way to get the context (e. g. allow reflection for everything, except `java.lang.System`)....

Java doesn't allow me to redefine `java.lang.reflect.AccessibleObject` either. Still haven't found any way to only block certain reflection.

AFAICT there is no string obfuscation in this file?