All geek questions in one place

How to get object state from serialized Java objects without class (s) files

I have a binary file containing Java Serialized objects (value objects), but I don't have access to the class that was serialized to create these objects. Without a class file, the JVM does not allow me to read objects with objectInputStreamInstance.readObject () and rightly throws java.lang.ClassNotFoundException.

Is there a library that can help retrieve data in XML or another standard format? For example, if the Person class is serialized below and stored in a file, I would like to extract data from it:

Class definition

class Person implements Serializable { int age; String name; public Person(int age, int name) { this.age = age; this.name = name; } }

The required extraction format (without access to the class file)

 <Person> <age>10</age> <name>Name</name> </Person>

I also checked the following, but did not get what I was looking for:

Thank you for your help.

Regards, Gursev

+6
source share
1 answer

Check jdeserialize . It has command line mode, but also a fairly well-documented API . Regarding automatic re-serialization in XML? I do not think so. Too many ways to do this. You may have to go through this as two separate steps. jdeserialize can be useful in reverse engineering classes (creating Java source code), especially if it is required by many XML serialization tools.

Now, if the source classes did not use the default serialization mechanism (by overriding readObject or analogies) or used data obfuscation / encryption methods (for example, wrapping objects in javax.crypto.SealedObject and / or java.security.SignedObject ), then your chances of success is less and less.

+5
source

Source: https://habr.com/ru/post/951526/

More articles:


All Articles