Had a look at one of those CIA jars

[quat1024]

Hi, I read about your research through the 404 Media article and noticed you wanted to look inside the Java archives. I have a little experience with Java reverse engineering so I peeked at the update.jar linked from newsupdatesite.com.

This is a summary of my results: https://notes.highlysuspect.agency/cia-jars.html

I'm not finished yet and I haven't found any exciting "smoking guns" or anything, but I did find:

• There is really basic string obfuscation ran over all the string constants in the jar, which is why grepping didn't turn up much
• applet.configs is also obfuscated with a little XOR encryption, the key is derived from the first eight bytes of the file
  • Deobfuscated, the file includes a date: #Fri Feb 05 12:04:29 EST 2010
• The jar includes, among other things, a very old copy of the org.json/JSON-java library and a (bespoke?) Base64 encoder/decoder
  • During this time org.json included the "The Software shall be used for Good, not Evil." clause in the license. Haha.

If you want to apply my partially complete Enigma mappings you can

• download Enigma from here (the -all.jar) and launch it
• clone this
• go to File -> Open Jar and select update.jar
• go to File -> Open Mappings -> Enigma Directory and select my newsupdatesite-update directory

[cirosantilli]

Hey thanks for this!

I'll add some mentions in the article later on.

Yes, I'm not expecting any ridiculous finds in the JARs, the most useful likely application is that but could be used to confirm some of the hits without nearby IPs. But it is cool to see what they were using for the fun aspect of things.

I'd be especially curious do know if you think the one from mynepalnews.com at https://web.archive.org/web/20110204143500/http://mynepalnews.com/nepali.jar is in-style given my recent finding of a Webalizer instance on that one which made me doubt it a bit.

I also wonder if it is possible to automate the reverse engineering to say, dump strings (or automatically check style!) from CLI, though that sounds hard. If we had a string dumper we could at least run that and save the output somewhere.

[cirosantilli]

Also, give ourbigbook a try: https://github.com/ourbigbook/ourbigbook I basically initially built it for solving the 'Technological complexity" section of https://highlysuspect.agency/posts/digital_gardens/ and then added mind melding on top. Now the only missing feature is WYSIWYG (I was seriously considering forking https://github.com/zadam/trilium ) for that, but I ran out of time unless some crazy Monero dude comes along again.

Also I love to see how kids interests in Minecraft and other games evolve into hacking the CIA later in life. It's awesome.

[cirosantilli]

I added some mentions of what you found so far at: https://ourbigbook.com/cirosantilli/cia-2010-covert-communication-websites/jar-reverse-engineering btw. I'll update if anything else shows up.

btw I also tried to leave some replies to tweets at https://types.pl/@quat from https://mastodon.social/@cirosantilli but not sure they showed up, maybe I messed something up, ignore if you saw them:

• https://mastodon.social/@cirosantilli/114579055509100530
• https://mastodon.social/@cirosantilli/114579075219584496