m0atz m0atz - 1 month ago 4x
Java Question

java 8 deserialize base64 encoded string

I'm taking part in a Capture the Flag contest. A question I'm stuck on relates to deserialization of a Java object. I'm interrogating a cookie string which is base64 encoded. When I decode that, I believe it is a Java serialized object which I want to deserialize in order to alter their values and re-encode in base64.

I know nothing about java, I've tried to deserialize the base64 decoded bytes, but I think this is the wrong type.

import java.util.Base64;
import java.util.UUID;
import java.io.UnsupportedEncodingException;
import java.io.ObjectInputStream;

public class decode {
public static void main(String args[]){
try {

// Encode using basic encoder
String base64encodedString = "mybase64encodedstring==";
System.out.println("Base64 encoded string :" + base64encodedString);

// Decode
byte[] base64decodedBytes = Base64.getDecoder().decode(base64encodedString);

ObjectInputStream in = new ObjectInputStream(base64decodedBytes);
System.out.println("Deserialised data: \n" + in.readObject().toString());

System.out.println("Original String: " + new String(base64decodedBytes, "utf-8"));

}catch(UnsupportedEncodingException e){
System.out.println("Error :" + e.getMessage());

The error I get is:

incompatible types: byte[] cannot be converted to InputStream

Any help appreciated!


Use ByteArrayInputStream instead of ObjectInputStream.

So, use this:

InputStream in = new ByteArrayInputStream(base64decodedBytes);

instead this:

ObjectInputStream in = new ObjectInputStream(base64decodedBytes);