Java Decompiling
Java is a language which code is quite intuitive to
read. But some also complain that compiled code is as easy to read as source
code - or at least it is easy to recover. You will find here a couple of
hints and tips about this matter of fact, and how to deal with it if you need
to prevent people to exploit code they should not work with.
How to recover Source Code from Bytecode?
The main program for
uncompiling code isJAD (JAva Decompiler). It provides following advantages :
- Recover code from
Java ByteCode,
- Get clean code for your own programs,
- Remove Comments, Javadoc, Names of local
Variables, Names of Parameters,
- Several Graphical
interfaces, available on the web site.
How to prevent your Java
code to be Reverse-engineered ?
Several
actions can be taken for preventing reverse-engineering :
- Code Obfuscation. This is done mainly through variable renaming; see
next paragraph for more precisions,
- Suppression of End Of File Characters. This makes the code difficult to
parse,
- Use of anonymous classes for handling events. This seems not to be
handled by many Decompiler; however, JAD copes pretty well with this.
- File encoding. This implies some overhead for uncyphering at runtime.
Several tools are available:: Canner, by Cinnabar
Systems, Katirya,
or JLock
by JSoft. They are available for evaluation, and the two first are
proposed currently for Windows Platforms only.
What tools do exists for
Obfuscation ?
A lot of
tools exist for Java code Obfuscation. You can find extensive lists under
following URLs, or simply type 'obfuscator' in your favorite search engine
:
Among those projects, some
are open source project, and therefore more suitable for research - but also
for enterprises who wish to control the programs they use (without any
warranty):
- Proguard is a shrinker
(make code more compact), and optimizer and obfuscator.
- Jode is a decompiler, an
optimizer and an obfuscator. It contains facilities for cleaning logging
statements,,
- Jarg,
- Javaguard,
which is a simple obfuscator, without many documentation,
- CafeBabe,
which allows precise view of Bytecode files and single file obfuscation;
a good tool for teaching ByteCode Structure, more than a production
tool.
First Exemple : how to use
Proguard?
Here a little tutorial for using Proguard.
First, download the code
under following
url and unzip it.
For this tutorial, we use
the genericFrame.jar package, part of a
simple demo application.
Go tothe main directory of Proguard. For lauching it, you
can use following script with given parameters :
| java -jar lib/proguard.jar
@config-genericFrame.pro |
config-genericFrame.pro is
the option file :
| -obfuscationdictionary
./examples/dictionaries/compact.txt
-libraryjars
/usr/java/j2sdk1.4.2_10/jre/lib/rt.jar:/home/pierre/boulot/dev/bundles/sosgi.jar:/home/pierre/Oscar/oscar1/lib/osgi.jar
-injars genericFrame.jar
-outjar genericFrameOut.jar
-dontshrink
-dontoptimize
-keep public class proguard.ProGuard
{
public static void
main(java.lang.String[]);
}
|
Remark that the 'keep'
option is mandatory, we use this default class for not keep anything out.
The example dictionnary
(here compact.txt) is given with the code.
The output is stored in
the package 'genericFrameOut.jar'.
You can observe the
modifications implied by obfuscation with following commands :
| jar xvf
genericFrameOut.jar
cd genericFrame/pub/gui/
jad c.class
more c.jad more c.jad
|
Remark than Strings are kept unmodified. If you want
you code to be hard to read, do not forget to remove any debugging and
logging comments. Jode has some facilities for making this easier.
Second Exemple : how to use Jode
?
Jode is to be
found here.
Third Example : how to use
CafeBabe ?
CafeBabe is a convenient tool for teaching structure
of ByteCode files. You can download
it at this URL.
Unzip it and execute following command :
| java -classpath
CafeBabe.jar org.javalobby.apps.cafebabe.CafeBabe |
Have a look at some
class from the original genericFrame.jar package.
Then obfuscate it, and
compare both - original and modified class :
- with the CafeBabe viewer,
- after decompiling it with JAD.
What
conclusion can you draw of it ?
|