• Post Reply Bookmark Topic Watch Topic
  • New Topic

Prevent someone from de-compiling your java code  RSS feed

 
sid smith
Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I read an article about Java malware (malicious java applets). I learned that malware programmers use some coding practices to prevent a java decompiler from converting malicious class files into java code. All this seems very interesting to me.
So, I was trying to learn how to decompile java code and how to prevent the same. I came across this post on coderanch and wanted to reply there. Unfortunately, the post is locked.
I'd like to continue it and make this post a repository for java decompiling related information.

Kaspersky analysis of Java applets with anti-decompling tricks:
http://securelist.com/analysis/publications/37162/anti-decompiling-techniques-in-malicious-java-applets/

Kaspersky article on Icefog malware:
http://securelist.com/blog/incidents/58209/the-icefog-apt-hits-us-targets-with-java-backdoor/

Protect Your Java Code — Through Obfuscators And Beyond:
http://www.excelsior-usa.com/articles/java-obfuscators.html

I took many links from the above link. Here are some books on decompiling:

Despite its title, Decompiling Java by Godfrey Nolan has a chapter on code protection, most of which is in turn devoted to obfuscation.
decompiling java

Alex Kalinovsky in his Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering again mostly covers the topics listed in the book title, but has also included a chapter on
obfuscation and cracking obfuscated code. By coincidence, that particular chapter is available online, so I have just saved you twenty dollars.
Covert java book

Crema obfuscator can help protect your Java code from decompilers such as Mocha:
Javaworld anti decompiling tip

How to debug an applet: Malware in a Jar
Malwarebytes article

Misc:

Stack overflow post on decompiling
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 37462
537
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That thread is locked because it is a duplicate of this one. It's fine that you started a new thread though.

Note that none of those tools prevent someone from de-compiling your code. What they do is make it harder for someone to read that de-compiled code by using worse variable names and the like. It has to be possible to get the bytecode for a class which means it is possible with enough time to figure out what is going on.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sid smith wrote:I learned that malware programmers use some coding practices to prevent a java decompiler from converting malicious class files into java code.

That doesn't sound quite right - I think most Java developers do that who care about making it harder to recover their source code, not malware authors specifically.

ProGuard is a good tool for obfuscation. JODE (also on SourceForge) is a good decompiler, and being written in Java, you can study how it works. It doesn't understand all the class file changes in Java 5 and newer, but for study purposes it's fine.

Jeanne wrote:What they do is make it harder for someone to read that de-compiled code

Yes and no. Good obfuscators (like DashO) can create bytecode that can't be decompiled by the freely available decompilers like JODE and JD-GUI. That raises the bar in terms of effort I need to go to recover source code, which may be enough for the purposes of whoever tries to protect his code.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!