I did a little searching and realized that I had already been exposed to the idea that Blu-Ray was colluding with Java. Now it occurs to me to wonder: Has there been demand for free multimedia players to support the Java functionality necessary to play Blu-Ray discs?

That’s nice. But let’s cut to what really matters — multimedia. The SDK specifies the Media API along with its MediaPlayer and MediaRecorder APIs. According to the AudioEncoder class, audio can be encoded to AMR-NB. The VideoEncoder class specifies H.263, H.264, and MPEG-4 SP. All pretty standard for a mobile application, I suppose.

Who handles the multimedia heavy lifting? Vitor noticed this press release and associated fluffy overview from PacketVideo

It’s Java, though, and that means obfuscated Java bytecode programs. Time for a renaissance for my Java de-obfuscator?

As usual, Wikipedia is on top of it.

On a Java-related topic, there is the Eclipse project. I am not especially familiar with it but apparently it is supposed to be God’s gift to software engineering. The reason I bring it up is that one of the Java de-obfuscator contributors passed along that Eclipse can help refactor Java code (automatically searching for and replacing identifier names throughout an entire project). The catch, it seems, is that the source code needs to be compilable. The de-obfuscator did not always meet that requirement which is why this particular individual needed the program fixed.

Anyway, I just thought I would mention it since I have not seen a tool that can do this. The refactoring support would be useful for reverse engineering/de-obfuscation work.

• Blackberry JDE is available here
• Blackberry development documentation
• Is the .cod a native CPU code file?
• If it is a native code file, is this a fabled Java Native Interface (JNI) code file?
• If yes, is there a standard way to disassemble the files?
• If no, and this is some kind of custom file format, what is the format, the section definitions, etc.?
• I have examined one sample .cod file. It starts with hex bytes DE C0 FF FF (CODE FFFF in little endian). No other patterns jump out at me except for a few embedded PNG files.

If you have any insight into this format, feel free to contact me.

However, most interesting codecs (including all of those that are not yet RE’d) are only supported via the Win32 or Linux/Solaris “Performance Packs” which are presumably compiled, SIMD-optimized x86 code.

Some curious features– the pure-Java portion of the library supports some of the quirkier Sound Blaster playback frequencies like 11127 Hz and 22254 Hz (while the performance packs support 8000 Hz -> 48000 Hz). Also, I can not get over the fact that the documentation for the javax.media.format.VideoFormat class states that SMC corresponds to “Sorenson format”. (Here is the SMC format, apparently named for its creator, one Sean M. Callahan.)

VX30

• official website
• stolen code screenshots, analysis
• hex dump and investigation of stolen gpl code in vx30
• for a sample html file, vx30 and meta file, and the required player

Eyewonder

• a PSA about booster seats (HTML)
• with the Java applet
• and the video and audio files
• vendor site

some Japanese name, possibly vplayer

• original URL
• sample movie (video)
• sample movie (meta data?)
• Java decoder files (.jar)
• Java decoder files

Emblaze

• Emblaze format sample
• vendor site

And if “deobfuscating java” brought you here, this page on Retroguard deobfuscation is the reason.

Meet Paul Tyma, Ph.D. I became aware of him through this I, Cringely column entitled “Misinterpretation”. Tyma and his company PreEmptive Solutions have developed code obfuscators for both the Java and .NET languages. The article notes that one technique under development (possibly already deployed?) is called “Program State Code Protection”. From what I can discern, it almost sounds like self-modifying code for Java. I would be interested to see it in action.

Further, the company has 2 patents assigned to it:

• 6,102,966: Method for renaming identifiers of a computer program
• 5,903,761: Method of reducing the number of instructions in a program code sequence

Tyma also has an article in a Java publication entitled “The New Obfuscation”. This piece presents some examples of code mangling that are difficult to decompile and would be almost impossible to recompile.

Thanks to the Jad decompiler coupled with my own Java de-obfuscation research, I can get a good head start on reverse engineering multimedia decoder modules written in Java. However, I only have so much time. Plus, I know there are more than a few folks out there who would like to check out the de-obfuscated source code and look for multimedia codec patterns.

So I am posting the work I have done so far to solve the Java cryptogram that is On2′s VP5 decoder. There are 2 files:

• vp5-deobf.java
• vp5-deobf-orig.java

vp5-deobf.java is the file that I am modifying to try to recover the original algorithm. vp5-deobf-orig.java is the original de-obfuscated file. Use this for reference if you accidentally search and replace overzealously.

So take a look at it. See what patterns jump out at you. Use search & replace text editing features to replace the nonsense English verbs and animal names when if becomes obvious that they stand for something else. Send me patches against the current revision using ‘diff -u’. I will roll them back into the local Subversion (SVN) repository I am maintaining for this effort. I will keep your effort anonymous if you so wish.

Happy reverse engineering!