Category Archives: Java

Posts relating to Java reverse engineering and de-obfuscation strategies

Java Deobfuscation In Use; Eclipse For Refactoring

Believe it or not, other people actually are using my Java de-obfuscation via RetroGuard solution. Further, they are finding a lot of problems with my basic solution and have contributed a number of patches to make the program stronger. I hope to incorporate the patches in the next few days and also maybe figure out how to release an actual .jar file so that using the program will be simpler.

On a Java-related topic, there is the Eclipse project. I am not especially familiar with it but apparently it is supposed to be God’s gift to software engineering. The reason I bring it up is that one of the Java de-obfuscator contributors passed along that Eclipse can help refactor Java code (automatically searching for and replacing identifier names throughout an entire project). The catch, it seems, is that the source code needs to be compilable. The de-obfuscator did not always meet that requirement which is why this particular individual needed the program fixed.

Anyway, I just thought I would mention it since I have not seen a tool that can do this. The refactoring support would be useful for reverse engineering/de-obfuscation work.

Reverse Engineering Blackberry Java Native Modules (?)

Readers of this blog have highly diverse reverse engineering goals. I was contacted by a reader who is interested in reverse engineering a .cod file. This file comes from the Blackberry run time environment and has to do with Java. I suspect that it is a file full of native CPU code for whatever CPU happens to run inside of a Blackberry. Anyway, since I have neither the time nor the inclination to chase after every code format in existence (and I have never even been entirely sure on what a Blackberry even is), I thought I would put it to the readers in case anyone happens to know off the top of their head. Pertinent details, questions, and speculations:

  • Blackberry JDE is available here
  • Blackberry development documentation
  • Is the .cod a native CPU code file?
  • If it is a native code file, is this a fabled Java Native Interface (JNI) code file?
  • If yes, is there a standard way to disassemble the files?
  • If no, and this is some kind of custom file format, what is the format, the section definitions, etc.?
  • I have examined one sample .cod file. It starts with hex bytes DE C0 FF FF (CODE FFFF in little endian). No other patterns jump out at me except for a few embedded PNG files.

If you have any insight into this format, feel free to contact me.

Java Multimedia Library

Every so often, a discussion of the Java Multimedia Format (JMF) library pops up on an open source multimedia development list. I had never given it any kind of attention until a Google search recently led me to the documentation. I always assumed that it just supported raw formats and some common, open MPEG formats. It turns out that the library actually supports a few better known codecs, some of which are not completely reverse engineering. Of course, my interest in this would be decompiling them and de-obfuscating them beforehand, as necessary. The library contains a non-obfuscated, pure-Java implementation of the Cinepak codec. It also includes an obfuscated, pure-Java implementation of what I believe are some or all of the MPEG-1 codecs.

However, most interesting codecs (including all of those that are not yet RE’d) are only supported via the Win32 or Linux/Solaris “Performance Packs” which are presumably compiled, SIMD-optimized x86 code.

Some curious features– the pure-Java portion of the library supports some of the quirkier Sound Blaster playback frequencies like 11127 Hz and 22254 Hz (while the performance packs support 8000 Hz -> 48000 Hz). Also, I can not get over the fact that the documentation for the javax.media.format.VideoFormat class states that SMC corresponds to “Sorenson format”. (Here is the SMC format, apparently named for its creator, one Sean M. Callahan.)