I learned that this blog ranks highly on Google with the search query “deobfuscating java”. I decided to see what other items come up with such a term. In doing so, I found someone who eats, sleeps, and breathes code obfuscation the same way I do de-obfuscation and reverse engineering.

And if “deobfuscating java” brought you here, this page on Retroguard deobfuscation is the reason.

Meet Paul Tyma, Ph.D. I became aware of him through this I, Cringely column entitled “Misinterpretation”. Tyma and his company PreEmptive Solutions have developed code obfuscators for both the Java and .NET languages. The article notes that one technique under development (possibly already deployed?) is called “Program State Code Protection”. From what I can discern, it almost sounds like self-modifying code for Java. I would be interested to see it in action.

Further, the company has 2 patents assigned to it:

• 6,102,966: Method for renaming identifiers of a computer program
• 5,903,761: Method of reducing the number of instructions in a program code sequence

Tyma also has an article in a Java publication entitled “The New Obfuscation”. This piece presents some examples of code mangling that are difficult to decompile and would be almost impossible to recompile.

I don’t know why this did not occur to me sooner: Distributed reverse engineering!

Read the rest of this entry »

So I have managed to automatically de-obfuscate an obfuscated Java project. Remember, there are 2 major challenges in reverse engineering: 1) Understanding the original code flow, and 2) understanding what the original identifier names could have been. My experiment was focused on problem #2. Problem #1 is generally a non-issue in decompiled Java code since Java classes retain so much information about the original code flow.

Are there better approaches for obfuscating Java code?

Read the rest of this entry »

For those who would like to try out the RetroGuard program, only modified to be a quasi-de-obfuscator, check out Deobfuscating Obfuscated Code With RetroGuard. It explains everything you need to know about running the experiment.