This evening, I implemented the VerbNameMaker Java class for the Retroguard project by simply copying the NounNameMaker class and replacing the animal list with a list of English verbs extracted from verba.org. So the class picks a random verb from a list of over 4000 verbs and replaces obfuscated method names. Remember that dequantizer method from the previous post? Guess what the new Java class, working in conjunction with Java’s random number generator, decided to name the method?

    private void fondle(int i)
    {
        short aword0[] = australianKestrel[i];
        for(int j = 0; j < 64; j++)
            kingsnake[eastAfricanCrownedCrane[j]] = aword0[j] * conch[j];
    }

Just as I have long suspected, Java is a sick, perverted language.

Continue reading →

So I finally managed to recompile the Retroguard project. Then I created my own class to help in de-obfuscating obfuscated Java source code. The first part of this exercise is to de-obfuscate fields, i.e. nouns. For my list of nouns, I used this impressive list of animal names (2400+).

Continue reading →

I am not especially proficient in understanding software projects that were written in an excessively object-oriented manner, as languages like C++ and Java encourage a programmer to do. So I had trouble getting my head around the GPL’d source code for the Retroguard Java obfuscator, which I had hoped to subvert into a source code de-obfuscator. Fortunately, Doxygen proved invaluable for generating documentation and hierarchy diagrams that helped illustrate the program’s architecture (I think Javadoc can be used for the same purpose, but I find that Doxygen is easier to install). I think I see where I can hook in to get a basic de-obfuscator.

Continue reading →

Welcome to another edition of my personal multimedia research scratchpad. Diego Biurrun forwarded some intelligence about some custom Java image formats. It seems that a company named eyewonder has seen fit to develop a streaming video technology aimed at delivering obnoxious short ads delivered via Java applets.

So, custom Java image formats. Or, more likely, a slightly customized image format that is presently only decodable via some proprietary Java class. As is typical, it is difficult to glean any useful technical details from the website. But if the marketing literature is to be believed, this stuff has caught on in a big way.

Continue reading →