{"id":11,"date":"2005-01-05T18:01:46","date_gmt":"2005-01-06T01:01:46","guid":{"rendered":"\/?p=11"},"modified":"2006-05-17T12:48:13","modified_gmt":"2006-05-17T19:48:13","slug":"moving-from-java-back-to-coffee-beans","status":"publish","type":"post","link":"https:\/\/multimedia.cx\/eggs\/moving-from-java-back-to-coffee-beans\/","title":{"rendered":"Moving From Java Back To Coffee Beans"},"content":{"rendered":"<p>The <a href=\"http:\/\/www.kpdus.com\/jad.html\">Jad Java Decompiler<\/a> has a wonderful logo:<\/p>\n<p><img decoding=\"async\" src=\"\/images\/jad.gif\" alt=\"Jad Logo\" \/><\/p>\n<p>Oh Java, for so long I wished I would not have to deal with you in any meaningful way. Now, I welcome your bloated, verbose, object-glorifying code. What changed?<\/p>\n<p><!--more--><\/p>\n<p>For years I was rather ambivalent about the Java programming language. I left it alone as long as it left me alone. I had very little reason to care about the language. That all changed last year when a colleague notified me that <a href=\"http:\/\/www.on2.com\/\">certain multimedia technology companies<\/a> were actually porting their closed formats to Java.<\/p>\n<p>Why is this important? Because compiled Java classes are ridiculously simple to reverse engineer. Of course, this assertion is relative to my experience in RE&#8217;ing C\/C++ code that has been compiled to Intel i386 machine code.<\/p>\n<p>Naysayers shall claim that responsible software companies will run their Java source files through a code obfuscator before compiling them into class files. Indeed, On2 uses <a href=\"http:\/\/www.retrologic.com\/\">an obfuscator named Retroguard<\/a>. It&#8217;s fiendishly good, too.  But it can only do so much.<\/p>\n<p>There are generally 2 huge challenges when disassembling and RE&#8217;ing machine code:<\/p>\n<ol>\n<li>Understanding the original code flow and structure<\/li>\n<li>Decoding the data identifiers (guessing at the names of the variable and function names)<\/li>\n<\/ol>\n<p>Check this out: Step 1 is rendered unnecessary with decompiled Java classes; the class files retain most of the code-flow knowledge from the original files. Even switch-case blocks are decompiled cleanly. Anyone who has tried to decompile a switch-case or an optimized if-then-else sequence compiled from C knows how much of a relief this is.<\/p>\n<p>That just leaves the identifier guessing, assuming the class creators had the presence of mind to run a code obfuscator. This quickly turns into a common type of puzzle known as a <a href=\"http:\/\/www.geocities.com\/cryptogramcorner\/\">cryptogram<\/a>. You figure out the obvious identifiers. All class files need to have at least some human-readable public identifiers that the outside world can call, e.g. &#8216;DecodeFrame()&#8217;. Then you use those as clues to figure out less obvious identifiers. Combined with domain knowledge of your target, it should only be a matter of time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Jad Java Decompiler has a wonderful logo: Oh Java, for so long I wished I would not have to deal with you in any meaningful way. Now, I welcome your bloated, verbose, object-glorifying code. What changed?<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,7,4],"tags":[],"class_list":["post-11","post","type-post","status-publish","format-standard","hentry","category-java","category-on2duck","category-reverse-engineering"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/11","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":0,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"wp:attachment":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/tags?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}