{"id":16,"date":"2005-04-19T15:39:22","date_gmt":"2005-04-19T22:39:22","guid":{"rendered":"\/?p=16"},"modified":"2006-05-07T20:04:51","modified_gmt":"2006-05-08T03:04:51","slug":"more-on-automated-java-de-obfuscation","status":"publish","type":"post","link":"https:\/\/multimedia.cx\/eggs\/more-on-automated-java-de-obfuscation\/","title":{"rendered":"More On Automated Java De-obfuscation"},"content":{"rendered":"<p>I am not especially proficient in understanding software projects that were written in an excessively object-oriented manner, as languages like C++ and Java encourage a programmer to do. So I had trouble getting my head around the GPL&#8217;d source code for the <a href=\"http:\/\/www.retrologic.com\/retroguard-main.html\">Retroguard<\/a> Java obfuscator, which I had hoped to subvert into a source code de-obfuscator. Fortunately, <a href=\"http:\/\/doxygen.org\/\">Doxygen<\/a> proved invaluable for generating documentation and hierarchy diagrams that helped illustrate the program&#8217;s architecture (I think <a href=\"http:\/\/java.sun.com\/j2se\/javadoc\/\">Javadoc<\/a> can be used for the same purpose, but I find that Doxygen is easier to install). I think I see where I can hook in to get a basic de-obfuscator.<\/p>\n<p><!--more--><\/p>\n<p>Retroguard has an abstract NameMaker class that is inherited by KeywordNameMaker and OverloadNameMaker classes. These classes implement the getNextName() method which is responsible for coming up with names like _mthelse(), _mthif(), _mthcase(), and so on. It seems reasonable that, as a first pass, a new NameMaker class could be created that returns more descriptive names. I see that the code cares about method names vs. field names. This could also be thought of as verbs vs. nouns. Perhaps if there were two classes, one with a large dictionary of nouns and the other with verbs, these could output names that would make reverse engineering simpler, at least from a psychological standpoint.<\/p>\n<p>It would still be desirable, ultimately, to modify the code to figure out variable types and prefix, e.g., integers with &#8216;i_&#8217;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Revisiting Retroguard as an automated Java de-obfuscator&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,4],"tags":[],"class_list":["post-16","post","type-post","status-publish","format-standard","hentry","category-java","category-reverse-engineering"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/16","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/comments?post=16"}],"version-history":[{"count":0,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/16\/revisions"}],"wp:attachment":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/media?parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/categories?post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/tags?post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}