Decompiling Obfuscated code...

Discussion in 'Java' started by Ramesh, May 3, 2007.

  1. Ramesh

    Ramesh Guest

    Hi all,
    I recently had to 'de-obfuscate'(not exactly, may be I can
    call it decompile-and-compile-that-code-again with a bit of
    undestanding) a java class file from a J2ME application, to customize
    it according to my needs. I used JAD(a small, free and fast Java
    Decompiler). It was successful in decompiling most of the classes but
    a few important class files were so much obfuscated so that the
    generated java code won't compile. I found codes like this in the java
    file generated.

    _L1:
    j1;
    JVM INSTR tableswitch 2 4: default 284
    // 2 266
    // 3 256
    // 4 270;
    goto _L6 _L8 _L9 _L10
    _L9:
    a.c();
    goto _L6


    I think this is not a valid code. Can anyone please tell me which
    decompiler I can use so that i don't get such instructions. I don't
    need the code to be de-obfuscated(which I know is impossible), but to
    be a compiling, decompiled class file.

    I have yet another doubt. Consider the following code fragment,

    if(ae1.o == d.o) goto _L12; else goto _L11
    _L11:
    if(ae1.o != 5) goto _L14; else goto _L13
    _L13:
    ....


    In the code above, if I were to remove all the goto's, should I
    arrange those scraps of codes in the same sequential manner the goto's
    occur. Or, are the goto's a ruse of the obfuscation, so that i may
    ignore the occurrence and the arrangement of gotos.


    Thanks,
    Ramesh
    Ramesh, May 3, 2007
    #1
    1. Advertising

  2. Ramesh wrote:
    > Hi all,
    > I recently had to 'de-obfuscate'(not exactly, may be I can
    > call it decompile-and-compile-that-code-again with a bit of
    > undestanding) a java class file from a J2ME application, to customize
    > it according to my needs. I used JAD(a small, free and fast Java
    > Decompiler). It was successful in decompiling most of the classes but
    > a few important class files were so much obfuscated so that the
    > generated java code won't compile. I found codes like this in the java
    > file generated.
    >
    >
    > I think this is not a valid code.


    It's not.

    > Can anyone please tell me which decompiler I can use so that i don't get such instructions. I don't
    > need the code to be de-obfuscated(which I know is impossible), but to
    > be a compiling, decompiled class file.


    AFAIK, no Java decompiler is capable of producing fully working code in
    mildly-obfuscated cases. For this reason, I prefer to decompile any
    complex code by hand from the output of "javap -c"; it's long but is
    probably more correct.

    >
    > In the code above, if I were to remove all the goto's, should I
    > arrange those scraps of codes in the same sequential manner the goto's
    > occur. Or, are the goto's a ruse of the obfuscation, so that i may
    > ignore the occurrence and the arrangement of gotos.


    I would try to rearrange the goto's together, although the usage of the
    goto's instead of actual code implies irreducible graph configurations
    that complicate things.
    >
    >
    > Thanks,
    > Ramesh
    >
    Joshua Cranmer, May 3, 2007
    #2
    1. Advertising

  3. Ramesh

    Ramesh Guest

    On May 4, 2:27 am, Joshua Cranmer <> wrote:
    > Ramesh wrote:
    > > Hi all,
    > > I recently had to 'de-obfuscate'(not exactly, may be I can
    > > call it decompile-and-compile-that-code-again with a bit of
    > > undestanding) a java class file from a J2ME application, to customize
    > > it according to my needs. I used JAD(a small, free and fast Java
    > > Decompiler). It was successful in decompiling most of the classes but
    > > a few important class files were so much obfuscated so that the
    > > generated java code won't compile. I found codes like this in the java
    > > file generated.

    >
    > > I think this is not a valid code.

    >
    > It's not.
    >
    > > Can anyone please tell me which decompiler I can use so that i don't get such instructions. I don't
    > > need the code to be de-obfuscated(which I know is impossible), but to
    > > be a compiling, decompiled class file.

    >
    > AFAIK, no Java decompiler is capable of producing fully working code in
    > mildly-obfuscated cases. For this reason, I prefer to decompile any
    > complex code by hand from the output of "javap -c"; it's long but is
    > probably more correct.
    >
    >
    >
    > > In the code above, if I were to remove all the goto's, should I
    > > arrange those scraps of codes in the same sequential manner the goto's
    > > occur. Or, are the goto's a ruse of the obfuscation, so that i may
    > > ignore the occurrence and the arrangement of gotos.

    >
    > I would try to rearrange the goto's together, although the usage of the
    > goto's instead of actual code implies irreducible graph configurations
    > that complicate things.
    >
    >
    >
    > > Thanks,
    > > Ramesh


    Thanks Cranmer! I used the javap and got it broken down into bytecode
    instructions. I need to remove certain instructions from them. Can you
    point me to some links where I can find more about editing bytecodes?
    I want this thing for java 1.5. I have taken a look into the JVM specs
    by sun.
    Ramesh, May 5, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sue
    Replies:
    1
    Views:
    1,072
    Andrew Thompson
    Jun 7, 2005
  2. Shane McDaniel
    Replies:
    0
    Views:
    1,584
    Shane McDaniel
    Jun 23, 2003
  3. E. Robert Tisdale
    Replies:
    2
    Views:
    1,471
    Default User
    Jun 23, 2003
  4. Replies:
    4
    Views:
    1,496
    Aleksander Zawitkowski
    Dec 29, 2006
  5. Dutt
    Replies:
    1
    Views:
    425
Loading...

Share This Page