Decompiling Obfuscated code...

[Ramesh]

Hi all,
I recently had to 'de-obfuscate'(not exactly, may be I can
call it decompile-and-compile-that-code-again with a bit of
undestanding) a java class file from a J2ME application, to customize
it according to my needs. I used JAD(a small, free and fast Java
Decompiler). It was successful in decompiling most of the classes but
a few important class files were so much obfuscated so that the
generated java code won't compile. I found codes like this in the java
file generated.

_L1:
j1;
JVM INSTR tableswitch 2 4: default 284
// 2 266
// 3 256
// 4 270;
goto _L6 _L8 _L9 _L10
_L9:
a.c();
goto _L6


I think this is not a valid code. Can anyone please tell me which
decompiler I can use so that i don't get such instructions. I don't
need the code to be de-obfuscated(which I know is impossible), but to
be a compiling, decompiled class file.

I have yet another doubt. Consider the following code fragment,

if(ae1.o == d.o) goto _L12; else goto _L11
_L11:
if(ae1.o != 5) goto _L14; else goto _L13
_L13:
....


In the code above, if I were to remove all the goto's, should I
arrange those scraps of codes in the same sequential manner the goto's
occur. Or, are the goto's a ruse of the obfuscation, so that i may
ignore the occurrence and the arrangement of gotos.


Thanks,
Ramesh

 

[Joshua Cranmer]

Hi all,
I recently had to 'de-obfuscate'(not exactly, may be I can
call it decompile-and-compile-that-code-again with a bit of
undestanding) a java class file from a J2ME application, to customize
it according to my needs. I used JAD(a small, free and fast Java
Decompiler). It was successful in decompiling most of the classes but
a few important class files were so much obfuscated so that the
generated java code won't compile. I found codes like this in the java
file generated.


I think this is not a valid code.

It's not.

Can anyone please tell me which decompiler I can use so that i don't get such instructions. I don't
need the code to be de-obfuscated(which I know is impossible), but to
be a compiling, decompiled class file.

AFAIK, no Java decompiler is capable of producing fully working code in
mildly-obfuscated cases. For this reason, I prefer to decompile any
complex code by hand from the output of "javap -c"; it's long but is
probably more correct.

In the code above, if I were to remove all the goto's, should I
arrange those scraps of codes in the same sequential manner the goto's
occur. Or, are the goto's a ruse of the obfuscation, so that i may
ignore the occurrence and the arrangement of gotos.

I would try to rearrange the goto's together, although the usage of the
goto's instead of actual code implies irreducible graph configurations
that complicate things.

 

[Ramesh]

It's not.


AFAIK, no Java decompiler is capable of producing fully working code in
mildly-obfuscated cases. For this reason, I prefer to decompile any
complex code by hand from the output of "javap -c"; it's long but is
probably more correct.




I would try to rearrange the goto's together, although the usage of the
goto's instead of actual code implies irreducible graph configurations
that complicate things.

Thanks Cranmer! I used the javap and got it broken down into bytecode
instructions. I need to remove certain instructions from them. Can you
point me to some links where I can find more about editing bytecodes?
I want this thing for java 1.5. I have taken a look into the JVM specs
by sun.