Posted 2004 or so
apple art bits c code evil games interaction iphone java js mathematica micro optimization php quine reveng sound updates useless video whine zip
Feeds: RSS / Twitter
Remove ad (sets cookie)
Jun 7 2009
Unofficial Java Vulnerability Fix
A patch for a serious Java bug. No longer needed as of June 16.
Jun 2 2009
Max/MSP Multitouch drivers
Max & Michael have written a Max/MSP driver based on the multitouch code.
May 29 2009
MacBook Multitouch Demo
This is a little test applet to shows the touch points as reported by the MacBook multitouch pad. The drivers seems to be able to track an impressive 11 fingers at once.
May 26 2009
Spotify vs OllyDbg
Spotify for Windows contains code so awesome that OllyDbg can't look at it without crashing.

My CSS-fu is weak; please use a recent browser.

Some rights reserved.

Random, semi-related image by Balakov.

Java Reverse Engineering

Some notes on reverse engineering Java code.

Decompiler tools

Decompilation is not an exact science, even for Java. If one decompiler doesn't handle your file correctly, try another.

I currently recommend the JD project; their decompiler apparently comes with an Eclipse plugin, and supports foreach and some generics.

There is a (new) online decompiler at reversed-java.com.

JAD is an older decompiler, but still useful (and fast!) The site keeps going down, so I made a mirror here. Please visit the official site for the latest version.

JODE is another decompiler, with source. JODE comes with a very nice obfuscator as well.

Recompiling

If you're lucky, you might be able to recompile the output from Jad. However, the Java VM has more lenient rules for variable naming than the Java language itself. For instances, a valid class file can have several variables named 'a', as long as they have different types. If you decompile such a class, the source code you get will not be valid.

JAD will usually rename the offending fields, and make a recompilable file... the only problem being that the recompiled file won't be compatible with the original classes.

Happily, with Jode you can customize the obfuscator by writing new renaming rules. You can actually use the obfuscator to de-obfuscate the class files before you decompile them: Make a rule file giving each variable a readable, unique name, preferably related to the type. {i,j,k} is much better than {i1,i2,i3}; {red,green,potato} is probably even better.

If you're lucky, you can deobfuscate the entire application, and patch that. If that doesn't work, you can deobfuscate, patch and recompile a class, and then re-obfuscate that class (by using the inverse mapping from the deobf step) and plonk it back into the application.

Byte Code Patching

If the files are really mangled, you won't be able to recompile them at all (the byte code itself simply will not be representable as Java source code). You will need to disassemble the file, patch the byte code, and reassemble it.

The easiest way to do this is to add the code you need in a separate file, and just add static calls in the original file, like so:

.method public mousePressed(Ljava/awt/event/MouseEvent;)V
.limit stack 4
.limit locals 6
	aload_0			; load this
	aload_1			; load event
	invokestatic Patch/one(Lf;Ljava/awt/event/MouseEvent;)Z
	ifeq continue
	return
continue:
	aload_0
	getfield f/C I
..and.. 
class Patch {
  public static boolean one(f foo, MouseEvent ev) {
    if(foo.z > 4) {  // whatever calls you need
      foo.x(); return true;
    }
    return false;
  }
}

That way you can change the patch without having to reassemble and repackage everything.

More information

[Comment on this]