Oct 27 2008
20:21 ah, , try giving it another user name. it stops working if "you" have already won
Nov 3 2008
20:46 <tags> ?
Nov 4 2008
10:21 click to yabber
11:49 sweet :)
15:52 sdf sdf
Nov 5 2008
01:46 .
20:38 i hate lvl 58 59 65
Nov 13 2008
04:35 blargh?
13:41 jan liker banan!
21:03 pk
Nov 14 2008
01:45 WTF level 54? What is it that I can't see?
20:54 aef
Nov 18 2008
20:52 bucuresti
Nov 19 2008
13:29 timisoara
Nov 20 2008
10:31 why can't I recursively unzip the contents of droste.zip!!!
12:22 MORIYA

steike / code / java reverse engineering

Some notes on reverse engineering Java code.

Decompiler tools

JAD is the fastest decompiler available, and reasonably accurate. The site keeps going down, so I made a mirror here. Please visit the official site for the latest version. JODE is another decompiler, with source. JODE has a very nice obfuscator as well.

Recompiling

If you're lucky, you might be able to recompile the output from Jad. However, the Java VM has more lenient rules for variable naming than the Java language itself. For instances, a valid class file can have several variables named 'a', as long as they have different types. If you decompile such a class, the source code you get will not be valid.

JAD will usually rename the offending fields, and make a recompilable file... the only problem being that the recompiled file won't be compatible with the original classes.

Happily, with Jode you can customize the obfuscator by writing new renaming rules. You can actually use the obfuscator to de-obfuscate the class files before you decompile them: Make a rule file giving each variable a readable, unique name, preferably related to the type. {i,j,k} is much better than {i1,i2,i3}; {red,green,potato} is probably even better.

If you're lucky, you can deobfuscate the entire application, and patch that. If that doesn't work, you can deobfuscate, patch and recompile a class, and then re-obfuscate that class (by using the inverse mapping from the deobf step) and plonk it back into the application.

Byte Code Patching

If the files are really mangled, you won't be able to recompile them at all (the byte code itself simply will not be representable as Java source code). You will need to disassemble the file, patch the byte code, and reassemble it.

The easiest way to do this is to add the code you need in a separate file, and just add static calls in the original file, like so:

.method public mousePressed(Ljava/awt/event/MouseEvent;)V
.limit stack 4
.limit locals 6
	aload_0			; load this
	aload_1			; load event
	invokestatic Patch/one(Lf;Ljava/awt/event/MouseEvent;)Z
	ifeq continue
	return
continue:
	aload_0
	getfield f/C I
..and..
class Patch {
  public static boolean one(f foo, MouseEvent ev) {
    if(foo.z > 4) {  // whatever calls you need
      foo.x(); return true;
    }
    return false;
  }
}

That way you can change the patch without having to reassemble and repackage everything.

More information

[Comment on this]