June 16, 2011, 6:04 a.m.
posted by newmy
If you are working with a Java program, the concepts discussed up to here will work but the tools will not. To fully understand why, let's look at how Java programs differ from traditional native code. Instead of compiling directly to a native platform object binary, Java instead is either interpreted or compiled into byte code (JIT or Just In Time compilers are a third option that wait until the very last second to compile code, thus giving the benefits of both interpreting and compiling), for which a virtual machine (commonly referred to as the Java Virtual Machine or JVM) then acts as a translation layer between the Java program and the computer.
This process allows a program to be compiled once and then be run on many different platforms. The good news for someone who wants to reverse engineer Java code, however, is that this intermediary step makes it much easier to figure out what is going on, unless, that is, the code has been obfuscated by a third-party utility.
Because of the way Java is structured, it is much easier to reverse engineer the Java byte code back into high-level Java code than it is to take a natively compiled program back into its respective language. Thus, tools that are known as Java byte code obfuscators have become popular. These tools, in essence, jumble the code around so that it can't be easily reversed, or if it is, the high-level code makes no sense to a programmer. There are many tools that can perform this obfuscation, and just about as many that can undo it. Truly protecting Java source with obfuscation is a hard problem and it is one that hasn't completely been answered yet.
Compared to the hoops you have to jump through to be able to view native code, Java decompilation is a breeze. Just fire up your favorite decompiler (we prefer Jad) and let it go. The tool will then create the Java source files from the class file. The source may not be identical to what was written, but it will be close enough so that you can understand exactly what is going on. The only problem that can arise is that the class file might have been obfuscated. To illustrate the ease with which an obfuscated program can be de-obfuscated, consider RetroGuard, a well-known open-source obfuscation program. Some industrious programmers took the open-source tool and reworked it so that it could be used to de-obfuscate its own handy work. For complete details on how this was achieved, check out http://multimedia.cx/pre/re-retroguard.html.