Copy Link
Add to Bookmark
Report
Java Coffee Break Newsletter Volume 1 Issue 04
Java Coffee Break Newsletter Vol 1, Issue 4
ISSN 1442-3790
Welcome to the fourth Java Coffee Break Newsletter. This issue covers
decompiler software, which allows software developers to generate
source code from compiled Java classes. This article is updated with
new information about stronger decompilers, and is based on an earlier
article from the JCB site.
- - - - - - - - - - - - - - - - - - - - - - - -
Java Coffee Break Updates
* Java Tutorials
1. Java Tutorials
If you're new to the Java programming language, and need a little
help, then try some of the free tutorials available from the
Java Coffee Break. These aren't your normal tutorials - they don't
require extensive Java experience or knowledge.
All our Java tutorials can be found at
http://www.davidreilly.com/jcb/tutorials.html
- - - - - - - - - - - - - - - - - - - - - - - -
Decompilers - Friend or Foe?
When a programmer writes software, and releases it to the public, he
(or she) normally releases a compiled version of the application, that
users can run on their own machine. Whether it is a commercial
offering, or a free piece of software, the programmer has put a
considerable amount of time and effort into producing it. As a general
view, programmers don't give the source code for their product away.
Yet few developers realise that every time you release compiled
software, you are also giving people the opportunity to reconstruct
the source code!
Software that examines software
Decompilers are programs that analyse compiled code, and from this,
reconstruct the original source code. Decompilation and reverse
engineering is often prohibited by software license agreements - but
this won't always stop an unscrupulous competitor, or an enthusiastic
hacker from analysing your code. Decompilers are freely available for
a variety of languages and platforms, including Java! Read on, and
I'll introduce you to the world of decompilation.
How do they work?
Decompilers work by analysing the byte code of software, and then
deduce the code that created it. Most classes also contain additional
debugging information, which can help the decompiler create a more
accurate representation of the original source code. This debugging
information is invisible to normal users, and many programmers don't
even realise just how much information can be obtained from their
classes - but there are ways to protect your code.
Software is available that will strip away debugging information,
and even change the names of local and member variables inside your
classes. SourceGuard, for example, will rename your variables to
meaningless names, which decreases the readability of decompiled
source. When you protect your code with applications like
SourceGuard, decompilers have less information on which to base
their analysis on, and it becomes harder for programmers to
understand the code they produce.
The success of decompilation varies upon the amount of protection
that software developers use, and the decompiler software that one
uses to decompile. Many decompilers fail to decompile correctly,
and some will even produce code that won't compile - particularly
when faced with strong protection from a product like SourceGuard
which offers a feature called byte-code range modification. BRM
prevents most software from decompiling methods that have try { }
catch blocks, and will produce garbled code with most decompilers.
Preventing decompilation is a valuable feature. Of course, such
protection isn't uncrackable. While there are plenty of free
decompilers out there, you really get what you pay for. With free
tools, the code that is produced ranges from complex to unusable
when protected by a tool that is decompiler resistant. With
commercial tools, you can get varying degrees of success, and at
least one tool is capable of breaking the byte-code range
modification technique of SourceGuard.
SourceAgain, by Ahpah Software Inc, is capable of decompiling BRM
protected classes effectively, and produces much more readable
code than free software like Mocha or DejaVu. SourceAgain is
available in three versions, a standalone decompiler, a
professional edition that integrates with Symantec Visual Cafe
and Microsoft Visual J++, and a Unix version. For those interested
in using decompilers, a trial of SourceAgain is accessible from
the web, and it can decompile classes that are accessible from a
http:// address.
The full article is available at
http://www.davidreilly.com/jcb/articles/decompilers_friend_or_foe.html
- - - - - - - - - - - - - - - - - - - - - - - -
The Java Coffee Break Newsletter is only sent out to email subscribers
who have requested it, and to readers of the comp.lang.java.programmer
and comp.lang.java.help newsgroups. If you are an email subscriber and
no longer wish to receive the JCB Newsletter, please unsubscribe using
the WWW form located at
http://www.davidreilly.com/jcb/newsletter/unsubscribe.html
