Java之逆向工程(1) - 反编译、修补和逆向工程技术 读书笔记
透视JAVA——反编译、修补和逆向工程技术 读书笔记
1、 Java source is not compiled to binary machine code like C/C++ source is.
2、 Because the bytecode does not represent the lowest-level machine language, the format of the code closely resembles the source code.
3、public String getDisplayName() {
return getUserName() + “ (“ + getHostName() + “)”;
}
is represented by the following bytecode:
0 new #4 <java/lang/StringBuffer>
3 dup
4 aload_0
5 invokevirtual #5 <covertjava/decompile/MessageInfoComplex.getUserName>
8 invokestatic #6 <java/lang/String.valueOf>
11 invokestatic #6 <java/lang/String.valueOf>
14 invokespecial #7 <java/lang/StringBuffer.<init>>
17 ldc #8 < (>
19 invokevirtual #9 <java/lang/StringBuffer.append>
22 aload_0
23 invokevirtual #10 <covertjava/decompile/MessageInfoComplex.getHostName>
26 invokevirtual #9 <java/lang/StringBuffer.append>
29 ldc #11 <)>
31 invokevirtual #9 <java/lang/StringBuffer.append>
34 invokestatic #6 <java/lang/String.valueOf>
37 invokestatic #6 <java/lang/String.valueOf>
40 areturn
3、 Potential Problems with Decompiled Code(混淆器)
Most of the time, decompiling produces a readable file that can be changed and recompiled.However, on some occasions decompiling does not render a file that can be compiled again.
Reason: This can happen if the bytecode was obfuscated, and the names given by the obfuscator result in ambiguity at the compilation. The bytecode is verified when loaded, but the verifications assume that the compiler has checked for a number of errors.
obfuscated by the Zelix ClassMaster obfuscator.
static class c
implements Runnable
{
public void run()
{
boolean flag = a.b;
System.out.println(a(“*4%p\002\026&kj\016\0135”));
b b1 = new b(a(“2\000\006_\”;\0”), a(“3 ‘w\005\02778u\022”));
System.out.println(a(“5$8m\n\037$kw\017X|k”).concat(String.valueOf
➥(String.valueOf(b1.d()))));
b1 = new b(null, a(“2\000\006_\”;\0”));
System.out.println(a(“5$8m\n\037$kw\017X|k”).concat(String.valueOf
➥(String.valueOf(b1.d()))));
if(flag)
b.c = !b.c;
}
private static String a(String s)
{
char ac[];
int i;
int j;
ac = s.toCharArray();
i = ac.length;
j = 0;
if(i > 1) goto _L2; else goto _L1
_L1:
ac;
j;
_L10:
JVM INSTR dup2 ;
JVM INSTR caload ;
j % 5;
JVM INSTR tableswitch 0 3: default 72
// 0 52
// 1 57
// 2 62
// 3 67;
goto _L3 _L4 _L5 _L6 _L7
_L4:
0x78;
goto _L8
_L5:
65;
goto _L8
_L6:
75;
goto _L8
_L7:
30;
goto _L8
_L3:
107;
_L8:
JVM INSTR ixor ;
(char);
JVM INSTR castore ;
j++;
if(i != 0) goto _L2; else goto _L9
_L9:
ac;
i;
goto _L10
_L2:
if(j >= i)
return new String(ac);
if(true) goto _L1; else goto _L11
_L11:
}
}
很多商业项目会用这招,为了保护代码。
即使使用了混淆器,可以保证源代码不会被反编译以后直接运用,但是我们可以通过反编译找出你源代码的逻辑或者创新点。这对研发代码的开发很不公平,那么像保护它,只能应用Patents(专利)。
Advanced obfuscators go further and change the control flow of Java code by restructuring the existing logic and inserting bogus code that will not execute.
Debug information is not needed to run the class but is used by debuggers to associate the bytecode with the source code.
When the debug information is stripped out, the names that were stored are lost, so decom-pilers have to generate their own names. In our case, after the stripping, sendMessage para-meter names would appear as s1and s2instead of host and message.
^*^
Encoding Java Strings
Even if class and method names are changed, the strings written by methods to a log file or console can betray the method purpose.In our case, ChatServer.sendMessageoutputs a trace message using the following:
System.out.println(“Sending message to host “ + host + “: “ + message);
String encoding is a powerful feature that should be provided by a commercial-strength obfuscator.
The best obfuscators are capable of transforming the execution flow of bytecode by inserting bogus conditional and goto statements. This can slow down the execution somewhat, but it might be a small price to pay for the increased protection of the IP. Listing 3.3 shows what sendMessage has become after all the transformations discussed earlier have been applied.
混淆前后比照
混淆前:
public void a(String s, String s1)
throws Exception
{
if(s == null || s.trim().length() == 0)
{
throw new Exception(“Please specify host name”);
} else
{
System.out.println(String.valueOf(String.valueOf((
new StringBuffer(“Sending message to host “)
).append(s).append(“: “).append(s1))));
String s2 = String.valueOf(String.valueOf((
new StringBuffer(“//”)).append(s).append(“:”)
.append(b).append(“/chatserver”)));
b b1 = (b)Naming.lookup(s2);
MessageInfo messageinfo = new MessageInfo(e, f);
b1.receiveMessage(s1, messageinfo);
System.out.println(“Message sent to host “.concat(
String.valueOf(String.valueOf(s))));
return;
}
}
混淆后:public void a(String s, String s1)
throws Exception
{
boolean flag = MessageInfo.c;
s;
if(flag) goto _L2; else goto _L1
_L1:
JVM INSTR ifnull 29;
goto _L3 _L4
_L3:
s.trim();
_L2:
if(flag) goto _L6; else goto _L5
_L5:
length();
JVM INSTR ifne 42;
goto _L4 _L7
_L4:
throw new Exception(a(“\002)qUe7egDs1,rM6:*g@6<$yQ”));
_L7:
System.out.println(String.valueOf(String.valueOf((
new StringBuffer(a(“\001 zP\177<\”4Ys!6uSsr1{\024~=6`\024”))
).append(s).append(a(“he”)).append(s1))));
String.valueOf(String.valueOf(
(new StringBuffer(a(“}j”))).append(s).append(“:”)
.append(b).append(a(“}&|Ub! fBs “))));
_L6:
String s2;
s2;
covertjava.chat.b b1 = (covertjava.chat.b)Naming.lookup(s2);
MessageInfo messageinfo = new MessageInfo(e, f);
b1.receiveMessage(s1, messageinfo);
System.out.println(a(“\037 gGw5 4Gs<14@yr-{Gbr”).concat(String.valueOf
➥(String.valueOf(s))));
if(flag)
b.c = !b.c;
return;
}
Inserting Corrupt Code
Inserting corrupt code is a somewhat dubious technique used by some obfuscators to prevent obfuscated classes from decompiling. The technique is based on a loose interpretation of the Java bytecode specification by the Java Runtime. JRE does not strictly enforce all the rules of bytecode format verification, and that allows obfuscators to introduce incorrect bytecode into the class files. The introduced code does not prevent the original code from executing, but an attempt to decompile the class file results in a failure—or at best in confusing source code full
of JVM INSTR keywords.
Eliminating Unused Code (Shrinking)
As an added benefit, most obfuscators remove unused code, which results in application size reduction. For example, if a class called A has a method called m() that is never called by any class, the code for m() is stripped out of A’s bytecode. This feature is especially useful for code that is downloaded via the Internet or installed in unsecured environments.
Optimizing Bytecode
Another added benefit touted by obfuscators is potential code optimization. The vendors claim that declaring nonfinal methods as final where possible and performing minor code improvements can help speed up execution. It is hard to assess the real performance gains,and most vendors do not publish the metrics. What is worth noting here is that, with every new release, JIT compilers are becoming more powerful. Therefore, features such as method finalization and dead code elimination are most likely performed by it anyway.
For commercial applications that contain intellectual property, I recommend Zelix
KlassMaster primarily because of its unique control flow obfuscation.
Java之逆向工程(1) - 反编译、修补和逆向工程技术 读书笔记的更多相关文章
- 如何保护java程序不被反编译
Java是一种 跨平台的.解释型语言 Java 源代码编译中间“字节码”存储于class文件中.Class文件是一种字节码形式的中间代码,该字节码中包括了很多源代码的信息,例如变量名.方法名 等.因此 ...
- Java逆向武器库_反编译工具
1.反编译工具之_jd-gui 官网下载地址:http://java-decompiler.github.io/#jd-gui-download 使用: 下载后解压直接使用即可. jd-gui的优势是 ...
- Java代码加密与反编译(二):用加密算法DES修改classLoader实现对.class文件加密
Java代码加密与反编译(二):用加密算法DES修改classLoader实现对.class文件加密 二.利用加密算法DES实现java代码加密 传统的C/C++自动带有保护机制,但java不同,只要 ...
- Java Jar源码反编译工具那家强
本文介绍下Java Jar常见的反编译工具,并给出使用感受. 反编译JAR能干什么: 排查问题.分析商业软件代码逻辑,学习优秀的源码思路. JD-GUI 下载地址:http://java-decomp ...
- 《Java编程思想》——初始化与清理(一)读书笔记
第一次写这个,这一章都用word写的,结果复制过来没图片....只能上传word文档了.以后改用markdown比较好 word文档地址:<Java编程思想>--初始化与清理(一)读书笔记
- Java .class文件的反编译与反汇编
转载请注明原文地址:https://www.cnblogs.com/ygj0930/p/10840818.html 一:反编译 通常用于第三方JAR包的逆向工程. 一般我们拿到的jar包都是经过编译后 ...
- Java代码加密与反编译(一):利用混淆器工具proGuard对jar包加密
Java 代码编译后生成的 .class 中包含有源代码中的所有信息(不包括注释),尤其是在其中保存有调试信息的时候.所以一个按照正常方式编译的 Java .class 文件可以非常轻易地被反编译.通 ...
- 《深入理解Java虚拟机:JVM高级特性与最佳实践》读书笔记
第一部分 走进Java 一.走进Java 1.概述 java广泛应用于嵌入式系统.移动终端.企业服务器.大型机等各种场合,摆脱了硬件平台的束缚,实现了“一次编写,到处运行”的理想 2.java技术体系 ...
- 《疯狂Java:突破程序员基本功的16课》读书笔记-第一章 数组与内存控制
很早以前就听过李刚老师的疯狂java系列很不错,所以最近找一本拿来拜读,再此做下读书笔记,促进更好的消化. 使用Java数组之前必须先对数组对象进行初始化.当数组的所有元素都被分配了合适的内存空间,并 ...
随机推荐
- python实现图片验证码
1 验证基础知识1.1 Python生成随机验证码,需要使用PIL模块. # 安装 pip3 install pillow 1.2 创建图片 from PIL import Image img = I ...
- 【8.23校内测试】【贪心】【线段树优化DP】
$m$的数据范围看起来非常有问题??仔细多列几个例子可以发现,在$m<=5$的时候,只要找到有两行状态按位$&$起来等于$0$,就是可行方案,如果没有就不行. #include<i ...
- USACO 2017 FEB Platinum nocross DP
题目大意 上下有两个长度为n.位置对应的序列A.B,其中数的范围均为1~n.若abs(A[i]-B[j]) <= 4,则A[i]与B[j]间可以连一条边.现要求在边与边不相交的情况下的最大的连边 ...
- April Fools Day Contest 2016 A. Da Vinci Powers
A. Da Vinci Powers 题目连接: http://www.codeforces.com/contest/656/problem/A Description The input conta ...
- hdu 4114 Disney's FastPass 状压dp
Disney's FastPass Time Limit: 20 Sec Memory Limit: 256 MB 题目连接 http://acm.hdu.edu.cn/showproblem.ph ...
- ajax拖拽上传文件
AJAX拖拽上传 <!DOCTYPE html> <html lang="en"> <head> <meta charset=" ...
- CentOS下的yum upgrade和yum update区别,没事别乱用,和Ubuntu的update不一样!
说明:生产环境对软件版本和内核版本要求非常精确,别没事有事随便的进行yum update操作!!!!!!!!! yum update:升级所有包同时也升级软件和系统内核 yum upgrade:只升级 ...
- EntityFramework中几种操作小结
目前项目中使用到的EntityFramework中几种操作小结,先标记下.没有详细介绍,后续有空的话再补充一些并完善一下. 列中加入RowVersion时间戳 public class Product ...
- WPF中的导航框架(一)——概述
有的时候,我们需要一个支持页面跳转的UI,例如文件浏览器,开始向导等.对于这样的界面,简单的可以使用ContentControl + ContentTemplateSelector的方式来实现,但是有 ...
- Android 应用程序的图标 (Icon) 应该设计成多大?
应用程序图标 (Icon)应当是一个 Alpha 通道透明的32位 PNG 图片.由于安卓设备众多,一个应用程序图标需要设计几种不同大小,如:LDPI (Low Density Screen,120 ...