REVEAL
First Online Java Class Decompiler and Obfuscator

PAPERS

Read the rest of this page

A Distributed Class Decompiler to Facilitate Reverse Engineering in Java

Note : this paper does not cover the new release of Reveal and various terms like obfuscation shall not be discussed.

Abstract – In this product, we investigate an interesting proposal of building a distributed JavaTM class decompiler to “deduce” the original class design and relations out of the compiled JavaTM codes. The contribution is two-folded. First, as for educational purpose, our prototype can be used to teach students about the possible advantages of reverse engineering for efficient application development. More importantly, our proposal can actually be used to facilitate the reverse engineering (RE) process for most practical Java applications.

The result is our prototype (REVEAL) which, up to our knowledge, is the first on-line interactive Java class decompiler, which allows users to decompile any class file support constructive RE – to help users recover old codes and understand the need for obfuscation. Practically, REVEAL is a flexible tool in which Java class files can be analysed to generate class hierarchies and call graphs. Work on an obfuscator is currently being done to protect “newly recovered codes” from adverse RE. Also, REVEAL can be used as an immediate tester for any newly invented obfuscator. In addition, REVEAL is designed to educate the general public about the ease and flexibility in reverse engineering Java classes. With REVEAL, programmers can understand how Java class-files are structured with different live on-line examples. The on-line applet REVEAL can be accessed from http://www.jreveal.org/cgi-bin/reveal.pl. Users are required to register as member of JReveal.ORG. Membership registration is free.

Keywords : Java Class Decompilation, Web Applications – Practice and Experience, Reverse Engineering, Obfuscation

I. INTRODUCTION

There is no question that the (SUN MicroSystems) JavaTM programming language has gained remarkable success as one of the most popular application development languages in recent years due to its cross-platform, object-oriented and network-centric properties. Many existing software development tools such as the Visual Café are mainly focused on facilitating the forward engineering of Java applications which, by itself, is not sufficient to solve many software modification or maintenance problems we are facing nowadays. As we are still likely to have a shortage of experienced Java programmers in the coming years, to solve or reduce the long-existing backlog or maintenance problem in the software industry, we argue the need to reverse engineer some existing Java applications for the development or maintenance of many large-scale industrial Java applications. In addition, due to the high mobility of the Java programmers among different companies, many Java applications are often completed or partially completed without proper documentation – clearly, not many Java programmers will write descriptive comments, and then use the tool “javadoc” to generate meaningful documentation for real-life applications. Therefore, many companies are forced to abort some already developed Java applications and rebuild the whole application from scratch, resulting in a great waste of manpower and time. This situation again shows the real need for reverse engineering of Java applications.

Generally speaking, there is some misunderstanding about reverse engineering of Java applications. First, some people may think that the concepts of object orientation greatly enhance the development of complex or large-scale applications in Java. Thus, there is no need for reverse engineering of Java applications. Clearly, object orientation can only help programmers to better manage the software development process, but definitely not to solve every problem, like the previous two cases we have mentioned, in the software industry. More interestingly, some people may even consider reverse engineering simply equivalent to “code reuses”. Hence, the idea of “reverse engineering in Java” is totally not appealing to these people since it may be faster to build a new Java application from scratch rather than trying to reuse the original codes of a possibly different application in some specific cases. However, it should be noted that “code reuses” only covers one possible application of reverse engineering. In many cases, we are also interested in retrieving the original design such as the class hierarchy for maintaining the existing Java applications. Besides, due to the “black magic” of the various Java decompilation techniques available in the hackers’ community for self-satisfaction, most people may think that reverse engineering in Java simply means a collection of the Java hackers’ decompilation techniques. Clearly, this viewpoint is totally biased and incorrect. However, as software piracy is concerned, we agree that Java is more vulnerable to this security problem than any existing programming language due to its portability and object-orientation supported by the Java Virtual Machine. (For a detailed discussion on the relation between Java decompilation and reverse engineering, their consequence and some possible protections for your Java applications, please refer to [11,12]). On the other hand, we believe that the object-oriented design of the Java Virtual Machine is a mixed blessing in which the standardised symbolic information stored in the compiled Java class files can also help us to quickly retrieve the originally lost codes/design through decompilation.

As we can see in the near future, there should be an increasing demand in most companies for the “constructive” aspects of reverse engineering (RE) of Java applications, in which we are mainly interested to retrieve codes/design that has been lost or to maintain legacy applications. Therefore, in this paper, we propose a RE tool which facilitates constructive RE of Java applications at the moment, and can be easily integrated with other tools to support forward engineering in the future as well. Accordingly, we develop a prototype called REVEAL (Version 1.0) based on our modified version of the Mocha engine, to provide a system for reverse engineering in Java. One major advantage of our prototype system REVEAL is that the overall design of the system architecture and the user interface as well are kept as simple and structural as possible. It should be noted that our prototype can also be used as an educational tool to teach the users about how class decompilation in Java can work, and provide an interesting graphical view of the class hierarchy contained in the compiled Java class files to demonstrate the “respectable advantages” of reverse engineering in Java.

This paper is organised as follows. Section 2 quickly reviews the basic design philosophy of the JavaTM programming language and the center of its underlying supporting technology – the JavaTM Virtual Machine and Class Files. After that, we will investigate some existing Java decompilation techniques and their impacts on the security problem of Java applications. In Section 3, we detail the overall design of the system architecture for our proposed tool REVEAL and justify with examples to facilitate both reverse engineering of Java applications and easy integration of other supporting tools for forward engineering. Lastly, we conclude our work in Section 4.

II. REVERSE ENGINEERING IN JAVA

In this section, we will mainly review the basic concepts for subsequent discussion in this paper. First, we discuss the important design philosophy behind the Java programming language for software development. Second, we briefly review some essential properties of the Java Virtual Machine (JVM) and Class Files which forms the center of the supporting technology for Java applications. Lastly, we consider some existing Java class decompiler, their impacts on the security problem of Java applications, and more importantly, the complete aspects of reverse engineering for Java applications.

2.1 JavaTM Design Philosophy

There are three essential properties, namely portability, object-orientation and network-centric nature, forming the principal design philosophy behind the Java programming paradigm. Undoubtedly, all these essential properties contribute to the success of the Java programming language for software development.

As for software development in Java, it is traditionally focused on the use of forward engineering tools such as the JavaTM Development Kit (JDK) and the Visual Café. In general, most of these Java development tools provide the software engineers a development environment in which the developers can quickly build and test Java applications, applets or any component running on the Java platform. The latest version of JDK is the JavaTM 2 SDK Version 1.2.2 which provides a set of basic tools such as the Java compiler (javac), Java application launcher (java), Application Programming Interface (API) documentation generator (javadoc), the run-time applet tester (appletviewer), the Java debugger (jdb) and the class file diassembler (javap) for general-purpose Java application development. In addition, the JDK provides some sophisticated tools such as the Remote Method Invocation (RMI) tools or Security tools to support more complicated Java application development.

2.2 JaveTM Virtual Machine and Class Files

    • The JavaTM Virtual Machine Specification [1] is available online.

 

  • The JavaTM Virtual Machine Specification, Second Edition by Tim Lindholm & Frank Yellin.

 

In The JavaTM Virtual Machine Specification, Second Edition, Sun’s designers of the Java virtual machine provide comprehensive coverage of the Java virtual machine class file format and instruction set.

2.3 Reverse Engineering of JavaTM Applications

Nowadays, there are many new Java Class Decompilers like Class Spy, the fast JAva Decompiler (JAD) by Pavel Kauznetsov and many other IDE’s like NMI’s JAVA Code Viewer which are based on JAD. Similar to many of these class decompilers, our IDE tool is based on the popular Mocha engine and the 1.1 extension (Jasmine). Information of this engine cannot now be found on the Web. But various modifications have gone into redesigning the Mocha engine. Efforts have been spent into rewriting some major parts of the engine as well.

In general, there are some advantages as well as disadvantages for RE of Java applications. Clearly, the disadvantage of RE is that the compiled byte-codes can easily be hacked. However, as we can see, there are several important aspects for constructive RE. First, it can help users to get back the original class design when it’s once lost. Second, a well-designed RE tool may educate the potential programmers to learn from the others’ class design. In addition, this RE tool can educate the public about the insecurity of compiled byte-codes, thus the needs for obfuscation.

III. OUR PROTOTYPE

The following diagram details the system architecture of our prototype REVEAL tool.

paper1

Our system design of REVEAL is simple and systematic so as to facilitate easy integration of other components such as obfuscator into our RE tool. The most interesting decompiled data can be shared among different components for viewing the byte-codes or plotting hierarchical graphs.

As for the whole decompilation process, the compiled Java classfile, as represented by the URLs in our Input Applet, is firstly decompiled back as a background process to produce some common decompiled data as shown in Figure 1. The advantage of this background decompilation process is that the users can still view an old copy of the decompiled data while working on some new Java classfiles.

Figure 1 : Process of Decompilation

Then, the users can invoke our Byte-code Viewer to view the original byte-codes as contained in this decompiled data as in Figure 2.

viewer

Figure 2 : Byte-code Viewer

Moreover, the users can even view the class hierarchy diagrams such as extends-graph and call-graph out of this decompiled data as shown in Figure 3 & 4.

paperextend

Figure 3 : Extends Graph

callgraph 

Figure 4 : Call Graph

IV. CONCLUSION

We gained much precious experience out of developing our RE tool REVEAL which is the first on-line class decompiler to support flexible and useful RE for most practical applications as well as educating the potential programmers about the possible advantages of RE. In addition, there are lots of directions to be explored so as to improve REVEAL. For instance, it should be interesting to study different obfuscation techniques to protect the newly “recovered source codes”. The second direction for investigation is incremental on-demand decompilation in which (sub-)classes on certain level in the class hierarchy are only decompiled when they are required, thus may reduce some computation time. In a nutshell, there are many other possible features to be integrated into REVEAL. And we should prepare to experiment to build a powerful RE tool for practical Java applications.

V. REFERENCES

 

  • The JavaTM Virtual Machine Specification, Second Edition is now available by Tim Lindholm &
    Frank Yellin at http://java.sun.com/docs/books /vmspec/2nd-edition/html/VMSpecTOC.doc.html
  • Mocha, the Java Decompiler at http://www. brouhaha.com/~eric/computers/mocha.html
  • Protecting Java Code via Code Obfuscation by Douglas Low at
    http://www.cs.arizona.edu/ ~collberg/Research/Students/DouglasLow/obfuscation.html
  • Java Code Engineering & Reverse Engineering at http://meurrens.ml.org/ip-Links/Java/Code Engineering/
  • JAD – the fastest JAva Decompiler at http://meurrens.ml.org/ip-Links/Java/Code Engineering/jad15.html
  • Ada Decaf Home Page at http://ourworld.compuserve.com/homepages/teleobjet/decaf.htm
  • A web-based java decompiler by SourceAgain at http://www.ahpah.com/sourceagain/
  • Java Virtual Machine Online Instruction Reference Manual at http://mrl.nyu.edu/meyer/jvmref/
  • Dumping Java Class Files at http://professionals .com/~cmcmanis//java/dump/index.html

 

  1. “Java Decompilation and Reverse Engineering – Part 1” by Benoît Marchal & Marc Meurrens at http://www.javacats.com/US/articles/decompiler1.htm
  2. “Java Decompilation and Reverse Engineering – Part 2” by Benoît Marchal & Marc Meurrens at http://www.javacats.com/US/articles/decompiler2.htm

Comments are closed.