How to block your (or open someone else) JAVA code
Java code anti-compilation and fuzzy processing of full guide GREG Travis (mito@panix.com) Free programmer, New York May 2001
Whether it is to modify the code in many online open source libraries, or call the common operating system routine, you can't spend some time to figure out the code you have not written, and you may not have the source file of these code. When you start debugging the code, you need a good Java anti-compiler and understand the technology that is correctly used. At the same time, you must also know how to protect your own code is not peeked. To this end, you also need to understand the problem of code fuzzy processing. In this initiator guide on opening and blocking Java code, Greg Travis uses the examples of the popular tools such as MoCha, Hosemocha, JMangle, and Jode, and will gradually teach you the basis of anti-assessment, anti-compilation and Java code fuzzy processing. know how.
It is not more frustrated by no source code without finding an error. It is this reason that has led to the emergence of the Java anti-compiler, which can complete the compiled bytecode to the origin code. Although the code anti-compiler is not just for the Java language, it has never been disclosed or widely used as in Java developers. Relative to the anti-compilation needle is blurred. Suppose the anti-compiler can easily obtain the source code from the compiled code, then protect your code and valuable technical secrets is not that simple. As the Java anti-compiler is generally used, Java fuzzy processors are also popular, and its role seems to put a smoke button in front of your code. Anti-compilation and fuzzy treatment has attracted a debate in the field of commercial development - most of the debate is concentrated on Java language. In this article, I will let you understand the specific processes of code anti-compilation and fuzzy processing, discuss the theoretical issues after these two technologies, and briefly talk about their debate caused in business programming. I will also introduce some more famous anti-compilers and fuzzy processors (with commercial, open source), and use them with the in-depth use of the article to create some instances. What is anti-compilation? Reflexibility is a process of converting a target code into a source code. This should be very clear because compiling is a process of converting source code into a target code. But what is the target code? A generally definition is that the target code is a code represented by the language, which can be performed directly through an enormous or virtual machine. For languages like C, the target code is typically running on the hardware CPU, while the Java target code is usually running on the virtual machine. Reflexo is difficult as described above, and the anti-compilation is relatively simple, but it is actually very difficult - from essentially, it is included in the small size, low-level behavior to infer the large scale High level behavior. In order to have an intuitive understanding, we regard a computer program as a complex company organizational structure. High-level managers have reached their subordinates to "maximize technology production capacity" commands, and the subordinates turn these commands into more specific actions, such as installing new XML databases. As a new employee of the company, you may ask what he or she is doing, and get answering, "I am installing a new XML database." From this sentence, you can't infer its ultimate goal is the biggest Experience how technology production capacity is improved. After all, the ultimate goal is not the same, for example, may be data that separate the supply chain or accumulate consumers. However, if you belong to those who are curious, you may ask a few questions and let the affiliates from different levels of the company answered your question. Finally, when all the answers are summarized, you may guess that the greater goal is to maximize technology production capacity. If you look at the computer program as a organizational structure similar to a company, then the anti-compile code is not irrelevant, the above will give you a direct feeling. From the perspective of comparison, this is to reference the outstanding researcher Cristina Cifuentes in this field's description of the anti-compilation process: any binary renovation project requires disassembly of code stored in the binary file. In theory, the data and code isolated on von neumann are like shutdown issues, so complete static translation is impossible. However, in fact, different techniques can be used to improve the proportion of code that can be static translated, or take dynamic translation techniques that can be used in operation.
- "Binary Rengineering Of Distributed Object Technology" (see
Reference)
Converting the target code into a source code is not the only problem that I encountered during the anti-compile. A Java class file potential contains some different types of information. It is important to know which type of information that may contain in the class file is important for understanding how you use this information and how it works for information. This is actually what Java reverse editor is required. It is not very important that the true binary format of the Java class file is not important. What is important is to know which different kinds of information have been included in those bytes. In this step, we will use a tool with most JDK - JavaP. Javap is a Java code disassembly, which is different from the anti-compiler. The reverse instrument converts the target code of the machine readable format (as shown in Listing 1) into readable code (as shown in Listing 2). Listing 1. Original content of a class file 0000000 FECA Beba 0300 2D00 4200 0008 081F 3400
0000020 0008 073F 2C00 0007 0735 3600 0007 0737
0000040 3800 0007 0A39 0400 1500 000A 0007 0A15
0000060 0800 1600 000A 0008 0A17 0800 1800 0009
...
Listing 2. JavaP output results
Local Variables for Method Void Priv (Int)
Foo this PC = 0, Length = 35, Slot = 0
INT Argument PC = 0, Length = 35, Slot = 1
Method void main (java.lang.string [])
0 new # 4
3 InvokeSpecial # 10
6 return
Note that the list 2 is not the source code. The first part of this list lists the local variables of the method; the second part is assembly code, which is also a readable target code. Elements in a class file Javap is used to negate assembly or unpack a class file. Here is the information contained in the Java class file that can be reversed by using Javap:
Member variables. Each class file contains all name information and type information corresponding to each data member of the class. After disassembly method. Each method of the class is represented by a string of virtual machine commands and came with its type sign. Line number. Each section in each method is mapped to the source code row, where possible, source code rows to generate a section. This allows real-time systems and debuggers to provide stack tracking for programs running. Once the local variable name is compiled, the local variable of this method does not need to be named, but can contain them by using the -g option to the Javac compiler. This also makes real-time systems and debuggers help you. Since the internal situation of the Java class file has been understood, let's take a look at how to convert this information to achieve our goal. Using the anti-compiler is conceptually, the anti-compiler is very simple. He is to use the compiler to use: You give it .class file, it will give you a source code file. Some comparison new anti-compilers have a delicate graphical interface. However, in the example, we will use Mocha, which is the first publicly available anti-compiler. In the end of this article, I will discuss a newer anti-compiler in GPL. (See Resources, download MOCHA and get a list of Java anti-compiler.) Let us assume that there is a class file called foo.class in the directory. Using MoCha, it is very simple to compile, as long as you type the following command:
$ java mocha.decompiler foo.class
This generates a new file called foo.mocha (Mocha uses foo.mocha this name to avoid the source code of the original file). This new file is the source file of Java, and if everything goes well, you can compile it normally. Just rename it to foo.java can start. But there is a problem here: If you run Mocha on some code you already have change, you will notice that the code and source code it generate is not exactly the same. I will give an example so you can understand what I mean. The original source code shown in Listing 3 is a test program from a foo.java. Listing 3. A small part of the original source code for foo.java private int Me MEMBER = 10;
Public foo () {
INT local = returnteger ();
System.out.println ("Foo Constructor");
PRIV (local);
}
The following is a list of code lists generated by Mocha 4. Source code for foo.java generated by MOCHA
PRIVATE INT MEMBER;
Public foo ()
{
MEMBER = 10;
INT local = returnteger ();
System.out.println ("Foo Constructor");
PRIV (local);
}
The member variable of the two codes of code Member is initialized to 10. In the original source code, it is expressed as an initial value in the same line of the declaration, and in the retrograde source code, it is represented as an assignment statement in one constructor. The anti-compiletable code tells us some ways to be compiled by the source code; that is, its initial value is compiled as the assignment in the constructor. By observing the results of anti-compilation, you can learn how many Java compilers work. Difficulties are difficult: Continue to repeat Although MOCHA can independence your target code, it will not always succeed. Due to difficulties, there is no anti-compiler to translate export code accurately, and each reverse compiler processes their vulnerabilities in the translation process. For example, MoCHA sometimes has some problems in the structure of an accurate cycle structure. If this is true, it uses a pseudo GOTO statement in the final output, as shown in Listing 5. Listing 5. Mocha does not accurately compile
IF (i1 == i3) goto 214 else 138;
J3 = GetSegment (i3) .getzorder ();
IF (J1! = 1) goto 177 else 154;
IF (J3> K2 && (! K1 || J3 EXPRESSION 0 IF (J3 EXPRESSION 0 IF == goto 201 CONTINUE; I2 = i3; The problem of moving Mocha does not talk, the anti-compiler is typically translated out the source code in general. Once you know the weakness of an anti-compiler, you can manually analyze and convert anti-compilation code so that they can comply with the original source code more accurately. As the anti-compiler is becoming more and more excellent, we have encountered another problem: if you don't want anyone to compile your code, what should I do? Although the anti-compilation and the threat to safety, most of the code is completely high, but the fact is one of the necessary tools for software infringement. Because of this, especially for developers in the field of business and non-open source code, the existence of cheap (or free) Java code disassemble tool is a serious problem. In terms of language itself, Java code is very easy to disassemble due to its relatively simple Java virtual machine (compared to true microprocessors) and its very standardized byte format. And this has become a lot of controversies in the field of commercial development, with the increasing popularity of the Java language on the Web development platform. Since the first release of Mocha in 1996, some companies and individuals who have been investing in their source code have been quarriage to the Java anti-compiler. In fact, when Mocha is released, its author Hanpeter Van Vliet has been threatened by some company litigation (see Referring). At first, he removed the anti-compiler from his website, but he later provided a better solution in Crema's form. CREMA is a Java fuzzy processor that is completely opposite to MOCHA. Since the release of Crema, many Java fuzzy processors have begun, some of which are commercial, and some are open source. As you can see, a good Java fuzzy processor can protect your Java code to a large extent. Pattern relative code fuzzy processing code fuzzy treatment The meaning of the literal is ambiguity to deal with your code. The Java fuzzy processor changes the program with a non-spot method, so that its operation is exactly the same, but it makes people trying to understand the program more confusing. Let's take a look at what is the case where the reverse program encounters the code after fuzzy treatment. Listing 6 shows the results of the Java code that MOCHA attempts to disassemble the Java code called JMangle's fuzzy processing. Please note that the following short programs and we are using the same in the previous list, although at first glance, you will definitely think so. Listing 6. Code PUBLIC FOO () via JMangle blurred treatment { JM2 = 10; INT i = JM0 (); System.out.println ("Foo Constructor"); JM1 (i); } The fuzzy processor like JMangle converts many variable names and method names (sometimes even the names of the class name and package) into unspecified strings. This makes it difficult to read the program, but for JVM, it is the same in nature and the original program. It is not just that the labels are meaningless to make the markers, but they are not only these. The reason why Crema is notorious is because it has used many despicable means to prevent disassembly, and there are many fuzzy processors that have already appeared, they have followed it. A commonly used fuzzy processing code is to replace the tags in the class file with an illegal string, which is more step more than using the meaningless string. Alternatively, it is possible to be a keyword, such as private, or even like *** meaningless tags. Some virtual machines - especially in the browser - these weird orders do not make legal reactions. It is technically said that a variable = such variable is opposite to Java's specifications; some virtual machines can ignore it, while others cannot be like this. Crema placed bomb Press literally, and another policy used by CREMA is a bomb. CREMA has the ability to completely shut down MoCha. It adds a small "bomb" in the compiled code, causing Mocha to crash when trying to refine the code. Unfortunately, CREMA has not been, but there is a tool called Hosemocha is designed to close MoCha. In order to understand how Hosemocha is working, we will use Java, this trusted contusurtor. Listing 7 shows the code before the Hosemocha placed the bomb. Listing 7. Code before placing the bomb MAIN (java.lang.string []) 0 new # 4 3 InvokeSpecial # 10 6 return The following is the code after HosemoCha. Listing 8. Code after placing the bomb Method void main (java.lang.string []) 0 new # 4 3 InvokeSpecial # 10 6 return 7 POP Do you see the bomb? Please note that this program has a POP statement after returning. Wait a minute - do you still do it after returning? Obviously, it can't, and this is the key. After returning a statement, put a instruction to ensure it will not be executed. What you see here is that it is impossible to be disassembled. Because it does not correspond to any possible Java source code, there is no meaning. But why can this little obstacle can cause MOCHA crash? Mocha can simply ignore it, or send a warning message and continue. Although MoCHA's vulnerability of such bombs can be considered a program error, it is more likely that Van Vliet is intentionally set in order to respond to MoCha attack. To this end, we have learned that older disassembly tools and fuzzy treatment tools - although it is a bit outdated, it is more excellent. However, similar tools have become more mature in these years, especially in the graphical interface. In the end of this article, let's take a look at a newer reverse system, just let you have a general concept. New members in this area have become more complicated in the past five years, but also more complicated technology, but also the interface of these tools. In recent contusons, there are a few directory that allows you to browse .class files and you can make disassembled. Jode (Java optimization and anti-compilation environment) is such a program. Type the .jar file in the command line, Jode will allow you to map its classes and automatically disassemble each class to let you view. This particularly helps to find source code through libctions provided by Java SDK. Simply type the following command: $ java jode.swingui.main - Classpath [Path to your java sdk] /jre/lib/rt.jar You will get a complete translation of the file as shown in Figure 1. Figure 1. Jode: An Antibody Configuration See References to get a list of more useful tools. Conclusion Whether you choose to use a classic tool like MoCha or Hosemocha or to study the updated tools, you should use this article as a starting point for you to learn Java disassembly and fuzzy treatment. Here, please browse many of the links provided in the reference materials, try to use some of these tools and prepare for the continuous improvement of your own technology. Despite many controversy, disassembly and fuzzy technologies still exist, and will only become more mature and perfect in the next few years. Resources Although Mocha is outdated, it is more interesting to use, and occasionally there will be some use. As Crema, Hosemocha in its previous Crema, Hosemocha manufactures a bomb that blocks Mocha. Borland's JBuilder is said to be based on the original CREMA code. Check out JMangle. SourceForge has jode now, it can be obtained under GPL. Wingdis is another popular business contrast. BlackDown lists many Java development tools on Linux, including JAD, which is considered to be "the fastest Java Antibody". Zelix Klassmaster is a business class file for a fuzzy processor to view tools. Marc Meurrens' Java Code Engineering is an excellent website covering assembler, reverse, fuzzy processors, and related information. Anti-assembly and reverse system are another inclusive page with a number of software and research papers. Cristina Cifuentes maintains an anti-assembly page, there are many information about the theory and actual work of anti-assembly, including a C reverseiber, named DCC. The late Maurice Halstead is considered to be an anti-assessment father. Please read the information about his anti-assessment project from 1960 to 1976. See "JavaWorld, July 1997), here there is a wide range of review of Java reversible compilation. Please read the Hanpeter Van Vliet Declaration (Web Techniques, September 1997). IBM Zurich Research Laboratory has invested a lot of resources in security and Java encryption technology. Please read IBM how to study Java security and distributed target systems. In "Operation: Fuzzy Safety" (DEVELOPERWORKS, Oct 2000), the author Gary McGraw and John Viega discussed confidentiality when running software. Please don't miss the security topic of developerWorks in this important area. Classic books of McGraw and Felten Securing Java, 2nd Edition (John Wiley & Sons, 1999) Chapter 6 have more information about Java reversible. About the author Greg Travis is a free programmer living in New York. His interest in the computer can be traced back to the "The Bionic Woman", Jamie tries to flee a building that is controlled by evil and the door, and artificial intelligence has also ridiculed her through the megaphone. GREG firmly believes that it is exactly the computer program. You can contact GREG via mito@panix.com.
