Decompilers and Bytecode Obfuscation

On the Internet, protecting intellectual property has always been something of a joke, but not a very funny joke. Computers make it easy to copy information one time or a thousand times, and networked computers make it easy to distribute information. For people worried about royalties or per-use fees, the Internet is an ungodly nightmare.

You, as a developer, may also be worried about protecting your intellectual property, your Java programs. What can other people find out from the class files of your programs? They can find out quite a lot, using something called a decompiler. Just as a compiler takes source code and creates class files, a decompiler takes class files and creates source code. A good decompiler produces source code that can be immediately recompiled. Decompiling is not a new technique; it can be applied to the binary executables of any operating system. Java’s class file structure, however, makes it particularly easy to reproduce readable source code from executable class files.

A popular decompiler is Hanpeter van Vliet’s Mocha. Mocha is free, but you get what you pay for; it does have bugs, and it chokes on some Java 1.1 classes.[35] You can download Mocha from http://www.brouhaha.com/~eric/computers/mocha.html. A newcomer in the free decompiler arena is JAD, available at http://web.unicom.com.cy/%7Ekpd/jad.html. If you’re willing to pay for a decompiler, try WingDis (http://www.wingsoft.com/wingdis.shtml ) or SourceAgain ( ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.