Decompilers and Bytecode Obfuscation
On the Internet, protecting intellectual property has always been something of a joke, but not a very funny joke. Computers make it easy to copy information one time or a thousand times, and networked computers make it easy to distribute information. For people worried about royalties or per-use fees, the Internet is an ungodly nightmare.
You, as a developer, may also be worried about protecting your intellectual property, your Java programs. What can other people find out from the class files of your programs? They can find out quite a lot, using something called a decompiler. Just as a compiler takes source code and creates class files, a decompiler takes class files and creates source code. A good decompiler produces source code that can be immediately recompiled. Decompiling is not a new technique; it can be applied to the binary executables of any operating system. Java’s class file structure, however, makes it particularly easy to reproduce readable source code from executable class files.
A popular decompiler is Hanpeter van Vliet’s Mocha. Mocha is free, but you get what you pay for; it does have bugs, and it chokes on some Java 1.1 classes. You can download Mocha from http://www.brouhaha.com/~eric/computers/mocha.html. A newcomer in the free decompiler arena is JAD, available at http://web.unicom.com.cy/%7Ekpd/jad.html. If you’re willing to pay for a decompiler, try WingDis (http://www.wingsoft.com/wingdis.shtml ) or SourceAgain ( ...