Decompilers and Bytecode Obfuscation

On the Internet, protecting intellectual property has always been something of a joke, but not a very funny joke. Computers make it easy to copy information one time or a thousand times, and networked computers make it easy to distribute information. For people worried about royalties or per-use fees, the Internet is an ungodly nightmare.

You, as a developer, may also be worried about protecting your intellectual property, your Java programs. What can other people find out from the class files of your programs? They can find out quite a lot, using something called a decompiler. Just as a compiler takes source code and creates class files, a decompiler takes class files and creates source code. A good decompiler produces source code that can be immediately recompiled. Decompiling is not a new technique; it can be applied to the binary executables of any operating system. Java’s class file structure, however, makes it particularly easy to reproduce readable source code from executable class files.

A popular decompiler is Hanpeter van Vliet’s Mocha. Mocha is free, but you get what you pay for; it does have bugs, and it chokes on some Java 1.1 classes.[35] You can download Mocha from A newcomer in the free decompiler arena is JAD, available at If you’re willing to pay for a decompiler, try WingDis ( ) or SourceAgain ( ...

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.