Decompiling obfuscated java bytecode [closed]

Asked 22/6, 2011 at 17:51 Answered 2/7, 2011 at 18:14

Solved java jvm bytecode proguard decompiler

I work on a platform which runs Java apps. Those apps are often obfuscated, most of them using ProGuard, which makes debugging issues with our platform very difficult.

Currently I'm using JD (http://java.decompiler.free.fr/ ) to decompile it those apps. JD does a decent job, but sometimes the generated code is too difficult to understand.

This appears to happen mainly because obfuscation tools exploit the less constrained spec of JVM Bytecode to produce valid bytecode which doesn't map back to valid Java code (example: aggressive overloading).

So, my question is: is there a decompiler built especially to deal with obfuscated bytecode?

Safe answered 22/6, 2011 at 17:51 Comment(5)

Have you tried members.fortunecity.com/neshkov/dj.html – Mickeymicki 22/6, 2011 at 17:53

@anirudh4444 it only runs on windows. I need something that runs on Ubuntu. – Safe 22/6, 2011 at 17:59

You could use wine/mono to run it on ubuntu. – Mickeymicki 22/6, 2011 at 18:21

Reverse engineering obfuscated bytecode is really hard. Much harder then obfuscating it in the first place. Get ready to spend alot of money or have a lot of time manually learning and translating jvm bytecode. – Kg 22/6, 2011 at 18:29

I've made a decompiler specifically designed to handle obfuscated bytecode. The generated code isn't necessarily pretty, but at least it generates valid code without crashing in cases that easily stump every other decompiler I've tried. You can get it here. github.com/Storyyeller/Krakatau – Lot 27/10, 2012 at 4:25

I doubt any decompilers do that. However you could implement custom bytecode transformation and rename overloaded method and variable names using something like ASM.

Illtreat answered 22/6, 2011 at 18:2 Comment(0)

There is a decompiler known as Fernflower developed by a member here. It boasts being a decompiler specifically made for decompiled code, however you may want to take its claim with a grain of salt. It's uploaded here: https://github.com/Zidonuke/Bukkit-MinecraftServer/blob/master/tools/fernflower.jar?raw=true

Shona answered 2/7, 2011 at 18:14 Comment(3)

Fernflower is no longer officially available, and it can still be defeated by fairly simple control flow transformations. – Lot 22/6, 2012 at 3:46

@Lot care to explain what transformations? AFAIK it can handle even ZKM's opaque predicate insertion, which happens (happened?) to be the best flow obfuscation in the game. – Shona 23/6, 2012 at 5:25

Fernflower is back, kids! – Unctuous 11/4, 2016 at 19:56

Recommended topics

Hot tags