|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Java class obfuscation
From: Nicolas RUFF (lists) <ruff.lists(at)edelweb.fr>
Date: Mon Jun 23 2003 - 05:06:11 EDT
>> You can't obfuscate java interpreted byte code just like
Security Consultant
EdelWeb (http://www.edelweb.fr/)
Received on Mon Jun 23 11:36:39 2003
Date: Mon Jun 23 2003 - 05:06:11 EDT
> northern snowfall wrote: >>> I was wondering if anyone has any documents compairing the different >>> java class / method obfusction tools that are available. >>> I am in particular currious to know about the ones that are very easy >>> to bypass vs. those that are extremely difficult.
>> You can't obfuscate java interpreted byte code just like
Hi all,
Sure, basic bytecode obfuscation is known to be reversible and to cause trouble depending on your JVM (Sun, Microsoft, Netscape, Symantec, ...).
Even if you cannot make the code unreadable, you certainly can make it unusable by a human reader. I recently had a look at Citrix Java ICA Client, and they use at least the following techniques :
- Replace all variables by letters (a, b, c, ...)
- Use the same variable names in all scopes (global, class local, function local, ...) => you cannot substitute variable names with a find/replace tool that is not aware of Java language grammar
- Replace variables by language keywords when possible (after byte-code generation, variable names are not restricted by the JVM) => you cannot recompile the code
- And so on ...
Believe me, such obfuscated code is really hard to understand.
PS. AFAIK, native CPU machine code encryption is part of the TCPA/NGSCB project ...
Regards,
- Nicolas RUFF
Security Consultant
EdelWeb (http://www.edelweb.fr/)
Received on Mon Jun 23 11:36:39 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |