Java Reversing

The following is a sample tutorial on Java reversing. The reader must know the architecture and Java JVM asm, however I will report some essentials during the article.

Imagine a JavaScript encoding method that produces files that contain no alphanumeric characters, only symbols such as ‘$’, ‘_’, and ‘+’. It would be difficult to imagine how it could possibly work, but unfortunately one such encoder exists. It is called ‘JJEncode’. A demonstration version is freely available from the author’s website, and has already been used in malware. This article provides a detailed description of how it works.

Notes on Reversing Java - Part 1
Quote  
This tutorial aim is show some simple techniques that can be used to reverse and patching Java target, a first classical approach will be about the class decompilation with JAD and JODE decompiler, then we can move into the JVM (Java virtual machine) analysis and deeper into the bytecode analysis and patching.
In order to fix some concepts a simple Java CrackMe will be explored trough decompilation with the presented tool and bytecode patching by using IDA and Hex Editor.
Of course this topic isn’t new and was also covered into the past by other, but this essay will just point some well know concept and show some more hint about the Java patching, a minimum skill on the Java programming is needed to make code change and understand the program execution flow at the decompiled stage.
Finally some consideration around how to better protect Java coded application was covered.
 
Notes on Reversing Java - Part 2
Quote  
This tutorial aim is show some advanced techniques that can be used to reverse and patching Java target, as usual a real target will be focused on the essay.
Reversing approach will be more technical on the starting because some nice protection techniques are used (we’ve a Java class loader able to load the class byte code from some encrypted file and build the class object into the memory).
The CCK (Class Constructor Kit) will be presented and used to make the bytecode patching without using some HexEditor and the opcode references guide.

Two tool are provided to support the reader during the reversing steps of this target, this simple tools are specialized program able to decrypt/encrypt the class bytecode.
 
Notes on Reversing Java - Part 3
Quote  
This tutorial aim is show some news way to find what is the class or classes to patch in target with package using several class, this technique is also useful when you’ve obfuscated or encrypted class.
The way is based mainly on simple memory searching.
A fast survey was done to proof that class encryption is not a safe practice to protect Java target.
 
 

This tutorial is supposed to be an easy tutorial since cracking JAVA is easy - of course with proper tools. Is not like when we unpack Themida .NET.

In this tutorial I've posted links to homepage of some JAVA obfuscators and Java to exe convertors, you may use these programs to protect some jars and see what these protections do.

This dissertation shows that integration of dynamic and static information aids the performance of reverse engineering tasks. An experimental environment called Shimba has been built to support reverse engineering of Java software systems. The static information is extracted from Java byte code [118]. It can be viewed and analyzed with the Rigi reverse engineering tool [74]. The dynamic event trace information is generated automatically as a result of running the target system under a customized Java Development Kit (JDK) debugger. Information about the dynamic control flow of selected objects or methods can also be extracted. The event trace can then be viewed and analyzed with the SCED tool. To support model comprehension, the models built can be used to modify and improve each other by means of information exchange, model slicing, and building abstractions.

Java programs distributed through Internet are now suffering from program theft. It is because Java programs can be easily decomposed into reusable class files even decompiled into source code by program users. In this paper we propose a practical method discourages program theft by embedding Java programs with a digital watermark. Embedding a program developers copyright notation as a watermark in Java class files will ensure the legal ownership of class files.

Our embedding method is indiscernible by program users, yet enables us to identify an illegal program that contains stolen class files. The result of the experiment to evaluate our method showed most of the watermarks (20 out of 23) embedded in class files survived two kinds of attacks that attempt to erase watermarks: an obfuscactor attack, and a decompile-recompile attack.