 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / November 2007decompiling class files
In switch machines I lost a critical set or source code but I still have the .class files is there anyway decompile them and/or make my life a little easier instead of a ground up rewrite (will take maybe 4 hours) On Nov 1, 3:49 pm, "Aryeh M. Friedman" <Aryeh.Fried...@gmail.com> wrote: > In switch machines I lost a critical set or source code but I still > have the .class files is there anyway decompile them and/or make my > life a little easier instead of a ground up rewrite (will take maybe 4 > hours) JAD (http://www.kpdus.com/jad.html) is pretty common dis-assembler for Java class files. -cheers, Manish > In switch machines I lost a critical set or source code but I still > have the .class files is there anyway decompile them and/or make my > life a little easier instead of a ground up rewrite (will take maybe 4 > hours) JAD http://www.kpdus.com/jad.html Arne On Thu, 01 Nov 2007 22:49:15 -0000, "Aryeh M. Friedman" <Aryeh.Friedman@gmail.com> wrote, quoted or indirectly quoted someone who said : >In switch machines I lost a critical set or source code but I still >have the .class files is there anyway decompile them and/or make my >life a little easier instead of a ground up rewrite (will take maybe 4 >hours) see http://mindprod.com/jgloss/decompiler.html you won't get your comments back or your local variable names.  SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com On Thu, 01 Nov 2007 22:49:15 -0000, "Aryeh M. Friedman" <Aryeh.Friedman@gmail.com> wrote, quoted or indirectly quoted someone who said : >In switch machines I lost a critical set or source code but I still >have the .class files is there anyway decompile them and/or make my >life a little easier instead of a ground up rewrite (will take maybe 4 >hours) see http://mindprod.com/bgloss/backup.html SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com > On Thu, 01 Nov 2007 22:49:15 -0000, "Aryeh M. Friedman" > <Aryeh.Friedman@gmail.com> wrote, quoted or indirectly quoted someone [quoted text clipped - 6 lines] > > see http://mindprod.com/bgloss/backup.html I'll bet it takes longer than four hours to decompile and work out all the kinks. SignatureLew > > On Thu, 01 Nov 2007 22:49:15 -0000, "Aryeh M. Friedman" > > <Aryeh.Fried...@gmail.com> wrote, quoted or indirectly quoted someone [quoted text clipped - 11 lines] > -- > Lew Took 45 mins with jad Lew wrote: >> I'll bet it takes longer than four hours to decompile and work out all the kinks. > Took 45 mins with jad That is very impressive. I will look into this Jad thing. Does it do Java 6? It doesn't look like any of the ones mentioned on mindprod.com are new enough to handle Java 6. I do see that > since the version 1.5.6 it's no longer free for commercial use. > ... At the same time, Jad can be used freely for personal needs > in a commercial or non-commercial environments. So the loss of comments and local variable names wasn't a problem? What about all the Javadocs? How long did it take to redo those? SignatureLew > Lew wrote: >>> I'll bet it takes longer than four hours to decompile and work out [quoted text clipped - 15 lines] > > So the loss of comments and local variable names wasn't a problem? If the .class file was compiled for debug, jad will preserve local variable names. > Lew wrote: > >> I'll bet it takes longer than four hours to decompile and work out all the kinks. [quoted text clipped - 6 lines] > It doesn't look like any of the ones mentioned on mindprod.com are new enough > to handle Java 6. No I had to redo the generics by hand and thats why it was 45 mins not 15. (I will at some point have to go back and rename/restyle stuff also) > I do see that > [quoted text clipped - 3 lines] > > So the loss of comments and local variable names wasn't a problem? If your goal is to get back your work without having to do an other debug cycle yes... but if it is maintain the complete formating of the orginal code oh well. > What about all the Javadocs? How long did it take to redo those? That is part of the renaming/restyling but in my case it is only 10 classes and about 3 methods each so it was pretty fast. > No I had to redo the generics by hand and thats why it was 45 mins not > 15. (I will at some point have to go back and rename/restyle stuff > also) So the 45 minutes is not true. I was counting the rename/restyle in my estimate of how long it would take. SignatureLew >> No I had to redo the generics by hand and thats why it was 45 mins not >> 15. (I will at some point have to go back and rename/restyle stuff >> also) > > So the 45 minutes is not true. I was counting the rename/restyle in my > estimate of how long it would take. I repeat: > What about all the Javadocs? How long did it take to redo those? SignatureLew >>> No I had to redo the generics by hand and thats why it was 45 mins not >>> 15. (I will at some point have to go back and rename/restyle stuff [quoted text clipped - 5 lines] > I repeat: >> What about all the Javadocs? How long did it take to redo those? There are two milestones in this sort of recovery: 1. Getting to the point of having source code that can compiled, supporting continued development in other parts of the system. 2. Being fully whole, with meaningful identifiers, javadocs, etc. Milestone #1 could be on the critical path for current development. In that case, I would look for the fastest way to achieve it, even if it is not necessarily any faster at getting to milestone #2. The remaining work needs doing, but can be done on a less urgent basis, perhaps as part of a refactoring pass. Patricia >>>> No I had to redo the generics by hand and thats why it was 45 mins >>>> not 15. (I will at some point have to go back and rename/restyle stuff [quoted text clipped - 18 lines] > remaining work needs doing, but can be done on a less urgent basis, > perhaps as part of a refactoring pass. It's not obvious to me that the "four hour" estimate was for milestone 2 rather than milestone 1. The other advantage of the decompilation route is that it's much less likely to introduce subtle changes in behavior than rewriting from scratch would be. Patricia Shanahan wrote: >> There are two milestones in this sort of recovery: >> [quoted text clipped - 8 lines] >> remaining work needs doing, but can be done on a less urgent basis, >> perhaps as part of a refactoring pass. Excellent points, and convincing. > It's not obvious to me that the "four hour" estimate was for milestone 2 Sorry, it was meant to represent complete recovery of the class. It never occurred to me that a partial recovery could be acceptable, or I'd've accounted for that possibility. I also hadn't known how easy Jad was to use, as I mentioned upthread. So even though I meant milestone #2 (not being aware that there was an earlier milestone), I was still wrong. > rather than milestone 1. The other advantage of the decompilation route is > that it's much less likely to introduce subtle changes in behavior than > rewriting from scratch would be. Another good point. SignatureLew > It doesn't look like any of the ones mentioned on mindprod.com are new > enough to handle Java 6. Well, I am currently writing a Java decompiler capable of handling Java 6 right now. > What about all the Javadocs? How long did it take to redo those? One of my ideas is to add on a filter that can reproduce the Javadoc comments from the HTML documentation files. Would you like me to tell you when I finish it? SignatureBeware of bugs in the above code; I have only proved it correct, not tried it. -- Donald E. Knuth >> It doesn't look like any of the ones mentioned on mindprod.com are >> new enough to handle Java 6. [quoted text clipped - 6 lines] > One of my ideas is to add on a filter that can reproduce the Javadoc > comments from the HTML documentation files. What about generating empty Javadoc descriptions of all the methods? (assuming there's enough debug information present to get the parameter names right.) Speaking of which, I'd assumed a decompiler like jad wuld only find local variable names when the java file was compiled -g, but I see them being correct even with -g:none. Is the local variable table always present? On Nov 2, 5:13 pm, "Mike Schilling" <mscottschill...@hotmail.com> wrote: > >> It doesn't look like any of the ones mentioned on mindprod.com are > >> new enough to handle Java 6. [quoted text clipped - 10 lines] > (assuming there's enough debug information present to get the parameter > names right.) Even if the names are not quite right you will have all your @params, @returns and @throws so that will help a lot for large projects (global search and replace is your friend) Related question how can I prevent customers from decompiling (at least in a understandable way) my code when I send it to them (most of the time this doesn't matter since almost all my work is community oriented [i.e. a blending of open-source and money]) > Related question how can I prevent customers from decompiling (at > least in a understandable way) my code when I send it to them (most of > the time this doesn't matter since almost all my work is community > oriented [i.e. a blending of open-source and money]) How likely are your customers to do that, what is the risk if they do, and how could you mitigate that risk without obfuscating your code? SignatureLew > > Related question how can I prevent customers from decompiling (at > > least in a understandable way) my code when I send it to them (most of > > the time this doesn't matter since almost all my work is community > > oriented [i.e. a blending of open-source and money]) > > How likely are your customers to do that Depends on their honesty because for the most part they are other Java coders. > , what is the risk if they do, In the only case that matters it could invalidate a pending patent application (for a search algorithem that is O(1) for time and space). In all other cases the source comes along with the product (even the trial versions).... see http://www.flosoft-systems.com/blogs/aryeh/index.php (first three enteries) > and how > could you mitigate that risk without obfuscating your code? No amount of obfuscating will deter a determined customer (one who wants to avoid the per unit fee associated with linking against my code) > In the only case that matters it could invalidate a pending patent > application (for a search algorithem that is O(1) for time and space). How could it invalidate the patent if they're taking your code to do it? IANAL so I really would like to understand this. How is it that patent holders can come after people who've been using their stuff while the patent was pending? Because they most assuredly have, even for clean-room implementations. > No amount of obfuscating will deter a determined customer (one who > wants to avoid the per unit fee associated with linking against my > code) So why obfuscate? Your honest customers won't hack, and your dishonest ones won't let obfuscation stop them. Wouldn't lawyers be a better deterrent? I worked for one company, for example, that gave proprietary source code with their product under a non-disclosure agreement. Customers occasionally violated the non-disclosure; when they did we found out and took a lot of money from them. SignatureLew > > In the only case that matters it could invalidate a pending patent > > application (for a search algorithem that is O(1) for time and space). [quoted text clipped - 5 lines] > was pending? Because they most assuredly have, even for clean-room > implementations. Two reasons: 1. There is a one year time frame to file a patent after the concept is "published" and source code (regardless of how accessed) is "publishing" 2. Since I am a one person firm and very under funded (i.e. I am still at the point of borrowing money to put food on the table sometimes) in order to fund the patent process (about $20k) I need to license some aspects of the algorithm (under NDA's). 3. Once patented I plan to release some aspects of it with open source (not FOSS but the model I mentioned before) under a do not-modify and re-release independant of me license... i.e. the user can make local modifications but can not distrubute them... this is only on the patented portions all other portions will be much more liberal. > > No amount of obfuscating will deter a determined customer (one who > > wants to avoid the per unit fee associated with linking against my [quoted text clipped - 7 lines] > violated the non-disclosure; when they did we found out and took a lot of > money from them. I was thinking of using some form of public key system to encrypt the code the license server or what ever fetches either the public or private key (for this purpose they are interchangeable) from a server in order to make the code executable.... now no amount of this will prevent someone from say hooking a logic anaylizer up to the address and data buses and decoding the instruction cycle... but short of that I want to make it hard > 3. Once patented I plan to release some aspects of it with open source > (not FOSS but the model I mentioned before) under a do not-modify and > re-release independant of me license... i.e. the user can make local > modifications but can not distrubute them... this is only on the > patented portions all other portions will be much more liberal. I recommend that you do not call it "open source" unless it meet OSI definition of that word. To avoid confusion both about open source and your license. Arne On Nov 2, 8:20 pm, Arne Vajh?j <a...@vajhoej.dk> wrote: > > 3. Once patented I plan to release some aspects of it with open source > > (not FOSS but the model I mentioned before) under a do not-modify and [quoted text clipped - 4 lines] > I recommend that you do not call it "open source" unless it meet > OSI definition of that word. I call it that only for convince when referring to it by short hand.... matter of fact the community of like minded developers I mentioned in blog would probably yell at me more then you are for doing it. > I was thinking of using some form of public key system to encrypt the > code the license server or what ever fetches either the public or [quoted text clipped - 3 lines] > and data buses and decoding the instruction cycle... but short of that > I want to make it hard If your program is to be run as a normal Java program, then the startup code need to be standard Java byte code. The rest of the code need to be decrypted to standard Java byte code by the starup code for it to run. So the bad guys decompile the startup code, modifies it to save a copy of the decrypted byte code on disk. Which can then be decompiled and all license and integrity checks be removed. Hopeless. Arne >> I was thinking of using some form of public key system to encrypt the >> code the license server or what ever fetches either the public or [quoted text clipped - 11 lines] > of the decrypted byte code on disk. Which can then be decompiled and > all license and integrity checks be removed. I presume that it wouldn't be hard to take an open-source JVM (of which there are many) and modify it to save a loaded class's bytecode to disk. Run the result through your hand-dandy decompiler, and Bob's your uncle. >> I was thinking of using some form of public key system to encrypt the >> code the license server or what ever fetches either the public or [quoted text clipped - 11 lines] >of the decrypted byte code on disk. Which can then be decompiled and >all license and integrity checks be removed. A piece of cake. >Hopeless. > >Arne SignatureThe most powerful Usenet tool you have ever heard of. NewsMaestro v. 4.0.6 - Dictionary Update/Expert Mode has been released. * Significant improvement in symbol substitution mechanism for verb tense and plurals. * Expert mode. * Miscellaneous improvements and bug fixes. * Templates generator improvements. * Multi-job support. Note: In some previous releases some class files were missing. As a result, the program would not run. Sorry for the inconvenience. Web page: http://newsmaestro.sourceforge.net/ Download page: http://newsmaestro.sourceforge.net/Download_Information.htm Send any feedback, ideas, suggestions, test results to newsmaestroinfo \at/ mail.ru. Your personal info will not be released and your privacy will be honored. On Nov 3, 12:56 am, "Aryeh M. Friedman" <Aryeh.Fried...@gmail.com> wrote: > > > In the only case that matters it could invalidate a pending patent > > > application (for a search algorithem that is O(1) for time and space). [quoted text clipped - 5 lines] > > was pending? Because they most assuredly have, even for clean-room > > implementations. The whole patent system has nothing to do with logic. It is something to keep lawyers busy. > Two reasons: Maybe one should mention that the patent process is different in different countries. IANAL, too, but see for an overview http://en.wikipedia.org/wiki/First_to_file_and_first_to_invent > 1. There is a one year time frame to file a patent after the concept > is "published" and source code (regardless of how accessed) is > "publishing" Something like http://en.wikipedia.org/wiki/On-sale_bar ? > Related question how can I prevent customers from decompiling (at > least in a understandable way) my code when I send it to them (most of > the time this doesn't matter since almost all my work is community > oriented [i.e. a blending of open-source and money]) Almost all of the obfuscators I have seen are almost trivial to crack, given a mediocre optimizer, which only does constant value propagation and dead code elimination, and a good refactorer. I gave some of my ideas for more powerful obfuscations in news:29OVi.4055$BD.3030@trndny06 (Subject: Re: Access the classes JAR file as a ZIP?, Date: Oct. 31, 2007). Most of these revolve around either making statements invalid in the JLS but valid in the Java VM spec, or taking advantage of obscure notes in the VM instruction set. SignatureBeware of bugs in the above code; I have only proved it correct, not tried it. -- Donald E. Knuth Lew wrote: >>> What about all the Javadocs? How long did it take to redo those? Joshua Cranmer wrote: >> One of my ideas is to add on a filter that can reproduce the Javadoc >> comments from the HTML documentation files. >> >> Would you like me to tell you when I finish it? Yes, please. > What about generating empty Javadoc descriptions of all the methods? > (assuming there's enough debug information present to get the parameter > names right.) Good idea. SignatureLew > In switch machines I lost a critical set or source code but I still > have the .class files is there anyway decompile them and/or make my > life a little easier instead of a ground up rewrite (will take maybe 4 > hours) Decompilers exist, but you'd have to google around (for "java decompiler"), download one, install it, spend some time getting familiar with it, etc. And after you were done, you'd have only the .java files - you'd still have to recreate the IDE project, ant file, or whatever other build environment you used for it. You'd be just as well off doing the four-hour rewrite, IMHO. sherm-- SignatureWeb Hosting by West Virginians, for West Virginians: http://wv-www.net Cocoa programming in Perl: http://camelbones.sourceforge.net > > In switch machines I lost a critical set or source code but I still > > have the .class files is there anyway decompile them and/or make my [quoted text clipped - 8 lines] > > You'd be just as well off doing the four-hour rewrite, IMHO. Took 45 mins with Jad. Very obvious command line interface (jad *.class) and then just some file manipulation to move it back to the right location.... Since I don't use an IDE it was probably easier then typical Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.