|
|
Featured White Papers
Sponsored Links
Sponsored Links
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Java decompilers compared
Our detailed examples of how 3 top decompilers handle an extensive test suite will help you determine which, if any, meet your needs
The object of a Java decompiler is to convert Java class files into Java source code. In the chaotic world of software development there are many reasons, legitimate and otherwise, to wish for such a tool. Decompilers can save the day when you have the binary for your own code, but have misplaced or otherwise lost the corresponding source code. On the other hand, decompilers are the prized components of any good software piracy kit. Most often, however, decompilers help programmers clarify poor documentation (one decompiled function is worth a thousand words) or provide a means for creating not-yet-written documentation. When was the last time you thought the documentation for any software was complete and correct?In any case, the transparent and information-rich structure of Java class files -- a feature that makes Java's dynamic linking much better than previous models -- also makes such tools particularly easy to build. In fact, there is an arms race brewing between decompilers and so-called obfuscators, which profess to provide Java code some measure of protection from decompilers. In essence, obfuscators remove all non-essential symbolic information from your class files and, optionally, replace it with fake symbolic information designed to confuse the decompiler. Crema, the companion obfuscator to the Mocha decompiler, was examined in detail in the December issue of JavaWorld. (See the Resources section at the end of this column for a link to this article and to several obfuscator products.)
Product overview
I'll be reviewing three Java decompilers in this article: DejaVu, Mocha, and WingDis. These products are the only commercial decompilers I'm aware of, but surely there are more to come.- DejaVu, distributed as part of Innovative Software's OEW for Java development environment, appears to be completely independent
of it. DejaVu is available on a trial basis for free.
- Mocha, the first and most widely known decompiler, is free. Although Mocha's creator, Hanpeter van Vliet, met with an untimely
demise, you can still obtain a copy of the program free of charge on the Web. An official descendant of Mocha will probably
be commercially available before long.
- WingDis version 2.06, a product from WingSoft, is available free as a crippled demo version and as a time-limited fully capable trial version. The full version costs 9.95.
See the Resources section at the end of this article for more information on where to find each of these products.
Each of these tools is 100% Pure Java, so the essential distribution consists of a Java class library and instructions to invoke it. They're all a little quirky to set up and use, a characteristic shared by many standalone Java applications.
These are all command-line-oriented tools, so the most practical way to invoke them is to embed the detailed class path and other invocation instructions in a command file. Unfortunately, there is no standardized way to do this; the details vary depending on your choice of operating system. However, once you've conquered the setup, the decompilers easily produce output that is virtually compiler-ready.
- Feedback
Resources
- Although Hanpeter van Vliet's site no longer exists, Eric Smith has set up this site for free Mocha distribution:
http://www.brouhaha.com/~eric/computers/mocha.html - Download the demo version of WingDis and get information about the full version:
http://www.wingsoft.com/products.shtm - Innovative Software's OEW for Java development environment includes the DejaVu decompiler. Check out this site for complete
information:
http://www.isg.de/OEW/Java/ - For those of you who are suspicious of decompilers, read Qusay H. Mahmoud's "Protect your bytecodes from reverse engineering/decompilation"
to find out how the Crema obfuscator can help protect your Java code from decompilers such as Mocha:
http://www.javaworld.com/javatips/jw-javatip22i.html - If you're one of those who verbally abuse
goto, I encourage you to read Edsger W. Dijkstra's classic paper, Go To Statement Considered Harmful:
http://www.acm.org/classics/oct95/ - If you'd like to check out the available obfuscator programs, here are the few I know of:
- Crema, the original companion of Mocha:
http://java.cern.ch:80/CremaE1/DOC/index.html - Jshrink, a Java shrinker/obfuscator:
http://www.e-t.com/jshrink.html - Hashjava, a free Java obfuscator:
http://www.sbktech.org/hashjava.html - I wasn't kidding when I said there was an arms race brewing between decompilers and obfuscators. Take a look at HoseMocha,
a Java application designed to stop Mocha in its tracks, to see what I mean:
http://www.math.gatech.edu/~mladue/HoseMocha.java
Sponsored Links
Java out of memory error? Use heaps up to 512GB without GC pauses. Click here for pauseless GC white paper.
Kendo UI is everything you need to build HTML5 sites and mobile apps
File APIs for Programmers: DOC, XLS, PPT, PDF & more. Try a free trial.
Jelastic - next gen Java PaaS. No code changes required. Try FREE now!
Managing Apps in the Cloud is a breeze with New Relic. See for yourself.
Web hosting reviews for you to choose a better host
ManageEngine: End-to-End Java Performance Management. Download Product Now!
About Us | Advertise | Contact Us | Terms of Service/Privacy | AdChoices
Copyright, 2006-2012 Infoworld, Inc. All rights reserved.