end of year review 2009 - decompiling java
If you can't read please download the document
DESCRIPTION
Decompilation of Java bytecode is the act of transforming Java bytecode to Java source code. Although easier than that of decompilation of machine code, problems still arise in Java bytecode decompilation. These include type inference of local variables and exception-handling.We evaluate the currently available Java bytecode decompilers using an extension of the criteria used in a previous original study. Although there has been a slight improvement since this study, it was found that none passed all of the tests, each of which were designed to target different problem areas.Decompilation is a problem for the software industry, with the global revenue loss due to software piracy estimated to be more than $50 billion in 2008. There are decompilation resistance techniques, including code obfuscation and software watermarking, which can be effective in the context of Java decompilers.Code obfuscation has the useful side-effect of causing many Java decompilers to fail when applied to Java bytecode, while other techniques decrease the possibility of code understanding. Software watermarks can be used to prove ownership of stolen software, and are usually used in conjunction with obfuscation to provide better protection. Many obfuscations and watermarks are easily removed rendering their protection useless.TRANSCRIPT
- 1. Decompiling Java James Hamilton 0 1 0 0 0 0 1 1 0 1 1 0 0 0 1 0 0 1 1 0 1 0 1 0 0 1 0 1 0 1 0 1 1 0 0 1 0 0 0 1 1 1 0 1
2. computer programs software companies sell theexecutableversion of their program but keep thesource codesecret software theives want the source code to change and re-sell 000101010101010110111111010110110 010100101101010110101010101010100 101001010101010101010101010111111 101001000000010101010101010101010 101001010101111111101010101110001 softwarecompany softwaretheif 3. stealing computer programs bydecompilation software theives may attempt todecompilean executable program to access the source code softwarecompany softwaretheif 4. Java bytecode Java bytecode can be generated and manipulated by different tools 5. effectiveness of current Java decompilers
- 10 decompilers tested 6. 10 programs testing different problem
areas
- 6javacgenerated 7. 4 abitrary
- effectiveness scale
8. effectiveness of current Java decompilers - results 9. protecting computer programs usingcode obfuscation software companies may obscure their programs to protect from decompilation softwarethievesfind it difficult to understand and decompile programs 00010101010101!&^%&01111010110110 010^%$&&$101011010101010$%$00 10100101$%$^$%&!*)(*^&$%01111 10%$&%$000010101010^&%!10101010 10100101$$&^**^%%((!$1010^01110001 softwarecompany softwarethief 10. protecting computer programs usingsoftware watermarking software companies can hide marks in their softwaree.g. copyright notices, end-user identifcation does not prevent copying but provides a way to prove ownership 000101010101010110111111010110110 010100101COPYRIGHT1010101010100 10100101010USER01010101010111111 101001000000JAMES010101010101010 101001010101111111101010101110001 softwarecompany softwarethief 11. stealing programs usingprogram slicing softwarethievesmaysliceprograms to remove obfuscationsand watermarksand reveal only the useful parts softwarecompany softwarethief 12. research questions
- how can we improve decompilers? 13. is it possible to create a perfect decompiler? 14. what obfuscations and watermarks could be applied to computer programs to hinder decompilation and software theft? 15. how effective are such obfuscations and watermarks? 16. what are the ways in whichadversariescould attack obfuscations and watermarks? 17. how can we use this knowledge to create secure programs?
softwarecompany softwarethief 18. questions?