Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering [Paperback]

Alex Kalinovsky (Author)

Book Description

Publication Date: May 13, 2004

As a Java developer, you may find yourself in a situation where you have to maintain someone else's code or use a third-party's library for your own application without documentation of the original source code. Rather than spend hours feeling like you want to bang your head against the wall, turn to Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering. These techniques will show you how to better understand and work with third-party applications. Each chapter focuses on a technique to solve a specific problem, such as obfuscation in code or scalability vulnerabilities, outlining the issue and demonstrating possible solutions. Summaries at the end of each chapter will help you double check that you understood the crucial points of each lesson. You will also be able to download all code examples and sample applications for future reference from the publisher's website. Let Covert Java help you crack open mysterious codes!

Editorial Reviews

From the Inside Flap

Buzz about Covert Java

"Covert Java" provides a fascinating and look at behind the scenes Java development tactics that are usually the domain of seasoned veterans. Definitely a read for those who want to master Java.

--Floyd Marinescu, Author, EJB Design Patterns; General Manager & founder of TheServerSide Communities.

Every now and then, a Java book comes along that you must add to your library. "Covert Java" is one of those books.

"Covert Java" explores the topic of hacking Java code -- to solve problems, not to create them. The author explores various hacking techniques, such as class decompilation, patching, and logic tracing; as well as tools (such as FAR and JODE) for simplifying the hacking experience. A variety of "Stories from the Trenches" provides real-life experiences where hacking techniques were needed to save projects from disaster. The end-of-chapter quizzes help you master the book's wealth of valuable and useful information.

This is a book for the good guys, so miscreants beware. The author has done a fantastic job exploring a delicate subject. For all Java developers, especially developers involved in J2EE and other intense Java projects, "Covert Java" is a must-have book. I heartily recommend it.

--Jeff Friesen, author and columnist, JavaWorld's "Java 101"

The first book on hacking software written specifically for the Java developer. 2500 years ago, the great general Sun Tzu said, "If you know the enemy and know yourself, you need not fear the result of a hundred battles." If you're a Java developer, this book is a giant step toward knowing your enemy.

--Kevin Bedell, Editor-in-Chief, LinuxWorld; co-author, "Struts Kick Start," "Programming Apache Axis"

"Covert Java" goes beyond the advanced topics, discussing those things that only hardcore programming gurus know (decompiling, security, bytecode hacking, etc). I wish I had read this book at the beginning of my carreer. It would have saved me countless hours of 'learning the hard way'.

I'm glad that someone finally has the courage to write such a book. "Covert Java" is full of controversial, nontrivial, and incredibly useful information. This book fills a void in the Java programming space that no other books can fill.

--Emmanuel Proulx, Web Developer; WebLogic 7 Certified Engineer

"Covert Java" is all about getting under the hood of Java applications; from manipulating the VM to eavesdropping on JDBC. A very practical guide, it gives you the techniques and tools to understand how Java works at the bytecode level and why this is important.

--Craig Pfeifer, Senior Technical Consultant, Impact Innovations Group

The authors did a great job describing useful techniques and tools to solve real application problems using intrusive techniques in java environment. A must read for anyone looking to solve real application problems or to understand a specific protocol implementation.

--Krishna V.S. Chaganti, Senior J2EE Architect and co-author, "J2EE Developer’s Handbook"

The author is revealing information that is unknown to the common Java programmer and it should scare them to death: the author describes how to decompile and hack classes, circumvent security and licensing mechanisms, and intercept seemingly "secure" communications. This information and the tools he describes have been around in hacking circles for years, but by bringing this information public, he teaches us to be better programmers, to write stronger and more secure software!

--Steven Haines, author and J2EE evangelist, Quest Software

From the Back Cover

As a Java developer, you may find yourself in a situation where you have to maintain someone else's code or use a third-party's library for your own application without documentation of the original source code. Rather than spend hours feeling like you want to bang your head against the wall, turn to Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering. These techniques will show you how to better understand and work with third-party applications. Each chapter focuses on a technique to solve a specific problem, such as obfuscation in code or scalability vulnerabilities, outlining the issue and demonstrating possible solutions. Summaries at the end of each chapter will help you double check that you understood the crucial points of each lesson. You will also be able to download all code examples and sample applications for future reference from the publisher's website. Let Covert Java help you crack open mysterious codes!

See all Editorial Reviews

Product Details

• Paperback: 288 pages
• Publisher: Sams (May 13, 2004)
• Language: English
• ISBN-10: 0672326388
• ISBN-13: 978-0672326387
• Product Dimensions: 9 x 7.3 x 0.7 inches
• Shipping Weight: 13.6 ounces
• Average Customer Review: 3.8 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #765,267 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

15 of 19 people found the following review helpful:

5.0 out of 5 stars Learn what the hackers know, so that you can fight them, July 7, 2004

By 

Charles Ashbacher (Marion, Iowa United States) - See all my reviews
(TOP 500 REVIEWER)    (VINE VOICE)    (HALL OF FAME REVIEWER)   

This review is from: Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering (Paperback)

I know that I am reading a high quality computer book when I absolutely have to stop and try the code examples. When I have to download a tool in order to execute the code, then it truly is a book to behold. That happened with this book. As I began reading chapter 2 on decompiling Java bytecode, I immediately went online and downloaded some of the tools. It was a fascinating and also disturbing experience. Java bytecode is of course not in a machine-specific executable form, so it is relatively easy to reconstruct the original source code. From this point on, examples of decompiling Java bytecode will be part of my class on computer security.
The topic of chapter 3 is obfuscating classes, something that I already cover in my security class. However, I derived several new ideas for examples from this section. Chapter 4, "Hacking Non-public Methods and Variables of a Class" was one I found fascinating, although somewhat obvious in retrospect. For years, I have used an example of accessing the private components of a C++ object in my classes, and now I will be dong something similar in my Java classes.
Chapter 7, "Manipulating Java Security", which demonstrated how easy it is to bypass security checks, was fascinating, another demonstration of the level of vigilance needed to keep our computers safe from the malicious entities. The remaining chapters are:

* Chapter 5 Replacing and patching application classes.
* Chapter 6 Using effective tracing.
* Chapter 8 Snooping the runtime environment.
* Chapter 9 Cracking code with unorthodox debuggers.
* Chapter 10 Using profilers for application runtime analysis.
* Chapter 11 Load-testing to find and fix scalability problems.
* Chapter 12 Reverse engineering applications.
* Chapter 13 Eavesdropping techniques.
* Chapter 14 Controlling class loading.
* Chapter 15 Replacing and patching application classes.
* Chapter 16 Intercepting control flow.
* Chapter 17 Understanding and tweaking bytecode.
* Chapter 18 Total control with native code patching.
* Chapter 19 Protecting commercial applications from hacking.

There is no doubt that there is enough knowledge in this book to allow you to hack Java applications. Therefore, there will be those who consider it dangerous. My opinion is that someone with the hacker mentality will find the knowledge and use it. To criticize a book because it concentrates the knowledge misses the point of how hackers should be battled. To defeat hackers you must learn how to hack code and perform due diligence by making all the changes that will make it hard to do.
I learned a great deal from this book. Some of it was general, in that I had not realized how unsecure Java bytecode is. Most of my new knowledge was specific; I learned many different things that can be done to fix bad code, whether the problems are in code failure or in lack of security.

1 of 2 people found the following review helpful:

4.0 out of 5 stars Esoteric Java island, December 8, 2009

By 

Darko M. (Slovenia) - See all my reviews

This review is from: Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering (Paperback)

Main theme is explanation of many powerful and for some reason not well known techniques in Java. Statement holds even after almost six years since book's publication. These are some highlights:
1. For warming-up: it's quite simple to access non-public methods and variables of class
2. Replacing and patching dependent libraries: sometimes there is no way out but to replace a class in library you don't control. Usually this class will be in jar without source. Process is pretty straightforward if not trivial: first decompile class(es), then find problematic code, patch it in your class with the same name, and then assure it will be called before original class (which need not be removed), and if recommended, new class and original class (with jar) should have same classloader. Example from my experience: patching class from JSF library.
3. Why to write custom classloader? To enable hot deployment, to load classes out of classpath (network, database, some special location in file system), and most advanced, to bytecode augment existing classes.
4. Bytecode manipulation: it's surprising how much can be done with this tecnique. Even if java bytecode is not exactly readable, it is structured according to Sun specifications and there are some Java libraries (BCEL, Javassist ..) that make bytecode tweaking more high-level, so essentially becomes just Java programming against BCEL (Javassist) API. Heavily used in Spring project and in AOP implementations.
5. Focus on (production) runtime: profiling and load testing - this is usually not top priority for Java programmers, so many times this is no one's top priority, with bad consequences.
To sum up: great book for seasoned developers.

2 of 4 people found the following review helpful:

1.0 out of 5 stars Waste of money, September 10, 2006

By 

gail "gsssss" (East Coast) - See all my reviews

This review is from: Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering (Paperback)

Very little useful information that can't be found through free resources on the web or your own investigations. The book jumps from topic to topic providing only a cursory look at basic investigitory techniques. I'm amazed it got published at all given the rather sophomoric approach to a difficult subject. I was expecting detailed strategy and tactics for decompiling java classes and instead ended up with what reads like someone's blog of ideas or musings on the subject. Not very professional.