Decompiling Java (Hardcover)

~ (Author)
Key Phrases: protecting your source, code attribute, attribute value index, Decompiler Implementation, Attribute Count, Visual Basic (more...)

Editorial Reviews

Product Description

Fascinated by the Java lady? Ever wanted to ask her out but never dared to? Get this book and take a shot. <i>Decompiling Java</i> is a worthwhile guide to this exotic niche in the Java landscape.</a></p> </blockquote> <p id="quoteAuthor">&#8212; Bill Simons, Member, Denver JUG </p></div>

<p>Both Java and .NET use the idea of a "virtual machine," or VM. And while VMs are useful for some purposes, they undermine the security of your source code, because creation can be reversed, or "decompiled." Which makes this one-of-a-kind book extremely useful: you must understand decompilation, to properly protect your intellectual property. <p>

For example, how secure is your code after you run an obfuscator? The book will answer questions like this, and provide more thorough information about Java byte codes and the Java Virtual Machine (JVM) than any other book on the market. This book redresses the imbalance by providing insights into the features and limitations of today's decompilers and obfuscators, and offering a detailed look at what JVM's actually do.

About the Author

Godfrey Nolan is president of RIIS LLC, where he specializes in website optimization. He has written numerous articles for magazines and newspapers in the United States, the United Kingdom, and Ireland. Nolan has had a healthy obsession with reverse engineering bytecode since he wrote <i>Decompile Once, Run Anywhere</i>, which first appeared in <i>Web Techniques</i> in September 1997.

Product Details

• Hardcover: 280 pages
• Publisher: Apress; 1 edition (July 23, 2004)
• Language: English
• ISBN-10: 1590592654
• ISBN-13: 978-1590592656
• Product Dimensions: 9.3 x 7.2 x 0.9 inches
• Shipping Weight: 1.5 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (10 customer reviews)
• Amazon.com Sales Rank: #374,316 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

3.0 out of 5 stars Weak on decompiler implementation, January 12, 2006

By	Wolfgang Kuehn "wolfgang@decatur.de" (Germany) - See all my reviews (REAL NAME)

What I hoped to learn from the book was an understanding of modern Java decompilation techniques. With respect to this expectation, Nolan's book is a disappointment.

His implementation, though simple, will decompile only the most simple of byte code. Nolan points out that it is difficult to recover all legal control structures offered by Java, but is not so clear about the fact that this will never be possible with his approach (i.e. using syntactical analysis).

A stable decompiler which is able to produce clean code must do some control flow and structural analysis. The book gives no account here.

Regarding the other topics of the book such as obfuscation, legal issues, tool selection and case studies, there are more concise and cheaper books. Simply refer to Amazon's "Customers who bought this book also bought ...".

13 of 16 people found the following review helpful:

5.0 out of 5 stars Fully compile down to assembler binary, September 18, 2004

By	W Boudville (Terra, Sol 3) - See all my reviews (TOP 10 REVIEWER)    (REAL NAME)

Decompilers are something of a black box to most programmers. Not unlike compilers. Actually Nolan shows us that the 2 are very similar in their lexical methods.

In the specific case of Java, this book may well cause unease in the reader, if you program in Java and are worried about protecting your source code. After all, it probably has proprietary methods that are not covered by any patents you might have. While you can copyright the source, Nolan points out that this may not stop someone from decompiling and reimplementing your "secret" methods.

The book shows that the big problem with Java bytecode is that decompilers for it have a far easier time than decompilers for actual assembly code, whatever the specific hardware for the latter. The basic reason is that the bytecode retains extra information that a decompiler can use, whereas assembly does not have this. Like the fact that the bytecode separates data from instructions. A vital simplification to a decompiler.

Nolan shows countermeasures. At the source code level, there are several good obfuscation techniques, described well enough for you to try. And these may be better than buying a commercial decompiler.

Also, Nolan suggests fully compiling your Java into specific assembly binaries. One for each combination of microprocessor and operating system that you need to support. More work. But it makes a decompilation far harder. Besides, these days, you may only have to support a few combinations. The hardware may be a Pentium or a Sparc or an IBM cpu. If a Pentium, then you might only support a recent linux or Microsoft OS on top of it. If a Sparc, then you need only support a recent Solaris. While for an IBM cpu, the only choice is AIX or Apple's OS.

9 of 11 people found the following review helpful:

5.0 out of 5 stars Deep focus, August 5, 2004

By	Robert P. Inverarity (Silicon Valley, California, United States) - See all my reviews

If you're looking at a book on this topic, you may know something about the subject already. You even may have used one of the various decompilers available on the web, perhaps been shocked at the accuracy of the results, and were left wondering a) how it worked and b) how to stop it. You get coherent, comprehensive answers to both. There are three kinds of books about computer security: those that detail the exploitation of weaknesses, those that detail how to fix them, and those that do both. Decompiling Java manages to fall in that last category, so far as its possible for inherently insecure Java code.

Over the course of seven long chapters, Nolan discusses in depth the history of decompilation and reverse engineering (both the legal and illegal kinds), the construction of the Java Virtual Machine, the layout of Java classfile, the various types of obfuscation and code protection techniques (including the creation of a simple obfuscator), and, most importantly and uniquely, the design and implementation of an original decompiler. The book ends with a briefer discussion of a number of case studies.

There's always a danger that hardcore computer books will be deadly dull; thankfully, that's not the case here. The style is light and often amusing. The most difficult chapter is the one detailing the implementation of the decompiler -- it's an especially information-dense chapter that I had to take a few pages at a time. On the other hand, the chapter does show bit-by-bit the construction of a working decompiler, so I suppose it was worthwhile.

If you're interested in writing your own decompiler or in looking at the techniques the existing ones use, this is the book for you. Similarly, if you're interested in developing your own obfuscation solution or selecting in an educated way between the commercial obfuscators and code protection schemes out there, this book discusses them in greater depth than any other resource. Finally, if you're just a low-level software geek like me, you'll find plenty of interesting concepts and ideas to chew over.