Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

De-obfuscation

 
zaeem masood ashar
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
How do I de-obfuscate a code? Any free tools available?
Rgds
Zaeem
 
David Weitzman
Ranch Hand
Posts: 1365
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've done a bit of de-obfuscating by hand, usually just to locate a specific feature though (not reobtaining whole source code). You could probably use any modern IDE/refactoring tool that will update renamed methods, classes, and fields for you. Make sure you stick in comments whenever you figure out what something does. If there's flow obfuscation, may the force be with you.
 
Michael Ernest
High Plains Drifter
Sheriff
Posts: 7292
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are free tools out there. I can tell you such a thing called mocha exists, but there's enough legal trouble surrounding its distribution that you should search for it yourself. In short, Symantec has been trying for years to apply legal pressure on mocha's author. You can get it, though, if you look.
For something less controversial, try JODE.
------------------
Michael Ernest, co-author of: The Complete Java 2 Certification Study Guide
 
Jason Kretzer
Ranch Hand
Posts: 280
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Another good one is called JAD. It does fairly well and easy to use.

------------------
Jason R. Kretzer
Software Engineer
http://alia.iwarp.com
 
David Weitzman
Ranch Hand
Posts: 1365
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Wait a second, are we talking about decompiling or de-obfuscating?
 
zaeem masood ashar
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
we are talking about de-obfuscating an already obfuscated code!!
 
David Weitzman
Ranch Hand
Posts: 1365
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's what I thought. Anyway, de-obfuscation is hard work (that's why people obfuscate things!). There isn't a simple way or tool. You just have to carefully examine what code does and what String constants are nearby to come up with good comments and method/field/class names. A lot of information is lost in the obfuscation process and you shouldn't hope to discover it all. Always keep the reason you're trying to de-obfuscate in mind so you can try to ignore that parts of the program that don't matter.
 
Jason Kretzer
Ranch Hand
Posts: 280
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
DOH! My fault. Sorry about that. JAD is a decompiler.
Sincerest apologies.

------------------
Jason R. Kretzer
Software Engineer
http://alia.iwarp.com
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic