Results 1 to 5 of 5

Thread: java obfuscators, which ones?

  1. #1
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430

    java obfuscators, which ones?

    Hi everybody

    I am investigating which is the state of art for the Java obfuscators. Specifically I would understand which have already been compromised o for which exists a de-obfuscator (either manual technique or automatic tool).

    Reading a thesis wrote in March 2011 (http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1160&context=etd_projects) it seems that the best ones were KlassMaster, Proguard and DashO. Proguard seems to be broken now, isn't it? Anyway what about the other two? DashO especially sounds interesting due to its calling-home feature in case of a detected tampering.

    TIA,
    Shub
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  2. #2
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    Hi,

    I would recommend you to use the Allatori Obfuscator. I've been using the commercial Version and it's pretty neat. You can find it here: http://www.allatori.com/

    Nevertheless I have to tell you that currently all Obfuscator are beaten by the dis decompiler: http://java.decompiler.free.fr/?q=jdgui

    That tool is even free and probably the best decompiler for java out there. Although the code resulting from the decompilation process of JD GUI is not runnable at the beginning, but with slight modification and eclipse it is not a problem to reconstruct bytecode to source code.

    Regards,
    OHPen
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  3. #3
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    thanks you mate,
    it seems the string obfuscation algorithm of Allatori has been reversed

    https://www.moparisthebest.com/smf/index.php?topic=238584.0
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  4. #4
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    Ok, i see, but honestly have we expect more than a simple xor encryption !?

    I my opinion more is also not very good because of performance issues arising when you make the string enc/dec too complex. Java is not very fast and so the developer has to have an eye on execution speed...
    if you need proper protection i always recommend to write your own stuff. that is at least what i did and so far nobody break that stuff ( at least i don't know ;DD )

    Regards,
    OHPen
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  5. #5
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    HI I return to this thread because now I need to find a working solution.

    What I did so far is to analyze the performances of Proguard, Allatori and DashO Pro. Proguard is not fine for me because its obfusation is quite trivial: the logic flow is not obfuscated and using latest decompilers you can easily reverse the logic of your java code (there are even some tools to reverse alphabetical method names to real names). It either has no string obfuscation, but this is not a problem because I agree with OHPen that the string obfuscation isn't that important (it takes time and at the end the JVM always need a decoded string, thus it's not su mandatory).

    I also considered Allatori and DashO, their obfuscations are definitely better and the string encryption algos are just partially compromised.

    Beside this I also identified some custom techniques I can use to do a preemptive obfuscation before using these tools, they have been directly taken from some java malware circulating.

    What I was now anyway wondering is that the only really reliable solution would be the code logic flow obfuscation. Any other type of obfuscation (mainly on the bytecode) is soon or later broken. What can really stop me from reversing a java code is to get a totally screwed decompiled code, hard to follow and whose logic is totally scrambled. The statement is then to make the code appear more complicated than it actually is, before bytecode obfuscation.

    So my question is if there's some obfuscator working more on the logic flow rather than on the bytecode. Apparently the Semantic Designs Java Obfuscator could do this work, but it's not available for trial!

    TIA,
    Shub
    Last edited by Shub-nigurrath; June 7th, 2012 at 08:59.
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

Similar Threads

  1. Any way to RCE java with ollydbg?
    By alexopth1512 in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: August 5th, 2010, 17:00
  2. Extracting java classes from exe ?
    By MrSmith in forum Malware Analysis and Unpacking Forum
    Replies: 9
    Last Post: December 17th, 2008, 16:35
  3. java BigInteger
    By neur0n in forum The Newbie Forum
    Replies: 2
    Last Post: November 24th, 2004, 07:43
  4. java reversing
    By jimmy in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: April 30th, 2001, 03:33
  5. java : PE & .class
    By keyser in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 23rd, 2000, 13:45

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •