Web Application Security
JAVA code obfuscation&De-obfuscation Jan 04 2013 11:29AM
vedantam sekhar (vedantamsekhar gmail com) (1 replies)
Re: JAVA code obfuscation&De-obfuscation Jan 28 2013 03:35PM
Yiannis Koukouras (ikoukouras gmail com)
Hi Vedantam,

I don't know if there is any de-obfuscation software out there, but
-if you have the patience and time- you can de-obfuscate it yourself
to a point where you understand what is happening in the application,
IMHO.

The thing is that it will require a lot of time to do it and if you
care about security, this is not the only way to go finding
vulnerabilities in the application.

If you care about intellectual property, I believe that it would be
easier for someone to re-develop the application from scratch, than
manually de-obfuscate it and then copy the code.....unless you have a
kick-ass algorithm in there, that no one else can come up with....or
military grade secrets (which you shouldn't hard code in the first
place).

Cheers,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras

On Fri, Jan 4, 2013 at 12:29 PM, vedantam sekhar <vedantamsekhar (at) gmail (dot) com [email concealed]>
wrote:
>
> Hi Group,
>
> I came across a project to check the code that is obfuscated with Pro
> guard. I was asked to check that, it is not possible to retrieve the
> original code through reverse engineering or any other methods or
> tools.
> Are there any de-obfuscators available(commercial or opensource) for
> JAVA?Any de-obfuscating tools specific to Pro-guard? If there are no
> tools, is it possible to do it manually &how?
>
> Thanks for the help,
>
> Sekhar
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus