Reverse engineering any Java app or applet tut

Java compilation & execution process

When any java program is compiled and executed, It does not directly generate any executable file like it happens in C or C++. First, during compilation java compiler compiles the source code and converts it into Bytecode. After that, this bytecode is executed within the JVM[Java virtual machine]. This came as a boon for programmers as this is what made Java a true platform independent, secure and portable programming language.

Whenever we write a java program it is saved by .java extension. Now after compilation it changes into .class extension which humans cannot read. It can only be read by JVM. When we finally execute the program, this .class file is executed by JVM and the desired output is produced.

 

Java program compilation & execution process.

Java program compilation & execution process.

 

Reverse Engineering any executable java app[.jar]

Chang the extension of the executable file from .jar to .zip. Now we can easily decompress and extract it. You might find one or many .class files there. Since it is not human readable, you can’t read it. Now we have to decompile it to get the source code.

Decompiling the .class file

Jad is a command line Java decompiler written by Pavel Kouznetsov. You can download it from here.

Usage:

  1. Download and unzip jadnt158.zip for Windows 9x/NT/2000 on Intel platform.
  2. The directory where jad.exe is located should be put in your system environment variable PATH.
    e.g.: PATH=..;C:\Tools\jad1.5.8;
  3. To start using jad the following can be entered in a DOS window:
    jadIt displays a list of command line options and how to use jad. An overview of these options can be found in the table below.
    Usage: jad [option(s)] <filename(s)>

4. To decompile a single file, just type:

          jad HelloWorld.class
Jad creates the file HelloWorld.jad

5. To decompile multiple class files, just type:

         jad -o -r -sjava -dsrc bin/**/*.class
Jad decompiles all .class files located in all subdirectories of “bin” and creates output files in subdirectories of  n “src” according to package names of classes.

After decompilation there it would create a .jad file in the same directory. Open that .jad file with notepad. You could see the source code there. Although it doesn’t generate the exact same source code but you can easily get the working of the code. I am providing a sample input and output here.

Jad tool usage screenshot

Jad tool usage screenshot

A simple hello world program

class a
{
public static void main(String args[])
{
System.out.print("Hello world");
}
}

After decompiling it’s .class file[the output from jad tool]

import java.io.PrintStream;

class a
{

a()
{
}public static void main(String args[])
{
System.out.print("Hello world");
}
}

Benefits:

Applets are now widely used all over the web. ever wondered what’s the code behind it that actually powers it?

You can see the source code of almost any java app or even an applet. Intercept the applet url using any intercepting proxy[I would recommend Burp suite], download the .class file and decompile it, you may end up finding a treasure box there. 🙂

Comments
  1. Praveen
    • admin

Leave a Reply

Your email address will not be published. Required fields are marked *