8

I work on a platform which runs Java apps. Those apps are often obfuscated, most of them using ProGuard, which makes debugging issues with our platform very difficult.

Currently I'm using JD (http://java.decompiler.free.fr/ ) to decompile it those apps. JD does a decent job, but sometimes the generated code is too difficult to understand.

This appears to happen mainly because obfuscation tools exploit the less constrained spec of JVM Bytecode to produce valid bytecode which doesn't map back to valid Java code (example: aggressive overloading).

So, my question is: is there a decompiler built especially to deal with obfuscated bytecode?

JoaoHornburg
  • 917
  • 1
  • 11
  • 22
  • Have you tried http://members.fortunecity.com/neshkov/dj.html – Anirudh Ramanathan Jun 22 '11 at 17:53
  • @anirudh4444 it only runs on windows. I need something that runs on Ubuntu. – JoaoHornburg Jun 22 '11 at 17:59
  • You could use wine/mono to run it on ubuntu. – Anirudh Ramanathan Jun 22 '11 at 18:21
  • Reverse engineering obfuscated bytecode is really hard. Much harder then obfuscating it in the first place. Get ready to spend alot of money or have a lot of time manually learning and translating jvm bytecode. – aramadia Jun 22 '11 at 18:29
  • 4
    I've made a decompiler specifically designed to handle obfuscated bytecode. The generated code isn't necessarily pretty, but at least it generates valid code without crashing in cases that easily stump every other decompiler I've tried. You can get it here. https://github.com/Storyyeller/Krakatau – Antimony Oct 27 '12 at 04:25

2 Answers2

5

I doubt any decompilers do that. However you could implement custom bytecode transformation and rename overloaded method and variable names using something like ASM.

Eugene Kuleshov
  • 31,461
  • 5
  • 66
  • 67
5

There is a decompiler known as Fernflower developed by a member here. It boasts being a decompiler specifically made for decompiled code, however you may want to take its claim with a grain of salt. It's uploaded here: https://github.com/Zidonuke/Bukkit-MinecraftServer/blob/master/tools/fernflower.jar?raw=true

obataku
  • 29,212
  • 3
  • 44
  • 57
  • Fernflower is no longer officially available, and it can still be defeated by fairly simple control flow transformations. – Antimony Jun 22 '12 at 03:46
  • @Antimony care to explain what transformations? AFAIK it can handle even ZKM's opaque predicate insertion, which happens (happened?) to be the best flow obfuscation in the game. – obataku Jun 23 '12 at 05:25
  • Fernflower is back, kids! – thomas Apr 11 '16 at 19:56