Java Coffee Break Newsletter Vol 1, Issue 4 ISSN 1442-3790 Welcome to the fourth Java Coffee Break Newsletter. This issue covers decompiler software, which allows software developers to generate source code from compiled Java classes. This article is updated with new information about stronger decompilers, and is based on an earlier article from the JCB site. - - - - - - - - - - - - - - - - - - - - - - - - Java Coffee Break Updates * Java Tutorials 1. Java Tutorials If you're new to the Java programming language, and need a little help, then try some of the free tutorials available from the Java Coffee Break. These aren't your normal tutorials - they don't require extensive Java experience or knowledge. All our Java tutorials can be found at http://www.davidreilly.com/jcb/tutorials.html - - - - - - - - - - - - - - - - - - - - - - - - Decompilers - Friend or Foe? When a programmer writes software, and releases it to the public, he (or she) normally releases a compiled version of the application, that users can run on their own machine. Whether it is a commercial offering, or a free piece of software, the programmer has put a considerable amount of time and effort into producing it. As a general view, programmers don't give the source code for their product away. Yet few developers realise that every time you release compiled software, you are also giving people the opportunity to reconstruct the source code! Software that examines software Decompilers are programs that analyse compiled code, and from this, reconstruct the original source code. Decompilation and reverse engineering is often prohibited by software license agreements - but this won't always stop an unscrupulous competitor, or an enthusiastic hacker from analysing your code. Decompilers are freely available for a variety of languages and platforms, including Java! Read on, and I'll introduce you to the world of decompilation. How do they work? Decompilers work by analysing the byte code of software, and then deduce the code that created it. Most classes also contain additional debugging information, which can help the decompiler create a more accurate representation of the original source code. This debugging information is invisible to normal users, and many programmers don't even realise just how much information can be obtained from their classes - but there are ways to protect your code. Software is available that will strip away debugging information, and even change the names of local and member variables inside your classes. SourceGuard, for example, will rename your variables to meaningless names, which decreases the readability of decompiled source. When you protect your code with applications like SourceGuard, decompilers have less information on which to base their analysis on, and it becomes harder for programmers to understand the code they produce. The success of decompilation varies upon the amount of protection that software developers use, and the decompiler software that one uses to decompile. Many decompilers fail to decompile correctly, and some will even produce code that won't compile - particularly when faced with strong protection from a product like SourceGuard which offers a feature called byte-code range modification. BRM prevents most software from decompiling methods that have try { } catch blocks, and will produce garbled code with most decompilers. Preventing decompilation is a valuable feature. Of course, such protection isn't uncrackable. While there are plenty of free decompilers out there, you really get what you pay for. With free tools, the code that is produced ranges from complex to unusable when protected by a tool that is decompiler resistant. With commercial tools, you can get varying degrees of success, and at least one tool is capable of breaking the byte-code range modification technique of SourceGuard. SourceAgain, by Ahpah Software Inc, is capable of decompiling BRM protected classes effectively, and produces much more readable code than free software like Mocha or DejaVu. SourceAgain is available in three versions, a standalone decompiler, a professional edition that integrates with Symantec Visual Cafe and Microsoft Visual J++, and a Unix version. For those interested in using decompilers, a trial of SourceAgain is accessible from the web, and it can decompile classes that are accessible from a http:// address. The full article is available at http://www.davidreilly.com/jcb/articles/decompilers_friend_or_foe.html - - - - - - - - - - - - - - - - - - - - - - - - The Java Coffee Break Newsletter is only sent out to email subscribers who have requested it, and to readers of the comp.lang.java.programmer and comp.lang.java.help newsgroups. If you are an email subscriber and no longer wish to receive the JCB Newsletter, please unsubscribe using the WWW form located at http://www.davidreilly.com/jcb/newsletter/unsubscribe.html