如何正确反编译Java代码?

huangapple go评论130阅读模式
英文:

How can i decompile a java code correctly?

问题

我正在尝试反编译这段Java源代码,但它总是出现我不理解的语法。

我已经尝试使用Procyon v0.5.36进行反编译,但我得到了以下类似的文件:

do.java
case.java
if.java
.
.
...

这些文件包含了我不理解和从未见过的语法,例如:

public class if implements do
{
    public static volatile int if;
    public static volatile int for;
    public static volatile boolean int;
    private static final int try = 5;
    private static final int byte = 5;
    private static final int case = 8;
    public static final int new = 50;
    
    public for do() {
        // ...
    }
    // ...
}

这是我得到的源代码示例,如您所见,关键词被用作变量和函数名。我猜想这可能是某种类型的源代码加密和保护。

这是什么类型的加密/保护方式?

英文:

I am trying to decompile this java source code, but it always comes with a syntax i do not understand.

I have tried to decompile it using Procyon v0.5.36 but i get file like this:

do.java
case.java
if.java
.
.
...

Those files contains a syntax that i don't understand and never seen before like this:

public class if implements do
{
    public static volatile int if;
    public static volatile int for;
    public static volatile boolean int;
    private static final int try = 5;
    private static final int byte = 5;
    private static final int case = 8;
    public static final int new = 50;
    
    public for do() {
        case case1 = null;
        try {
            final tech.platform.this.do int1 = tech.platform.this.do.int();
            if (int1 == null) {
                throw new tech.platform.char.do("Page not found !");
            }
            case1 = new case(int1.break().getInt("processNum"));
            if (case1.protected()) {
                throw new tech.platform.char.do("No ID found !");
            }
            case1.for = tech.platform.this.do.int().case() + "_" + tech.platform.this.do.int().char() + "_" + tech.platform.this.do.int().else();
            case1.class = new Timestamp(Calendar.getInstance(TimeZone.getTimeZone("GMT")).getTimeInMillis());
            case1.if = "In Progress";
            case1.void = "0%";
            case1.break = 0;
            case1.catch = 0;
            case1.boolean();
            default default1 = (default)tech.platform.const.do.if(default.class, "name = ?", new Object[] { "SERVICE" });
            if (default1 == null || default1.protected()) {
                default1 = new default();
                default1.for = "SERVICE";
                default1.if = "Activated";
                default1.int = tech.platform.this.do.int().goto().byte;
                default1.try = new Date(System.currentTimeMillis());
                default1.new = tech.platform.this.do.int().goto().byte;
                default1.byte = new Date(System.currentTimeMillis());
                default1.do = default1.throws();
            }
...

This is an example of the source code i am getting, as you can see, there is keywords used as variables and functions names. I guessed that might be a type of source code encryption and protection.

What kind of encryption/protection is that?

答案1

得分: 1

什么样的加密/保护措施是那种?

这被称为混淆。有商业工具可以执行这种操作。销售或分发专有软件的人在不希望您对其代码进行反向工程时,会使用这种工具。

经过混淆的软件通常受软件许可协议的保护;例如,点击同意的最终用户许可协议。如果您查阅软件许可协议,您很可能会发现禁止进行反向工程。

如何正确反编译Java代码?

嗯,这取决于您所指的“正确”的含义。

显然,这里使用的混淆器之一已经在字节码文件中使用Java关键字替换了一些Java标识符的名称。只是为了增加难度!也许通过使用不同的反编译器可以解决这个问题,但我不能推荐特定的反编译器。

但是,即使您解决了这个问题,混淆器还会使用其他技术使代码难以理解。当然,您将无法恢复原始源代码。


两个月前我在一个网站上发现了那个jar文件,如果我能找到所有者,我会很高兴,但我似乎无法做到。

这真是不幸。我的建议是停止尝试使用这段代码!!

事实是:如果您使用了在某个网站上找到的某个JAR文件,并且无法追踪到作者,您可能会从至少两个角度面临风险:

  1. 您实际上无法知道在运行代码时它实际会对您的计算机做些什么。它可能安装后门,可能搜索并窃取信用卡信息,可能加密您的所有文件并要求赎金以解密它们。

  2. 这可能是版权流氓的事情;请参阅https://en.wikipedia.org/wiki/Copyright_troll。

英文:

> What kind of encryption/protection is that?

It is called obfuscation. There are commercial tools that do this kind of thing. People who sell or distribute proprietary software use this kind of tool when they do not want you reverse engineering their code.

Software that has been obfuscated is typically covered by a software license agreement; e.g. a click-through EULA. If you check the software license, you will most likely find that reverse engineering is forbidden.

> How can i decompile a java code correctly?

Ummm. It depends on what you mean by correctly.

Clearly, one of the things that the obfuscator used here has done is to use replace the names of some of the Java identifiers in the bytecode file with Java keywords. Just to be difficult! It may be possible to work around that by using a different decompiler, but I can't recommend one.

But even once you get past this problem, the obfuscator will have used other techniques to make the code difficult to understand. Certainly, you won't be able to recover the original source code.


> I have found that jar file on a website two months ago, i would be glad if i could find the owner, but i don't seem to be able to do so.

That is unfortunate. My recommendation would be to stop trying to use this code!!

Here's the thing: if you are using some JAR file you found on some website and you can't track down the author, you are potentially putting yourself at risk from at least two perspectives:

  1. You have no real way of knowing what the code is actually going to do to your machine when you run it. It might install a backdoor. It might look for and steal credit card details. It might encrypt all of your files and demand a ransom to decrypt them.

  2. This could be a copyright troll thing; see https://en.wikipedia.org/wiki/Copyright_troll.

huangapple
  • 本文由 发表于 2020年8月16日 10:10:14
  • 转载请务必保留本文链接:https://go.coder-hub.com/63432483.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定