lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200306200141.h5K1fExY000903@caligula.anu.edu.au>
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: Re: Java class obfuscation

In some mail from northern snowfall, sie said:
> 
> > I was wondering if anyone has any documents compairing the different 
> > java class / method obfusction tools that are available.
> > I am in particular currious to know about the ones that are very easy 
> > to bypass vs. those that are extremely difficult.
> 
> You can't obfuscate java interpreted byte code just like
> you can't obfuscate CPU machine code. The JVM would have
> to be altered to ingest your obfuscated machine code.
> Every type of obfuscation can be defeated as soon as it
> loads the byte-code into memory for analysis by the JVM.
> Thus, you may not have readible byte-code on the disk,
> but, you *will* have it in core.

The aim of obfuscation is to make it hard(er) for decompilers
to work, not make it unreadable.

The trouble in attempting to get from the output of "gcc -O2" back
to C code (in comparison to "gcc -g") is the aim.

Darren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ