Penetration Testing mailing list archives
Re: [PEN-TEST] Java Decompilers
From: Tirath Rai <Tirath () SCANIT BE>
Date: Wed, 22 Nov 2000 11:29:54 +0100
Hey, IMHO Mocha works well, its earned its place in my pen test toolset. It does choke on some class files, perhaps about a quarter of them. This is not because they are deliberately obsfucated but I guess its just not built for all occasions. Still it does produce nice readable code which can be re-compiled with minor adjustments. Decent resource: http://www.meurrens.org/ip-Links/java/codeEngineering/tercentennial.html I also use JavaDump, it rips out key things from a class file, output is in HTML form. This is fine if you just want a very basic picture. If you want to go a level lower and the class files you are looking at are obfuscated or your decompilers are choking on them perhaps you can use the disassembler which comes with JDK. The -c flag prints out disassembled code. The JVM spec book is on the Sun Java site and other docs to help you it figure out are out there. Besides it can be 'fun' figuring out disassembled class files, if you have too much time on your hands ;) Tirath Rai SCANIT http://www.scanit.be
Current thread:
- [PEN-TEST] Java Decompilers Mark Curphey (Nov 22)
- Re: [PEN-TEST] Java Decompilers John Gwilliams (Nov 23)
- Re: [PEN-TEST] Java Decompilers Job de Haas (Nov 23)
- Re: [PEN-TEST] Java Decompilers Pedro Hugo (Nov 23)
- <Possible follow-ups>
- Re: [PEN-TEST] Java Decompilers Tirath Rai (Nov 23)