Vulnerability Development mailing list archives
Re: reverse engineer c or java
From: za () boo ma fu (za () boo ma fu)
Date: Sat, 20 May 2000 21:29:39 -0400
Sup, I'd like to respond to this question by saying that I don't believe worrying how reversable your program is is the answer. There are many java class decompilers, such as my personal favorite 'jad', that do an excellent job of translating compiled java to actual working code. In the case of c/c++, there is always a 'ThreatCon Alpha' of decompilation and disassembly. Any good hacker worth his weight in code will be able to read the asm statements from a compiled program or hex from a stripped binary. So what would be your most valuable tool to maintain proper security in any program you write? Write well thought out code. Learn about common bugs such as bad 'system()' placement or buffer overruns. If you are dealing with encryption make sure your code is strong enough so that it isnt easily brute forced. Don't rely on advanced programming skills as a way to keep code secure and obfuscated as there will always be someone talented enough to understand it. What I really think good code comes down to is the following. If you aren't secure enough to release the program to the public open sourced you didn't secure the program. Best of luck, initd_ initd_ () digital net http://digital.net/~initd_
Hey KJ. I don't know if this sounds stupid or not, but this is basically what I want to know. Matthew Is there any difference in difficulty between reverse engineering an executable file or a Java Class. If the C or Java program is written with security in mind by an experienced programmer, how long would it take to reverse engineer each version of a fairly simple application?
The desired effect is to have a program that a client downloads off the internet, and Matthew wants to know if it should be written in c or java. Though, I take it both can be reversed engineered by talented programmers; but I guess he wants to know which would be harder or more complex to "hack".
I am not too sure, thus I am passing it on to you gurus.
K.J.
"Never argue with an idiot. He will take you down to his level, and beat you with experience."
Current thread:
- possible new "e-mail virus" concept ? + bypassing IE settings Zoa_Chien (May 18)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Jim Paris (May 18)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Blue Boar (May 18)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings A.T.Z. (May 19)
- chsh Segfault on FreeBSD 3.3 Fabio Pietrosanti (May 19)
- reverse engineer c or java kj (May 19)
- Re: reverse engineer c or java John Swensson (May 20)
- Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER SMILER (May 20)
- Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Blue Boar (May 20)
- Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Stuart Henderson (May 22)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Blue Boar (May 18)
- Re: reverse engineer c or java za () boo ma fu (May 20)
- Outlook, HTML & VBS Joerg Weber (May 21)
- Re: reverse engineer c or java Bluefish (May 21)
- Re: reverse engineer c or java Gordon Messmer (May 21)
- Re: reverse engineer c or java pantera () BALANCEPOINTGOLF COM (May 21)
- Re: reverse engineer c or java Crispin Cowan (May 21)
- Re: reverse engineer c or java Erik Debill (May 22)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Jim Paris (May 18)
- Re: reverse engineer c or java za () boo ma fu (May 21)
- Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 22)
- Re: reverse engineer c or java Bluefish (May 23)