WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: JAVA code obfuscation&De-obfuscation

From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Mon, 28 Jan 2013 16:35:51 +0100
Hi Vedantam,

I don't know if there is any de-obfuscation software out there, but
-if you have the patience and time- you can de-obfuscate it yourself
to a point where you understand what is happening in the application,
IMHO.

The thing is that it will require a lot of time to do it and if you
care about security, this is not the only way to go finding
vulnerabilities in the application.

If you care about intellectual property, I believe that it would be
easier for someone to re-develop the application from scratch, than
manually de-obfuscate it and then copy the code.....unless you have a
kick-ass algorithm in there, that no one else can come up with....or
military grade secrets (which you shouldn't hard code in the first
place).

Cheers,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras



On Fri, Jan 4, 2013 at 12:29 PM, vedantam sekhar <vedantamsekhar () gmail com>
wrote:


Hi Group,

I came across a project to check the code that is obfuscated with Pro
guard. I was asked to check that, it is not possible to retrieve the
original code through reverse engineering or any other methods or
tools.
Are there any de-obfuscators available(commercial or opensource) for
JAVA?Any de-obfuscating tools specific to Pro-guard? If there are no
tools, is it possible to do it manually &how?

Thanks for the help,

Sekhar



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: