WebApp Sec mailing list archives
Re: JAVA code obfuscation&De-obfuscation
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Mon, 28 Jan 2013 16:35:51 +0100
Hi Vedantam, I don't know if there is any de-obfuscation software out there, but -if you have the patience and time- you can de-obfuscate it yourself to a point where you understand what is happening in the application, IMHO. The thing is that it will require a lot of time to do it and if you care about security, this is not the only way to go finding vulnerabilities in the application. If you care about intellectual property, I believe that it would be easier for someone to re-develop the application from scratch, than manually de-obfuscate it and then copy the code.....unless you have a kick-ass algorithm in there, that no one else can come up with....or military grade secrets (which you shouldn't hard code in the first place). Cheers, Ioannis (Yiannis) Koukouras CISSP, CISA, CISM, OSCP MSc in Computer Systems Security BEng in Electronic Engineering http://www.linkedin.com/in/ikoukouras On Fri, Jan 4, 2013 at 12:29 PM, vedantam sekhar <vedantamsekhar () gmail com> wrote:
Hi Group, I came across a project to check the code that is obfuscated with Pro guard. I was asked to check that, it is not possible to retrieve the original code through reverse engineering or any other methods or tools. Are there any de-obfuscators available(commercial or opensource) for JAVA?Any de-obfuscating tools specific to Pro-guard? If there are no tools, is it possible to do it manually &how? Thanks for the help, Sekhar This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- JAVA code obfuscation&De-obfuscation vedantam sekhar (Jan 06)
- Re: JAVA code obfuscation&De-obfuscation Yiannis Koukouras (Jan 28)