You are previewing Covert Java™: Techniques for Decompiling, Patching, and Reverse Engineering.
O'Reilly logo
Covert Java™: Techniques for Decompiling, Patching, and Reverse Engineering

Book Description

As a Java developer, you may find yourself in a situation where you have to maintain someone else's code or use a third-party's library for your own application without documentation of the original source code. Rather than spend hours feeling like you want to bang your head against the wall, turn to Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering. These techniques will show you how to better understand and work with third-party applications. Each chapter focuses on a technique to solve a specific problem, such as obfuscation in code or scalability vulnerabilities, outlining the issue and demonstrating possible solutions. Summaries at the end of each chapter will help you double check that you understood the crucial points of each lesson. You will also be able to download all code examples and sample applications for future reference from the publisher's website. Let Covert Java help you crack open mysterious codes!

Table of Contents

  1. Copyright
    1. Dedication
  2. About the Author
  3. Acknowledgments
  4. We Want to Hear from You!
  5. Introduction
    1. Who Will Benefit from This Book?
    2. The Moral and Legal Aspects of Hacking
    3. Special Features of the Text
  6. 1. Getting Started
    1. Techniques Overview—When and Why to Use Each Method
    2. Improving Productivity with File Managers
      1. FAR and Total Commander
      2. Java IDEs
    3. Sample Application Functionality and Structure
    4. Quick Quiz
    5. In Brief
  7. 2. Decompiling Classes
    1. Determining When to Decompile
    2. Knowing the Best Decompilers
    3. Decompiling a Class
    4. What Makes Decompiling Possible?
    5. Potential Problems with Decompiled Code
    6. Quick Quiz
    7. In Brief
  8. 3. Obfuscating Classes
    1. Protecting the Ideas Behind Your Code
    2. Obfuscation As a Protection of Intellectual Property
    3. Transformations Performed by Obfuscators
      1. Stripping Out Debug Information
      2. Name Mangling
      3. Encoding Java Strings
      4. Changing Control Flow
      5. Inserting Corrupt Code
      6. Eliminating Unused Code (Shrinking)
      7. Optimizing Bytecode
    4. Knowing the Best Obfuscators
    5. Potential Problems and Common Solutions
      1. Dynamic Class Loading
      2. Reflection
      3. Serialization
      4. Naming Conventions Violation
      5. Maintenance Difficulties
    6. Using Zelix KlassMaster to Obfuscate a Chat Application
    7. Cracking Obfuscated Code
    8. Quick Quiz
    9. In Brief
  9. 4. Hacking Non-Public Methods and Variables of a Class
    1. The Problem of Encapsulation
    2. Accessing Packages and Protected Class Members
    3. Accessing Private Class Members
    4. Quick Quiz
    5. In Brief
  10. 5. Replacing and Patching Application Classes
    1. What Do We Do When We Have Tried Every Road but Failed?
    2. Finding the Class That Has to Be Patched
      1. The General Approach
      2. Searching for Text Strings
      3. Working with Obfuscated Code
    3. A Sample Scenario That Requires Patching
      1. Using the Class Name
      2. Searching for Text Strings
      3. Using the Call Stack to Navigate Application Logic
    4. Patching a Class to Provide New Logic
    5. Reconfiguring the Application to Load and Use the Patched Class
    6. Patching Sealed Packages
    7. Quick Quiz
    8. In Brief
  11. 6. Using Effective Tracing
    1. Introduction to Tracing
    2. Tracing As an Effective Method of Learning the Software
    3. Tracing and Logging Tools and APIs
    4. Tracing Do's and Don'ts
      1. Tracing Do's
      2. Tracing Don'ts
    5. Quick Quiz
    6. In Brief
  12. 7. Manipulating Java Security
    1. Java Security Overview
    2. Bypassing Security Checks
      1. The Security Manager Is Not Installed
      2. The Security Manager Is Installed with a Default Policy
      3. The Security Manager Is Installed with a Custom Policy
    3. Quick Quiz
    4. In Brief
  13. 8. Snooping the Runtime Environment
    1. The Value of Understanding the Runtime Environment
    2. System Properties
    3. System Information
    4. Memory Information
    5. Network Information
    6. Accessing Environment Variables
    7. Quick Quiz
    8. In Brief
  14. 9. Cracking Code with Unorthodox Debuggers
    1. Understanding the Internals of Unknown Applications
    2. Conventional Debuggers and Their Limitations
    3. Hacking with an Omniscient Debugger
      1. Recording Chat Execution
      2. Navigating the Message Processing Code
      3. Using ODB to Crack the Obfuscated Version of Chat
    4. Quick Quiz
    5. In Brief
  15. 10. Using Profilers for Application Runtime Analysis
    1. Why and When You Should Use Profiling
    2. The Best Profilers for Java
    3. Investigating Heap Usage and Garbage Collection Frequency to Improve the Performance
    4. Browsing Object Allocation and References to Find and Fix Memory Leaks
    5. Investigating Thread Allocation and Synchronization
    6. Identifying Expensive Methods to Improve Performance
    7. Investigating an Application at Runtime Using a Thread Dump
    8. Quick Quiz
    9. In Brief
  16. 11. Load-Testing to Find and Fix Scalability Problems
    1. The Importance of Load-Testing
    2. Load-Testing RMI-Based Servers with JUnit
    3. Load-Testing with JMeter
      1. JMeter Overview
      2. WebCream Overview
      3. Creating a Web Test Plan
    4. Quick Quiz
    5. In Brief
  17. 12. Reverse Engineering Applications
    1. User Interface Elements and Resources
    2. Hacking Text
    3. Hacking Images
    4. Hacking Configuration Files
    5. Quick Quiz
    6. In Brief
  18. 13. Eavesdropping Techniques
    1. Eavesdropping Defined
    2. Eavesdropping on HTTP
      1. Using a Tunnel to Capture the HTTP Message Exchange
      2. Using a Network Sniffer to Capture the HTTP Message Exchange
      3. Protecting Web Applications from Eavesdropping
    3. Eavesdropping on the RMI Protocol
      1. The RMI Transport Protocol
      2. Using a Network Sniffer to Intercept RMI Messages
      3. Protecting RMI Applications from Eavesdropping
    4. Eavesdropping on JDBC Driver and SQL Statements
    5. Quick Quiz
    6. In Brief
  19. 14. Controlling Class Loading
    1. JVM Internals from a Class Loading Perspective
    2. Writing a Custom Class Loader
    3. Quick Quiz
    4. In Brief
  20. 15. Replacing and Patching Core Java Classes
    1. Why Bother?
    2. Patching Core Java Classes Using the Boot Class Path
    3. Example of Patching java.lang.Integer
    4. Quick Quiz
    5. In Brief
  21. 16. Intercepting Control Flow
    1. Control Flow Defined
    2. Intercepting System Errors
    3. Intercepting System Streams
    4. Intercepting a Call to System.exit
    5. Reacting to a JVM Shutdown Using Hooks
    6. Intercepting Methods with a Dynamic Proxy
    7. The Java Virtual Machine Profiler Interface
    8. Quick Quiz
    9. In Brief
  22. 17. Understanding and Tweaking Bytecode
    1. Bytecode Fundamentals
    2. Viewing Class Files Using the jClassLib Bytecode Viewer
    3. The JVM Instruction Set
    4. Class File Format
      1. Field and Method Descriptors
      2. Class File Structure
      3. Attributes
      4. Bytecode Verification
    5. Instrumenting and Generating Bytecode
      1. BCEL Overview
      2. Instrumenting Methods
      3. Generating Classes
      4. ASM Library
    6. Bytecode Tweaking Compared with AOP and Dynamic Proxies
    7. Quick Quiz
    8. In Brief
  23. 18. Total Control with Native Code Patching
    1. Why and When to Patch Native Code
    2. Native Code Usage in the Java Virtual Machine
      1. JNI Overview
      2. JNI Implementation Example
    3. Generic Approaches to Patching Native Methods
      1. Patching a Java Method Declaration
      2. Substituting Native Libraries
      3. Patching Native Code
    4. Patching Native Code on the Windows Platform
      1. Portable Executable Format
      2. Patching a Native Function Using the Function Replacer Utility
      3. Manual Patching Using Microsoft Detours Library
    5. Patching Native Code on Unix Platforms
    6. Quick Quiz
    7. In Brief
  24. 19. Protecting Commercial Applications from Hacking
    1. Setting Goals for Application Protection
    2. Securing Data with Java Cryptography Architecture
      1. Java Cryptography Architecture Overview
      2. Securing Chat Messages with JCA
    3. Protecting Application Distribution from Hacking
      1. Protecting Bytecode from Decompiling
      2. Protecting Bytecode from Hacking
        1. Hacking Non-Public Methods and Variables of a Class (Chapter 4)
        2. Replacing and Patching Application Classes (Chapter 5)
        3. Manipulating Java Security (Chapter 7)
        4. Reverse Engineering Applications (Chapter 12)
        5. Controlling Class Loading (Chapter 14)
        6. Understanding and Tweaking Bytecode (Chapter 17)
      3. Protecting Application Content from Hacking
    4. Implementing Licensing to Unlock Application Features
      1. Modern Software Licensing Models
        1. Closed Source Commercial Software
        2. Open Source Commercial Software
        3. Open Source Free Software
      2. Implementing Licensing to Unlock Commercial Features
        1. Creating a License File
        2. Verifying the License File
      3. Web Activation and License Registration
    5. Quick Quiz
    6. In Brief
  25. A. Commercial Software License
  26. B. Resources
    1. Utilities and Tools
    2. Decompiling
    3. Obfuscating
    4. Tracing and Logging
    5. Debugging
    6. Profiling
    7. Load-Testing
    8. Eavesdropping
    9. Bytecode Tweaking
    10. Native Code Patching
    11. Protection from Hacking
  27. C. Quiz Answers
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10
    11. Chapter 11
    12. Chapter 12
    13. Chapter 13
    14. Chapter 14
    15. Chapter 15
    16. Chapter 16
    17. Chapter 17
    18. Chapter 18
    19. Chapter 19