Best class decompiler?
in [Java Programming]
|
From: Andreas Leitgeb on 5 Jul 2010 07:12 Arne Vajhøj <arne(a)vajhoej.dk> wrote: > ... (I guess that most people have tried losing > source code at some point in time). I'm not one of these. Losing source code is hardly anything I'd actually *try* to do. :-)
From: BGB / cr88192 on 5 Jul 2010 14:14 "Tom Anderson" <twic(a)urchin.earth.li> wrote in message news:alpine.DEB.1.10.1007050004480.14577(a)urchin.earth.li... > On Sun, 4 Jul 2010, BGB / cr88192 wrote: > >> "Arne Vajh?j" <arne(a)vajhoej.dk> wrote in message >> news:4c30c519$0$281$14726298(a)news.sunsite.dk... >>> On 04-07-2010 10:18, Blake McBride wrote: >>>> The problem is that there are many Java decompilers (such as JAD). A >>>> brief survey by me indicates that support for high quality decompilers >>>> seems to be waning. Many appear severly out-of-date. >>> >>> 10 years ago people considered it very cool that you could >>> decompile. >>> >>> Today it is old news and only those that for some unusual reason really >>> need the functionality are inteterested. >> >> I suspect part of the issue may be that most practical uses of >> decompilation are either questionable (decompiling code for which one >> doesn't legally have ownership) > > This is perfectly legal throughout the EU - provided you're doing it for > the purpose of writing code to interoperate with the code you're > decompiling, and you couldn't get the information you need from > documentation. Which, IME at least, is the main reason to decompile > something anyway, so when you need to do it, it's legal to do it. > fair enough, but in this case, usually, disassembly is sufficient... FWIW, disassembly is far more useful in general (since it has much more use in debugging and profiling, ...). although, granted, disassembly does tend to take a little more mental work to understand. but, anyways, in the US, disassembling or decompiling commercial code is a bit of an issue in general. in certain cases (such as code falling under the DMCA), it can be classified as a felony, meaning possible prison time... (though usually this is if one does so, and then pisses off the owning company somehow, in which case they can send the police after them with a warrent, ...). interop may not matter, since interop can itself be a violation. really, it is not too much different from someone being a stoner, where in some states possession is an offense with a 20-year prison sentence, ... luckily, most code does not fall under DMCA, meaning it is only civil (in which case the owning company is limited to lawsuits...). but, in any case, this is generally something to be avoided... >> on average, people likely have a valid need for decompilation far less >> often than they have a valid need for undelete, and it can be noted that >> as a general rule, people don't usually have undelete either (even if it >> wouldn't be particularly difficult to implement a filesystem with >> reasonably good undelete support, few bother, as this is not generally a >> useful feature...). > > True! > yep.
From: BGB / cr88192 on 5 Jul 2010 14:38 "Joshua Cranmer" <Pidgeot18(a)verizon.invalid> wrote in message news:i0r4u8$lm3$1(a)news-int2.gatech.edu... > On 07/04/2010 05:16 PM, BGB / cr88192 wrote: >> "Arne Vajh�j"<arne(a)vajhoej.dk> wrote in message >> news:4c30c519$0$281$14726298(a)news.sunsite.dk... >>> 10 years ago people considered it very cool that you could >>> decompile. >>> >>> Today it is old news and only those that for some unusual reason >>> really need the functionality are inteterested. >>> >> >> I suspect part of the issue may be that most practical uses of >> decompilation >> are either questionable (decompiling code for which one doesn't legally >> have >> ownership) or nefarious (the previous, but with intent to either steal >> said >> code, or attempt to circumvent or exploit). > > Researchers have pretty much established that decompilation has > substantial valid uses (supposedly, 20% of all source code just simply > doesn't exist anymore); I myself had to decompile my own code due to an > undiscovered feature in my version control system. yes, fair enough... I guess a lot depends though on who owns the code. for example, if one is decompiling their own code, who is there to press charges?... but, how can the tool writers be certain of this use?... the issue though, is that most of the time, people keep track of their own code (much as they keep track of their files), so lost code is not too much different of a matter from lost files. >> so, being a tool with relatively few valid uses, means that there is not >> a >> whole lot of reason to implement or maintain these sorts of tools. > > In the U.S., the DMCA does make working on decompilation in a legal gray > area; most of the more recent advances in decompilation I've seen have > been from non-U.S. researchers. yeah... person A writes decompiler; person B uses decompiler to violate DMCA. person A faces possible criminal charges owing to person B's use... although one is a bit safer if it is a catagory of tool that is already well established as having other valid uses (such as OS's and compilers, or photo editors, ...), but so help you if you are writing general-purpose decompilers or cryptoanalysis tools... > In any case, a skilled programmer can function just as well off of the > technically easier disassembly; with a bit of a guide, it is not hard to > use javap to go from class code to source code. Seeing as how IDA > (probably the most widely used disassembler in existence) has a successful > plugin for decompilation, it is clearly not something for which a market > is lacking. yeah. as well, disassemblers are much more established, given their common use in debugging and similar, as well as their widespread availability. > On the other hand, as has been additionally pointed out, fully automated > decompilation of entire programs remains generally impossible under > current techniques. Decompilation is typically viewed as another tool for > reverse engineering, not the ultimate panacea. yep. a lot also depends on the particular ISA one is decompiling from... for example, a JBC decompiler is likely to be a bit easier than an x86 one, since a Java/JBC decompiler can make a fairly good guess from the stack and opcodes used, whereas for x86 a bit more heavy lifting is needed, and it is very possible that any such decompiler output will have fairly little in common with the original code (as well as the general awkwardness of dealing with an ISA with several thousand opcodes in its present form...). or such...
From: Joshua Cranmer on 5 Jul 2010 15:14 On 07/05/2010 02:14 PM, BGB / cr88192 wrote: > luckily, most code does not fall under DMCA, meaning it is only civil (in > which case the owning company is limited to lawsuits...). Actually, I believe there is a prevision in the DMCA making attempting to circumvent copyright a criminal offense. Under the 1976 copyright act, pretty much everything in the U.S. is copyrighted (even the words I'm writing right now!), which includes source code. So attempting to recover copyrighted source code that you do not have the rights to would be a criminal offense. Furthermore, distributing a program with the intent of circumventing copyright is also criminal, so writing a decompiler can certainly fall under this category. Furthermore and even more unfortunately, the Supreme Court appears to have backed off of its Betamax decision (which held that a device with substantial noninfringing uses was still legal) when it heard the Grokster case. Which lands the issue of whether or not a decompiler is legal or not into a muddy gray cesspool in the U.S. In retrospect, it seems to me that most of the legal situation of software is in this murky gray "who knows" legal land. -- Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald E. Knuth
From: Peter Duniho on 5 Jul 2010 15:27
Joshua Cranmer wrote: > On 07/05/2010 02:14 PM, BGB / cr88192 wrote: >> luckily, most code does not fall under DMCA, meaning it is only civil (in >> which case the owning company is limited to lawsuits...). > > Actually, I believe there is a prevision in the DMCA making attempting > to circumvent copyright a criminal offense. Circumventing encryption, not circumventing copyright. Until there's case law to show what direction the courts are going, it would not be possible to say for sure whether Java byte code is considered encryption, but a common-sense understanding certainly would not consider it so. > Under the 1976 copyright > act, pretty much everything in the U.S. is copyrighted (even the words > I'm writing right now!), which includes source code. So attempting to > recover copyrighted source code that you do not have the rights to would > be a criminal offense. Furthermore, distributing a program with the > intent of circumventing copyright is also criminal, so writing a > decompiler can certainly fall under this category. The .NET community has been very well-served by Red Gate's Reflector utility, which does a wonderful job of disassembling .NET programs. No one has tried to sue or prosecute them, nor do I think it likely anyone would. I doubt that a Java disassembler would be at any greater risk for same. > Furthermore and even more unfortunately, the Supreme Court appears to > have backed off of its Betamax decision (which held that a device with > substantial noninfringing uses was still legal) when it heard the > Grokster case. Which lands the issue of whether or not a decompiler is > legal or not into a muddy gray cesspool in the U.S. I suppose that depends on the bias with which one views that legal decision. However, my interpretation of it was that the court very much held the Betamax decision in high regard, and found that Grokster did not in fact have a substantial non-infringing use. Pete |