>The problem with this approach is that there is only a very limited
>number of ways
>that you can pop up that dialog and these method calls can not be
>removed by
>obfuscation. All a hacker needs to do is find instances of these
>method calls in the
>decompiled code, modify:compile:test until they find the one that
>generates the
>dialog in question and then simply add code to bypass your dialog -
>could be as
>simple as commenting it out.
>
>If you think obfuscation is going to protect your code I suggest you
>try reverse
>engineering something - I would recommend JAD as a decompiler. It is
>disturbingly
>easy for J2ME stuff.
>
>
a few "second generation" obfuscators do a pretty good job at reordering
byte code instructions so that it doesn't correspond to a real Java
source. For example, here is a code obfuscated with Zelix Klassmaster,
and decompiled by DJ Java Decompiler:
k1 = d.c;
ai = a[i1];
j1 = 0;
if(k1 == 0) goto _L2; else goto _L1
_L1:
ai[j1];
_L9:
if(k1 != 0) goto _L4; else goto _L3
_L3:
JVM INSTR ifne 32;
goto _L5 _L6
_L5:
break MISSING_BLOCK_LABEL_30;
_L6:
continue; /* Loop/switch isn't completed */
false;
_L4:
return;
Of course, this doesn't stop real hackers of modifying directly the
bytecode. But at least it stops the "rookies".
B.
>Steve Oldmeadow
>
>
>This mail was sent to address boris@granveaud.com
>Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/
>
>
>
--
Boris Granveaud
http://www.granveaud.com/
Received on Wed Sep 3 09:32:46 2003