James Hamilton

James Hamilton: My Research

Details of my PhD research in the Department of Computing at Goldsmiths, University of London. My research involves Java, Java bytecode, decompilaton, obfuscation, watermarking and related areas.

Decompiler Progress

My decompiler can now decompile the previously listed programs and I'm currently trying to decompile try-catch blocks.

22/11/09

A New Decompiler

I am currently implementing my own decompiler to help me fully understand the problems decompilers encounter and discover ways to improve decompilers. The decompiler is based on the ASM Java bytecode engineering library.

At first, I wish to decompile the 10 test programs from Godfrey Nolan's Decompiling Java. Decompiling Java contains a lot of information about Java bytecode, class files, obfuscation, security and decompilation. It includes two chapters (about half the book) detailing the design and implementation of a simple decompiler. This decompiler is built using the CUP parser generator for Java and the implementation chapter details how to implement a decompiler to decompile the 10 test programs.

I'm taking a different approach by taking advantage of a bytecode framework which provides an easy way to manipulate and analyse Java class files through a visitor based API.

The ten programs:

  1. HelloWorld.java
  2. Basics.java
  3. MathOps.java
  4. DoWhile.java
  5. IfTest.java
  6. Recurses.java
  7. WhileLoop.java
  8. ForLoop.java
  9. ArrayTest.java
  10. ArrayInit.java

Saturday, 17th October, 2009 @ 05:27pm

An Evaluation of Current Java Bytecode Decompilers

Accepted for publication at the Ninth IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2009).

Decompiling Java - SCAM 2009: Ninth IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2009)

Decompilation of Java bytecode is the act of transforming Java bytecode to Java source code. Although easier than that of decompilation of machine code, problems still arise in Java bytecode decompilation. These include type inference of local variables and exception-handling.

Since the last such evaluation (2003) several new commercial, free and open-source Java decompilers have appeared and some of the older ones have been updated.

In this paper, we evaluate the currently available Java bytecode decompilers using an extension of the criteria that were used in the original study. Although there has been a slight improvement since this study, it was found that none passed all of the tests, each of which were designed to target different problem areas. We give reasons for this lack of success and suggest methods by which future Java bytecode decompilers could be improved.

Presentation Slides

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SCAM.2009.24.

BibTex Entry

Saturday, 03rd October, 2009 @ 06:08pm

MPhil Transfer Report

In progress

Currently in progress MPhil-to-PhD transfer report, including a chapter based on my 'An Evaluation of Current Java Decompilers' paper and parts of my 'Decompiling Java' working document.

Decompilation of Java bytecode is the act of transforming Java bytecode to Java source code. Although easier than that of decompilation of machine code, problems still arise in Java bytecode decompilation. These include type inference of local variables and exception-handling.

We evaluate the currently available Java bytecode decompilers using an extension of the criteria used in a previous original study. Although there has been a slight improvement since this study, it was found that none passed all of the tests, each of which were designed to target different problem areas.

Decompilation is a problem for the software industry, with the global revenue loss due to software piracy estimated to be more than $50 billion in 2008. There are decompilation resistance techniques, including code obfuscation and software watermarking, which can be effective in the context of Java decompilers.

Code obfuscation has the useful side-effect of causing many Java decompilers to fail when applied to Java bytecode, while other techniques decrease the possibility of code understanding. Software watermarks can be used to prove ownership of stolen software, and are usually used in conjunction with obfuscation to provide better protection. Many obfuscations and watermarks are easily removed rendering their protection useless.

Sunday, 06th September, 2009 @ 06:33pm

Decompiling Java

End of Year Review 2009: Presentation to a non-specialist* computing audience

Decompiling Java - End of Year Review 2009: Presentation to a non-specialist computing audience

Decompilation is a problem for the software industry, with the global revenue loss due to software piracy estimated to be more than $50 billion in 2008. There are several Java decompilers available but none are 100% effective, and many are obsolete/unmaintained. We found Java Decompiler, JODE and Dava to be good Java decompilers but not perfect. Dava is particularily suited to aribtrary bytecode, while others are suited to javac generated bytecode.

There are decompilation resistance techniques, including code obfuscation and software watermarking, which can be effective in the context of Java decompilers. Code obfuscation has the useful side-effect of causing many Java decompilers to fail when applied to Java bytecode, while other techniques decrease the possibility of code understanding. Software watermarks can be used to prove ownership of stolen software, and are usually used in conjunction with obfuscation to provide better protection.

Techniques such as program slicing can be used to attack software watermarks and many obfuscations and watermarks are easily removed rendering their protection useless.

* Department of Computing staff and PhD students, in the area of music research.

Tuesday, 07th July, 2009 @ 01:06pm

Decompiling Java

Working document

Decompiling Java is a work-in-progress containing mostly background information relating to decompilation, obfuscation and watermarking.

Tuesday, 02nd June, 2009 @ 12:32pm

Obfuscating Transformations for Decompilation Resistant Java

Spring Review Week 2009: Presentation to a non-specialist audience

Obfuscating Transformations for Decompilation Resistant Java Computer programs are written by a programmer in an English-like programming language, known as source-code. There are many programming languages available to programmers who can choose a language for their specific needs.

Source code is transformed by a compiler into a sequence of instructions to be executed by a computer - a task known as compiling. Java is a popular programming language mainly due to it's `write once, run anywhere' nature - programmers write Java source code and the compiled Java program is able to run on many different systems without changes. In comparison, compiled programs written in the C language are tied to particular types of computers.

One disadvantage that the Java programming language has, compared to other languages like C, is the relative ease of decompiling - the act of transforming compiled programs back into source code. Access to source code presents a risk that adversaries (such as software pirates or competing companies) could access proprietary information used to create a program.

Code obfuscation techniques can be used to make decompiled code more confusing and in certain cases cause decompilation tools to fail. Such techniques can be applied to Java programs to hinder decompilation and decrease program understanding.

What obfuscating transformations can be applied to Java programs to hinder decompilation? How effective are such obfuscating transformations? What are the ways in which adverseries could attack such obfuscations? How can we use this knowledge to create secure Java programs?

Tuesday, 02nd June, 2009 @ 12:32pm