End of Year Review 2009 - Decompiling Java

July 07, 2009 - 05:00

Decompilation is a problem for the software industry, with the global revenue loss due to software piracy estimated to be more than $50 billion in 2008. There are several Java decompilers available but none are 100% effective, and many are obsolete/unmaintained.

We found Java Decompiler, JODE and Dava to be good Java decompilers but not perfect. Dava is particularily suited to aribtrary bytecode, while others are suited to javac generated bytecode.

There are decompilation resistance techniques, including code obfuscation and software watermarking, which can be effective in the context of Java decompilers. Code obfuscation has the useful side-effect of causing many Java decompilers to fail when applied to Java bytecode, while other techniques decrease the possibility of code understanding. Software watermarks can be used to prove ownership of stolen software, and are usually used in conjunction with obfuscation to provide better protection.

Techniques such as program slicing can be used to attack software watermarks and many obfuscations and watermarks are easily removed rendering their protection useless.