Re: Encrypting the Source Kode



osmium wrote:

The word "decompile" is commonly misused, something said even by people
who speak carefully. There is no such thing as a decompiler (which would
produce the original source code). The word is used (falsely) to talk
about a program that produces one possible *assembly* listing for the
program..

Personally, I have never heard (or seen) anyone confusing decompilation with
disassembly.

Decompilers (as I understand the term) /do/ exist, and can work quite well.
The difference between what I mean by decompiler and what you state, is that I
understand the term to cover any program which attempts to produce source in
the original language which, if recompiled, would produce essentially the same
program as we started with.

There is no assumption that it's the /same/ source -- it's almost certain to
have different layout, and none of the original comments, even in the most
auspicious circumstances. It'll only [re-]generate the original identifiers if
those are included in the compiled output (debugging information, say). It's
not guaranteed to "guess" right if more than one source-language construction
can compile to the same output. And so on. But it is, for some
languages/target systems, quite possible to [re-]generate clear, idiomatic,
readable source.

The requirement for this to be possible is that the mapping the compiler
performs be quite simple. That is the case for Java for instance (when Java is
compiled to JVM bytecode -- by far the typical case). I believe that it's also
the case for MS's C# -> CLI compiler(s).

The "Jad" decompiler for Java can often do an excellent job of generating
usable source from classfiles. I assume there are equivalents for .NET.

Which, in turn, is why obfuscators exist. I suspect that that might have been
the concept the OP was looking for. Something which will take the
easily-decompiled output of a Java or .NET compiler, and scramble it (while
keeping the meaning intact) so as to confound any attempt to decompile. Such
programs do exist, do work (sort of), and can be useful to prevent /casual/
reverse-engineering of a delivered application or library.

-- chris


.