[Webappsec] how to convert JAR file to source code

James Landis jcl24 at cornell.edu
Fri Apr 25 03:11:55 EDT 2008 

DJ uses JAD. It's just a front end. JAD is really the only decent
thing out there, and even JAD does a horrible job on obfuscated
bytecode. It especially has trouble dealing with nested exception
handling and monitors. If you're dealing with obfuscated code, you're
better off deobfuscating it first before you try to decompile it,
because JAD can make incorrect assumptions about type hierarchies and
leave you with code with ambiguous variable references and broken
method shadowing.

Unfortunately, there are no good deobfuscators out there that I've
found. You're going to have to write one yourself. That's probably a
good exercise anyway, as it will teach you the structure of class
files and give you the skills you need to correct the decompilation
errors you're likely to run across in various methods. You're going to
need to understand opcodes and the constant pool.

Good luck!

-j

On Fri, Apr 25, 2008 at 12:02 AM, Michael Breu <michaelbreu at gmail.com> wrote:
> DJ is also a good shareware java decompiler with a GUI and built-in editor:
>
> http://www.download.com/DJ-Java-Decompiler/3000-2417_4-10046809.html
>
> -Michael
>
>
>
> On Fri, Apr 25, 2008 at 8:56 AM, Ray Foo <gunblad3 at gmail.com> wrote:
> > In addition, you can make use of a batch script to convert the class files
> to java files in corresponding directories.
> > http://www.adarshr.com/papers/recursive
> >
> > Regards,
> > Ray Foo
> >
> >
> >
> >
> >
> > On Fri, Apr 25, 2008 at 2:46 PM, Ankur Jindal <divinepresence at gmail.com>
> wrote:
> >
> > > Hi
> > > You can extract .jar files like a zip file if you have winzip. To
> > > decompile the class files, use JAD or Reflector.
> > >
> > > -Ankur
> > >
> > >
> > >
> > > On Fri, Apr 25, 2008 at 12:13 PM, Application Tester
> > > <vul.tester at gmail.com> wrote:
> > > > hi
> > > >
> > > >  Is there any free tool that can convert *.jar files to source code?
> > > >
> > > >  Thanks in advance
> > > >  App. Tester.
> > > >  [+ +]
> > > >    ^
> > > >
> > > >
> > > >
> > > >  _______________________________________________
> > > >  Webappsec mailing list
> > > >  Webappsec at lists.owasp.org
> > > >  https://lists.owasp.org/mailman/listinfo/webappsec
> > > >
> > > _______________________________________________
> > > Webappsec mailing list
> > > Webappsec at lists.owasp.org
> > > https://lists.owasp.org/mailman/listinfo/webappsec
> > >
> >
> >
> > _______________________________________________
> > Webappsec mailing list
> > Webappsec at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/webappsec
> >
> >
>
>
> _______________________________________________
>  Webappsec mailing list
>  Webappsec at lists.owasp.org
>  https://lists.owasp.org/mailman/listinfo/webappsec
>
>

More information about the Webappsec mailing list