Anything that can be compiled can also be decompiled, and Mocha has reached this
inevitable goal. Although a rudmimentary decompiler is included with the
it only enumerates method signatures. Mocha actually uses the extensive symbol
information present in class files to produce human-readable source code.
Freely downloadable from the Mocha Web site,
it can handle fairly complex programs without breaking a sweat. As an
author decompiled the GraphLayout example that ships with the JDK and
result with the provided code. They are remarkably similar; variable names
and only the order of certain declarations changed significantly.
This development opens a can of worms for every Java programmer. While
reverse engineering can be used for purposes as innocent as "how did they do
potential for piracy and industrial espionage is clear. Mocha's author
explicitly forbids such abuse of the product, but criminals who laugh at the
law are no more likely to heed this warning. The question then becomes, how
can commercial software be protected from decompilation?
The author suggests one feasible solution: using Java to build the
frontend of a
program, and hiding critical data in a backend which lives elsewhere on a
server. This is inconvenient, increasing server load, but it does save the
user from long download times. He also points out that classes with large
amounts of useless code (unused local variables and methods) can confuse
Mocha. The only sure-fire way to prevent reverse engineering, however, is
an embeded encryption scheme on the order of RSA's algorithms, and this has
not been developed for Java yet.
Mocha provides a world of legal functionality: recovering lost source
learning programming techniques from others. What becomes of its
is entirely up to its users. Such a tool is needed and welcomed by many;
should keep in mind that compilation is no longer a surefire protection of
Kerry Hammil, email@example.com