Javology

Breaking News

Mocha Decompiler

Anything that can be compiled can also be decompiled, and Mocha has reached this inevitable goal. Although a rudmimentary decompiler is included with the JDK (javap), it only enumerates method signatures. Mocha actually uses the extensive symbol information present in class files to produce human-readable source code.

Freely downloadable from the Mocha Web site, it can handle fairly complex programs without breaking a sweat. As an example, its author decompiled the GraphLayout example that ships with the JDK and compared the result with the provided code. They are remarkably similar; variable names are retained, and only the order of certain declarations changed significantly.

This development opens a can of worms for every Java programmer. While reverse engineering can be used for purposes as innocent as "how did they do that?", its potential for piracy and industrial espionage is clear. Mocha's author explicitly forbids such abuse of the product, but criminals who laugh at the law are no more likely to heed this warning. The question then becomes, how can commercial software be protected from decompilation?

The author suggests one feasible solution: using Java to build the frontend of a program, and hiding critical data in a backend which lives elsewhere on a server. This is inconvenient, increasing server load, but it does save the user from long download times. He also points out that classes with large amounts of useless code (unused local variables and methods) can confuse Mocha. The only sure-fire way to prevent reverse engineering, however, is an embeded encryption scheme on the order of RSA's algorithms, and this has not been developed for Java yet.

Mocha provides a world of legal functionality: recovering lost source code and learning programming techniques from others. What becomes of its destructive potential is entirely up to its users. Such a tool is needed and welcomed by many; but developers should keep in mind that compilation is no longer a surefire protection of company secrets.

Kerry Hammil, khammil@primenet.com


| Top | News | Contents |
© 1996 Javology