Preventing Reverse Engineering Threat in Java: Byte Code Obfuscation Techniques

Only available on StudyMode
  • Topic: Java, Source code, Java Virtual Machine
  • Pages : 14 (3123 words )
  • Download(s) : 988
  • Published : August 16, 2010
Open Document
Text Preview
2nd International Conference on Emerging Technologies
Peshawar, Pakistan 13-14 November 2006
1-4244-0502-5/06/$20.00©2006 IEEE 689
Preventing Reverse Engineering Threat in Java
Using Byte Code Obfuscation Techniques
Jan M. Memon, Shams-ul-Arfeen, Asghar Mughal, Faisal Memon
Department of Computer Science
Isra University, Hyderabad, Pakistan
{janmohd, shams, asghar, faisal}
Abstrac: Java programs are compiled into a
platform independent byte code format. Much of the
information contained in the source code is retained
in the byte code. Consequently reverse engineering
becomes much easier. Several software protection
techniques have been developed, of which, code
obfuscation seems to be a promising one. In this
paper, two new byte code obfuscation techniques
have been evolved. These techniques involve
applying obfuscating transformations to the Java
byte code. These techniques prevent automatic
software analysis tools, De-compilers, from
producing correct source code by introducing
syntax and semantic errors in the generated source
code. The proposed techniques are applied on
sample Java class files to examine the effectiveness
of the techniques in impeding reverse engineering.
The results reveal the erroneous codes generated by
the tested de-compilers.
Keywords: reverse engineering, obfuscation, byte
code, de-compiler
Java provides platform independence to
software programs. The software is compiled in
the intermediate code format, the class file
format. A class file contains massive amount of
information enough for easy reverse engineering
[11]. When an organization sells its software,
developed in Java, to the other organization, it
delivers its software by providing the
intermediate code format. The organization
purchasing the software may break all the laws
and obligations by simply hiring a software
developer to reverse engineer the software often
with the help of automated tools, De-compilers,
and make appropriate changes according to its
needs, thus giving financial loss and breaking all
the ethical measures of the organization who did
all the efforts to develop it [17]. More precisely,
the developer places some sort of protection on
the program that may be removed by the
malicious users. Most of this work has
concentrated on embedding the license file or
identification keys in the software, especially in
commercial applications. The program contains
the code that checks for the presence of license
file. In addition, the license file identifies the
user to whom the software was issued. This
information can be used in a legal action against
the user who distributes the copies of the
software illegally. However, the attack on this
type of protection is to reverse engineer the code
and removing the code that implements the
protection or bypassing the key checking, while
leaving intact the code that provides the core
This paper proposes two byte code
obfuscation techniques, namely, Un-letting the
completion of statement and removing variable
and method name. The objective is to prevent
De-compilers from generating correct source
code by means of applying obfuscation
techniques to the Java byte code. Successful
program obfuscation will confer a number of
benefits, including protection of secrets in a
program, license management for software, and
provide software based tamper resistance which
will make reverse engineering uneconomical.
In the next section, we discuss briefly about
code obfuscation. In section 3, two different
approaches of achieving code obfuscation in
Java is discussed along with the obfuscation
techniques already suggested. Then in section 4,
we present the implementation of the two
proposed byte code obfuscation techniques,
namely, Un-letting completion of statement and
removing variable and method names, by taking
sample Java programs. Section 5 reveals the...
tracking img