X hits on this document





34 / 120

5.3 Recommended Reversing Tool for the Java Exercise

If using Jad from the command-line doesn't sound appealing there is a freeware

graphical tool built upon Jad called FrontEnd Plus that provides a simple workbench for

decompiling classes and browsing the results [16]; it also has a convenient batch mode

where multiple Java class files can be decompiled at once. After editing the Java

generated by Jad, it’s necessary to recompile the source back to bytecode in order to

integrate the changes. The ability to recompile the generated Java is not functional in the

FrontEnd Plus workbench for some reason, though it’s simple enough to do the

compilation manually. Next we mention an animated tutorial for reversing a Java

implementation of the Password Vault application, which was introduced in Section 4.

Fig. 5.2 shows a FrontEnd Plus workbench session containing the decompilation of


To demonstrate using the FrontEnd Plus to reverse engineer and patch a Java

bytecode, a Java version of the Password Vault application was developed; recall that the

animated tutorial in Section 4 introduced the machine code (C++) version. The Java

version of the Password Vault application uses 128-bit instead of 256-bit AES encryption

because Sun Microsystem's standard Java Runtime Environment (JRE) does not provide

256-bit encryption due to export controls. A trial limitation of five password records per

users is also implemented in the Java version. Unfortunately, Java does not support

conditional compilation, so the source code cannot be compiled to omit the trial

limitation without manually removing it or using a custom build process.


Document info
Document views472
Page views473
Page last viewedThu Jan 19 15:42:17 UTC 2017