{"id":562,"date":"2014-06-06T09:17:17","date_gmt":"2014-06-06T13:17:17","guid":{"rendered":"http:\/\/www.willhackforsushi.com\/?p=562"},"modified":"2014-06-06T09:17:55","modified_gmt":"2014-06-06T13:17:55","slug":"code-to-create-a-jd-gui-error","status":"publish","type":"post","link":"https:\/\/www.willhackforsushi.com\/?p=562","title":{"rendered":"Code to Create a JD-GUI Error"},"content":{"rendered":"<p>When evaluating Android applications, I often use <a title=\"Dex2Jar Home\" href=\"https:\/\/code.google.com\/p\/dex2jar\/\" target=\"_blank\">dex2jar<\/a> to take an Android APK file and convert it to a Java JAR file.\u00a0 With the APK-turned-JAR file I can examine the decompiled Java source for the application using <a title=\"JD-GUI Site\" href=\"http:\/\/jd.benow.ca\/\" target=\"_blank\">JD-GUI<\/a> or Mike Strobel&#8217;s <a title=\"Procyon Site\" href=\"https:\/\/bitbucket.org\/mstrobel\/procyon\/wiki\/Java%20Decompiler\" target=\"_blank\">Procyon<\/a>.<\/p>\n<p>Procyon is the far superior Java decompilation tool, which gracefully handles many conditions that JD-GUI cannot.\u00a0 Still, Procyon requires a few additional steps to use as a command-line tool, while Procyon has a nice GUI interface for quick and easy analysis (to be fair, Procyon does have a <a title=\"Procyon GUI Front-end\" href=\"http:\/\/secureteam.net\/Java-Decompiler.aspx\" target=\"_blank\">third-party GUI interface<\/a> as well, though it lacks some of the features in JD-GUI).<\/p>\n<p>As part of an exercise I am writing for my SANS Institute <a title=\"SANS SEC575 Page\" href=\"http:\/\/www.sans.org\/sec575\" target=\"_blank\">SEC575: Mobile Device Security and Ethical Hacking<\/a> course, I needed to force the student&#8217;s hand and require them to use Procyon.\u00a0 I needed to reproduce a situation where my sample code was not decompiled by JD-GUI properly.\u00a0 I lowered my standards enough to look at <a title=\"Obligatory Blogger XKCD Reference\" href=\"http:\/\/xkcd.com\/1334\/\" target=\"_blank\">page 2 of Google search results<\/a>, but I still could not find an example of Java code that could not be decompiled by JD-GUI.<\/p>\n<p>Looking through some APK files I had handy, I spotted an method that JD-GUI could not handle.\u00a0 Reversing the same code with Procyon gave me the method source, which I was able to narrow down to just a few lines of Java.\u00a0 If you are in the position where you want to stop someone from using JD-GUI to reverse-engineer a method, insert this code:<\/p>\n<pre class=\"brush: java; title: ; notranslate\" title=\"\">\r\n\/\/ Add these lines to your import section\r\nimport java.io.IOException;\r\nimport java.io.OutputStreamWriter;\r\n\r\n\/\/ Add this code to a method that you want JD-GUI to generate an error on\r\nOutputStreamWriter request = new OutputStreamWriter(System.out);\r\ntry {\r\n\trequest.close();\r\n} catch (IOException e) {\r\n}\r\nfinally {\r\n\trequest = null;\r\n}\r\n<\/pre>\n<p>The block of code opens the System.out object (the stdout reference), and then closes it. The rest is just being graceful. When decompiled with JD-GUI, the user will see this error:<\/p>\n<div id=\"attachment_567\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-567\" class=\"wp-image-567 size-full\" src=\"http:\/\/www.willhackforsushi.com\/wp-content\/uploads\/jdgui-error.png\" alt=\"JD-GUI Error\" width=\"600\" height=\"400\" \/><p id=\"caption-attachment-567\" class=\"wp-caption-text\">Error produced by JD-GUI when decompiling the shown code.<\/p><\/div>\n<p>So, the next time you need to stop people from reversing your code, add these lines to a method, and hope that they don&#8217;t know about <a title=\"Procyon Site\" href=\"https:\/\/bitbucket.org\/mstrobel\/procyon\/wiki\/Java%20Decompiler\" target=\"_blank\">Procyon<\/a>.<\/p>\n<p>-Josh<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When evaluating Android applications, I often use dex2jar to take an Android APK file and convert it to a Java JAR file.\u00a0 With the APK-turned-JAR file I can examine the decompiled Java source for the application using JD-GUI or Mike &hellip; <a href=\"https:\/\/www.willhackforsushi.com\/?p=562\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33,25,22],"tags":[],"class_list":["post-562","post","type-post","status-publish","format-standard","hentry","category-android","category-code","category-reverse-engineering"],"_links":{"self":[{"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/posts\/562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=562"}],"version-history":[{"count":5,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/posts\/562\/revisions"}],"predecessor-version":[{"id":570,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/posts\/562\/revisions\/570"}],"wp:attachment":[{"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}