What is Reddit's opinion of Java Decompiler?

From 3.5 billion Reddit comments

You could SSH into the RoboRIO and retrieve the compiled jar file. The file is located at /home/lvuser/FRCUserProgram on the RoboRIO. Afterwards, you can decompile it using a program such as this.

Java actually compiles to bytecode designed to run on a standard virtual machine. This way the platform differences of various types of CPUs are abstracted away by their implementation of the Java virtual machine (JVM). This is why Android, with its extreme diversity of CPU architectures, chose Java as its primary language.

The other side effect of using Java is that the bytecode can easily be decompiled and analyzed, and thus modded. Basically, the source code is mostly there even if it wasn't open.

Fully compiled languages such as C++ have platform specific compiler quirks or platform differences in their bytecode that make it fiendishly difficult to comprehend the mess.

Without source code of a C++ program, a modder would need a good grip on x86 assembly to even understand the mess, let alone pick at it.

> I think you're gonna have to decompile and adjust

Yup. Decompile it, change the code to use relative and/or configurable paths and compile it again.

Oh, and hit the original programmer for me would you? Thanks.

> ILSpy if you're doing .Net or Powershell development. Get to pull apart .Net assemblies/cmdlets and programs. It is free and open source.

And for Java side, there's the classic JD and new "competitor" Bytecode Viewer.

Alright so some software you need to download beforehand.

Cyberduck - A program to retrieve files over SSH.

A Java decompiler - Decompiles the jar file into readable code

1. Connect your laptop to the RoboRIO the same way as when you deploy code.
2. Open Cyberduck and open a new SFTP connection to the RoboRIO.
3. The server: "roborio-319.local", username: admin, password: (blank)
4. If successfully connected, the robot's code should be located at /home/lvuser/FRCUserProgram.jar
5. Copy that file to your laptop. It should be a .jar file.
6. Use the Java decompiler to open the jar file. You should now be able to see your source code. I believe this is view only, so you would have to copy the code into Eclipse.

If you have any trouble with the process, feel free to PM.

Gave the code a cursory glance using http://jd.benow.ca/ (java decompiler, lets you look at the source code of java apps), and it looks harmless so far. I'll be taking a deeper look since the app sounds fascinating in it's own. Will take a while though, theres like a 100 class files, OP clearly put a lot of work into this.

You can always run this in a Virtual Machine to be free of any worry. Google out Virtualbox + Ubuntu

Java is also fairly easy to decompile. You can look at the source code of most (if not all) mods with a tool like JD-GUI. That won't allow you to recompile them straight out of the box though because the Minecraft functions, classes and variables being used have to be reobfuscated when they're compiled, but it gives you easy insight into a mod's inner working.

Decompiling a mod in a way that allows you to change and recompile it is also possible but requires a bit more effort.

Your best bet is to decompile it.... Your code will come out functional, but hard to read. Also, this sub isn't the place to ask. Next time, forge forums, modding irc, or the modding subreddit.

http://jd.benow.ca

JD. You won't get parameter names, private method names, comments, or erasable annotations back, but you'll get somewhat readable implementation code, class and public method names back.

APKs are just zip archives.

Download them and extract the contents. Have a look inside.

Here are some resources that can help with your mission: https://sourceforge.net/projects/dex2jar/

http://jd.benow.ca/

In the past I've used http://jd.benow.ca JD-gui. Compilers tent to do some optimalisations so you will not get the exactly same code as was used to create the class file. Someone mentioned in other comment to use strings. Strings is a program that can search an executable for printable string. This means if someone is checking password with simple if or something similar, you will see password in the output. Strings are available in most linux distributions(in terminal). Sadly passwords are usually not stored in plain text in executables. An alternative to decompiling/reversing you can try to use debugger to examine memory contents. This kind of software is generally used with c or c-like languages. I personally don't have too much experience with java debuggers, but this can maybe help you http://stackoverflow.com/questions/2539614/is-there-a-disassembler-debugger-for-java-ala-ollydbg-softice-for-assembler . Feel free to PM me if you need help.

> Things like Java, yes. You can often even retrieve the comments.

Three years Java developer here. You are probably talking about "JavaDocs", but a sensible developer would not include them in a binary, instead they would be in a separate file (or there might be a build specifically for developers that has JavaDocs and source code in the .jar)

Comments do not ever make it into the binary. JavaDocs usually neither, they are rather exported to an extra file to keep the binary small.

JD http://jd.benow.ca/ (no install required) is a great decompiler which anyone can use to experience first hand how well Java bytecode decompiles. Just open any .jar and start reading.

To decompile your APK completely:

1. Use apktool to decompile the resources.

2. Rename your_app.apk to your_app.zip, open the zip file and get classes.dex.

3. Use dex2jar to convert dex file to jar file.

4. Use java decompiler of Intellij14 to convert this jar file to java sources. For those who don't have Intellij14, use JD

So finally, you have decompiled java source code, Android resources and a happy life.

I'm personally not familiar with modding (or Java, for that matter) but I took a gander. If he actually edited the class files he may have fiddled around with the Perlin generator, or some of its dependancies. I personally can't make heads or tails of it, but if you really want to try and figure it out I'd start thereabouts.

In the interest of education; I used this nifty program to peek at the BoP files.

> Example please?

http://plugins.bukkit.org/

> Good idea I'll fire up OllyDbg.

Minecraft is written in java OllyDby wont help you there. The minecraft coder pack could be of some use. You can also attach any java debugger to minecraft server / client and try to find bugs that way. If you just want to browse the code you can use something like this to decompile minecraft and look for ways to do it there.

What are you using to deobfuscate/decompile the code? I've used JD (among others, but that seemed to work best out of the things I tried) in the past, but I didn't have much luck with it: even some basic things, like arrays and nested classes, don't get decompiled properly and many of the features introduced in Java 5 or later don't really work at all (like generics or some switch-case statements).

Hi,thanks for the notice. I will upload the source code shortly. Till then you can try this- http://stackoverflow.com/questions/272535/how-do-i-decompile-java-class-files or for simply http://jd.benow.ca/ . Else you can wait for a while and I'll push the source code. Enjoy!

I used this to get the source code and all the project files and stuff out of the .jar in the STS files. Just use the GUI version though, I couldn't get the eclipse plugin to work.

Try using a Java decompiler like jd-gui

It's not perfect but should go a long way for a first attempt.

After decompiling, export the code and open it in your favourite IDE. If the code is obfuscated, just use refactoring to rename things as you discover their purpose. For running/debugging, you probably need to fix some things the decompiler got wrong

For the first part, you can decompile your JAR file and check that all your classes are there: http://jd.benow.ca/ (JD-GUI, a nice little JAR decompiler).

For the second part, I doubt it because if you were using an external library API, and that library was missing, you would have got an error message. In any case, you can use the -classpath or -cp flag on the command line to specify all the paths to JAR files that you need.

For instance, suppose your JAR file is called "myjar.jar", and it has a dependency on another JAR file called "external-lib.jar" located in /usr/local/somefolder (or say c:\somefolder), you could include it all by running your JAR file from the command line like so:

$ java -cp "./:/usr/local/somefolder/external-lib.jar" -jar myjar.jar

or

$ java -cp "./;c:\somefolder\external-lib.jar" -jar myjar.jar

on Windows.

The Java -classpath (short form, -cp) flag tells Java where to look for your dependencies. The "./" simply refers to the current directory you are located in, which is where I assume your myjar.jar file resides.

Sort of, you can use a decompiler which will more-or-less do what you want. Here's another one called procyon as well.

My personal favorite java decompiler. can take jar files or class files. As /u/MadConsular said, the compiled sources can be translated back into source files relatively easily. This application will generate the decompiled source files (.java) which you can copy/paste into a text editor and then recompile on your own. This solution isn't perfect, though. As /u/gungorthewhite mentioned, the decompiled source files can look quite different from the original code (but this decompiler actually does a halfway decent job of it).

Honestly, this isn't the best way to learn java. the best way it to build up from simple programs, not by modifying existing finished projects.

Yeah you should! It's written in Java, so he can decompile it and get the source code using this tool (I just tried it and can confirm that it is not obfuscated at all). It's quite well written and it looks like the author put in a lot of work on it.

you may have to try to recompile it to see if it has any errors. you said it's a very old game. perhaps the code isn't compatible with the latest java version you're running. java decompiler

You could encrypt the file and require a correctly entered key for decryption. The key would not be compared to the correct key and then you decrypt - instead the key would be used for decryption, so if it is wrong, the decryption fails. This would be safe against decompilation. (Java is extremely decompilation-friendly, see e.g. http://jd.benow.ca/)

Well, you can decompile it. It won't be 100% the same source code (method vars, comments and private function params will be gone) but it should give you an idea about what it does. But would this not be cheating?

I gotcha. Nobody's making you run it. However it's too simple of an app to necessitate open source. I can release the code, but that's useless because I could just fake the released code.

Two things of note: the 10KB filesize is far too small to transport a virus, the whole thing is 450 lines of code and very barebones to make the filesize small.

Additionally, you can decompile the .jar with something like http://jd.benow.ca/ and look at the code/packages. You'll see that I don't even import any web connection packages. Just Javax.crypto and swing etc.

you can check JD-GUI to view the source from the the unjar'd class files

http://jd.benow.ca/

take a look at the s class main function for laughs...

public static void main(String[] paramArrayOfString) { Object localObject1 = new URL("http://icanhazip.com/"); if ((((localObject1 = (localObject1 = new BufferedReader(new InputStreamReader(((URL)localObject1).openStream()))).readLine()) != null) || (((String)localObject1).length() > 0)) && (((localObject1 = (localObject1 = InetAddress.getByName((String)localObject1)).getCanonicalHostName()).contains("nhl")) || (((String)localObject1).contains("neulion")) || (((String)localObject1).contains("gov")) || (((String)localObject1).contains("nba")) || (((String)localObject1).contains("nfl")))) { System.err.println("Get fucked.");

basically if you're ip resolves to something containing neulion, gov, etc. you "get fucked." haha

I doubt anyone on this subreddit would know based on a pretty unknown app. What I would do is use dex2jar and jd-gui to take a look. Usually you can get a pretty good idea of how an app is doing something with dex2jar even if it is using proguard (just takes more hunting).

I haven't worked on an applet since college. But ASFAIK applets run in-browser. This makes me skeptical that the data itself is actually included in the bytecode. However I expect the applet is still downloaded as a compressed jar file. Are you able to decompile the code and look at the source?

I've used this decompiler on different projects: http://jd.benow.ca/ Just open the *.class files with this and you should be able to see the actual source code. You'll probably need to decompress the jar files with something like 7-zip. If you're familiar enough with Java to be able interpret the code, with some digging you should be able to find where they're loading the data from. It'll either point to a file within the JAR, or give you the URL to the remote database.

The only other option I can think of is to explore the files at random looking for anything that could be a database file. Something that ends in dat, db, sql, xml, json. Unfortunately it could be anywhere. But I'd keep an eye out for 'asset' or 'resource' folders. If it's not an ASCII file (xml, JSON, CSV, etc...) you'll still have an issue identifying what software to open the file with. But the file extension could give a pretty strong clue.