未來展望

當 反 編 譯 的 工 具 、 相 關 知 識 越 來 越 容 易 取 得 、 學 習 之 際 ， 混 淆 技 術 所 擔 負 的 責 任 就 相 形 加 重 。 未 來 ， 如 何 增 加 軟 體 反 編 譯 的 難 度 仍 有 賴 於 相 關 人 員 的 研 究 。 此 外 ， 由 於 智 慧 財 產 相 關 法 規 規 定 權 利 人 需 自 行 舉 證 以 證 明 他 人 確 有 侵 害 本 身 權 利 ， 故 軟 體 浮 水 印 (Software Watermarking) 的 重 要 性 將 與 日 俱 增 ， 亦 是 值 得 加 以 研 究 的 領 域 。 最 後 ， 法 律 、 道 德 上 的 防 範 更 是 值 得 加 強 的 重 點 ， 如 此 才 能 全 面 、 有 效 地 防 止 他 人 惡 意 反 編 譯 、 竊 取 機 密 進 而 保 護 自 身 的 智 慧 財 產 權 。

參考文獻

[1] Tim Lindholm, Frank Yellin, “The Java^TM Virtual Machine Specification＂ Second Edition, Addison Wesley, 1999

[2] Meyer, Downing, “Java Virtual Machine＂, O＇REILLY, 1997

[3] Bill Venners. “Inside the Java 2 virtual machine＂, McGraw-Hill, 1999.

[4] Mocha, the Java Decompiler,

http://www.brouhaha.com/~eric/computers/mocha.html

[5] Rachel Greenstadt, “Virtual Machine Technology Alone Cannot Stop Software Piracy＂.

[6] Collberg, Christian, Clark Thomborson and Douglas Low. “A taxonomy of obfuscating transformations＂, Technical Report 148, Department of Computer Science, University of Auckland, New Zealand, July, 1997.

http://www.cs.auckland.ac.nz/~collberg/Research/Publications/Collb ergThomborsonLow97a/index.html

[7] Jien-Tsai Chan and W. Yang, ＂ Advanced obfuscation techniques for Java bytecode＂, Journal of Systems and Software, July 2002. (NSC 89-2213-E-009-146 and NSC 90-2213-E-009-142).

[8] Bill Joy, Guy Steele, Jar Gosling, Gilad Bracha, “The Java Language Specification＂, Second Edition, Addison Wesley, 2000

[9] Mikhail Sosonkin, Gleb Naumovich and Nasir Menmon, “Obfuscation of

[12]蔡明修，「使用反反編譯混淆法設計與實作 Java 抗加入式浮水印產生器」，

國立成功大學，碩士論文，民國九十二年。

[13]Java Obfuscator: Zelix Klass Master, http://www.zelix.com

[14]Jad - the fast Java Decompiler, http://kpdus.tripod.com/jad.html [15]Christian Collberg, Clark Thomborson, “Watermarking,

Tamper-Proofing, and Obfuscation – Tools for Software Protection＂, IEEE Transactions on Software Engineering, vol.28, no.8, August 2002, pp. 735-746

[16]Christain Collberg, Clark Thomborson, ＂Software watermarking: models and dynamic embeddings＂, In Proceedings of the 26^th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, San Antonio, Texas, United States, 1999, pp. 311-324

[17]Christian Collberg, Clark Thomborson, Douglas Low,“Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs＂, In Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, San Diego, California, United States, 1998, pp. 184-196 [18]Douglas Low, “Protection Java Via Code Obfuscation＂, ACM Crossroads

Student Magazine, April 1998,

http://www.acm.org/crossroads/xrds4-3/codeob.html

[19]Christian Collberg, Clark Thomborson, Douglas Low, “Breaking Abstractions and Unstructuring Data Structures＂, IEEE International Conference on Computer Languages (ICCL'98).

[20]Chenghui Luo, Jian Zhao, “Obfuscating and Watermarking Java Software for Copyright protection＂, In the INI GraphicsNet research publications, Computer Graphik topics Issue 4, vol 11, 1999, pp. 31-32 [21]How to Write Unmaintainable Code Coding Obfuscation.

http://mindprod.com/unmainobfuscation.html

[22]Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai A., Vadhan, S. and Yang, K. (2001), ＂On the (im)possibility of obfuscating

programs＂ Lecture Notes in Computer Science, 2139:1-18, Springer-Verlag.

[23]Patrick Lam., “Of Graphs and Grounds: Decompiling Java＂, Sable Technical Report No. 6, September 10, 1998.

[24]Raja Vallee-Rai, “Soot: A Java Bytecode Optimization Framework＂, Master Thesis, School of Computer Science, McGill University, Montreal, 2000.

[25]McGill's "Dava" Java Decompiler,

http://www.program-transformation.org/twiki/bin/view/Transform/Dec ompilationDava#McGill_s_Dava_Java_Decompiler

[26]Miecznikowski, J.Hendren, ＂Decompiling Java Using Staged Encapsulation＂, In Reverse Engineering, 2001. Proceedings. Eighth Working Conference, Oct. 2001, pp.368-374

[27]Jclasslib,

http://www.ej-technologies.com/products/jclasslib/overview.html [28]Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S.,Stefanovic,

D. and Zovi, D.D. (2003),＂Randomized instruction set emulation to disrupt binary code injection Attacks＂, Proc. 10th ACM Conference on Computer and Communications Security (CCS2003), 281-289,Washington DC, USA.

[29]Jonh C. Martin. “Introduction to Languages and the Theory of Computation＂, Third Edition, McGRAW-Hill, 2003.

[33]SourceTec Java Decompiler, http://www.srctec.com/decompiler/

[34]JReversePro,

http://sourceforge.net/project/showfiles.php?group_id=31100 [35]JODE, http://jode.sourceforge.net/

[36]ClassSpy,

http://www.freedownloadscenter.com/Programming/Java/ClassSpy.html [37]JAscii, http://zdnet.com.com/3001-2417_2-10227092.html?idl=n [38]Stunnix CXX-Obfus - the obfuscator for C and C++ source code.

http://www.stunnix.com/prod/cxxo/overview.shtml?g [39]C++ Source Code Obfuscator.

http://www.semdesigns.com/Products/Obfuscators/CppObfuscator.html

附錄一

附錄一：指令分類 1.Simple Instruction

<1>opcode 之後沒有 operand

<2>指令長度為 1

wide nop aconst_null iconst_m1 iconst_0 iconst_1 iconst_2 iconst_3 iconst_4 iconst_5 lconst_0 lconst_1 fconst_0 fconst_1 fconst_2 dconst_0 dconst_1 iload_0 iload_1 iload_2 iload_3 lload_0 lload_1 lload_2 lload_3 fload_0 fload_1 fload_2 fload_3 dload_0 dload_1 dload_2 dload_3 aload_0 aload_1 aload_2 aload_3 iaload laload faload daload aaload baload caload saload istore_0 istore_1 istore_2 istore_3 lstore_0 lstore_1 lstore_2 lstore_3 fstore_0 fstore_1 fstore_2 fstore_3 dstore_0 dstore_1 dstore_2 dstore_3 astore_0 astore_1 astore_2 astore_3 iastore lastore fastore dastore aastore bastore castore sastore pop pop2

dup dup_x1 dup_x2 dup2 dup2_x1

dup2_x2 swap iadd ladd fadd

dadd isub lsub fsub dsub imul lmul fmul dmul idiv ldiv fdiv ddiv irem lrem frem drem ineg lneg fneg dneg ishl lshl ishr lshr iushr lushr iand land ior

lor ixor lxor i2l i2f

i2d l2i l2f l2d f2i f2l f2d d2i d2l d2f

i2b i2c i2s lcmp fcmpl

fcmpg dcmpl dcmpg ireturn lreturn freturn dreturn areturn return xxxunusedxxx arraylength athrow monitorenter monitorexit breakpoint

impdep1 impdep2

2.ImmediateByte Instruction

<1>opcode 之後的第一個位元組為其 operand

<2>指令長度為 2

bipush ldc iload lload fload

dload aload istore lstore fstore dstore astore ret newarray

3. ImmediateShort Instruction

<1> opcode 之後的第一、二個位元組為其 operand

<2>指令長度為 3

ldc_w ldc2_w getstatic putstatic getfield putfield invokevirtual invokespecial invokestatic new anewarray checkcast instanceof sipush

4. Branch Instruction

<1> opcode 之後的第一、二個位元組為其 operand

<2>指令長度為 3

<3>灰影所示是 non-conditional branch instruction

ifeq ifne iflt ifge ifgt

ifle if_icmpeq if_icmpne if_icmplt if_icmpge if_icmpgt if_icmple if_acmpeq if_acmpne goto

jsr ifnull ifnonnull

5. ImmediateInt Instruction

<1> opcode 之後的第一到第四個位元組為其 operand

<2>指令長度為 5

7. TableSwitch Instruction

<1>operand 的全部數目依前幾個 operand 計算而得

<2>變動長度指令，指令長度需依其 operand 進行運算 tableswitch

8. LookupSwitchInstruction

<1>operand 的全部數目依前幾個 operand 計算而得

<2>變動長度指令，指令長度需依其 operand 進行運算 lookupswitch

9. InvokeInterface Instruction

<1>opcode 之後第一、二個位元組為 operand 1，之後兩個位元組為 operand 2

<2>指令長度為 5 invokeinterface

10. Multianewarray Instruction

<1>opcode 之後第一、二個位元組為 operand 1，第三個位元組為 operand 2

<2>指令長度為 4 multianewarray

附錄二：測試程式二 PaperDemo2.java：

package a;

import java.util.Calendar;

public class PaperDemo2{

public static void main(String[] args){

Calendar rightNow = Calendar.getInstance();

int[] added = { 1, 5, 10, 20};

B b = new B();

b.add(added);

b.show();

System.out.println("Date = " + rightNow.getTime());

} }

B.java：

package a;

import java.lang.Integer;

import java.util.Vector;

public class B{

Vector v;

public B(){

v = new Vector(2);

}

public void show(){

for(int i = 0; i < v.size(); i++){

System.out.println("Element" + i + " = " + (Integer)v.elementAt(i));

} }

public void add(int[] added){

Object ob = null;

for(int i = 0; i < added.length; i++){

ob = new Integer(added[i]);

v.addElement(ob);

} } }

轉換規格(S)：

state input/output transition x state input/output transition x

goto /if_icmplt 4 0 goto /if_icmplt 5 0

if_icmplt /goto 7 2 if_icmplt/goto 4 1

aload_2 /newarray 5 0 aload_2/bipush 2 0

iconst_1 /aload_2 2 0 iconst_1/dup 1 0

newarray/iconst_1 1 0 newarray/astore_2 3 2

bipush/dup 6 3 bipush/aload_2 0 2

if_icmplt/if_icmplt 3 1 if_icmplt/if_icmplt 1 0

aload_2/iconst_1 4 0 aload_2/dup 4 0

iconst_1/iconst_1 5 0 iconst_1/iconst_1 1 0

newarray/bipush 4 2 newarray/newarray 6 0

if_icmplt/if_icmplt 6 7 if_icmplt/if_icmplt 2 0