Reverse Engineer (de-obfuscate) my program.

Status
This thread has been locked.
LamerGamerYT

LamerGamerYT

Discord Bots - Discord Setups
Premium
Feedback score
24
Posts
329
Reactions
84
Resources
0
Hey!
Can anyone here de-obfuscated my program? It is a very simple program. Requesting this to make sure the programs I obfuscated are safe and they cannot be reverse engineered.
Not sure if this was the right section to post this thread... o_O

Here is the program link (It is a simple program that tells you your HWID): Click here
 
Click to expand...
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.
Ghast

Ghast

Founding Father of Hypocrisy - https://artemis.ac
Supreme
Feedback score
54
Posts
2,096
Reactions
3,285
Resources
79
LamerGamerYT said:
Hey!
Can anyone here de-obfuscated my program? It is a very simple program. Requesting this to make sure the programs I obfuscated are safe and they cannot be reverse engineered.
Not sure if this was the right section to post this thread... o_O

Here is the program link (It is a simple program that tells you your HWID): Click here
Click to expand...
What obfuscator did you use?
 
GotoFinal

GotoFinal

Feedback score
1
Posts
33
Reactions
15
Resources
0
If you already told everyone what it does, then what it the point of deobfuscation? whole idea of reverse engineering is to understand the code and re-create it.
And with something that small no matter how strong your obfuscation is it is very simple to decompile everything.
Also you enabled many shitty obfuscation methods that will make your code A LOT slower, as near every call uses reflections, even decoding string requires generating stack trace that is very costly operation.
Remember that obfuscation can't be used for security, like hiding some secure data etc... As it is always possible to deobfuscate this, it is only how much someone wants to do this.
If it is piece of shit, then even if you will publish it on github no one will get the code ;)
 
LamerGamerYT

LamerGamerYT

Discord Bots - Discord Setups
Premium
Feedback score
24
Posts
329
Reactions
84
Resources
0
GotoFinal said:
If you already told everyone what it does, then what it the point of deobfuscation? whole idea of reverse engineering is to understand the code and re-create it.
And with something that small no matter how strong your obfuscation is it is very simple to decompile everything.
Also you enabled many shitty obfuscation methods that will make your code A LOT slower, as near every call uses reflections, even decoding string requires generating stack trace that is very costly operation.
Remember that obfuscation can't be used for security, like hiding some secure data etc... As it is always possible to deobfuscate this, it is only how much someone wants to do this.
If it is piece of shit, then even if you will publish it on github no one will get the code ;)
Click to expand...
Hey, the point of this was to know if my method of obfuscation is just good enough.
Asking this as I am going to be uploading some resources and want them obfuscated. Also, speed isn't much of a problem for me as of now.
 
StealWonders

StealWonders

Supreme
Feedback score
3
Posts
97
Reactions
34
Resources
0
Anything can be reverse engineered with enough time and dedication.
 
GotoFinal

GotoFinal

Feedback score
1
Posts
33
Reactions
15
Resources
0
LamerGamerYT said:
Hey, the point of this was to know if my method of obfuscation is just good enough.
Asking this as I am going to be uploading some resources and want them obfuscated. Also, speed isn't much of a problem for me as of now.
Click to expand...
I hope that are not plugins for mc servers... as usage of such kind of obfuscation in any event might be deadly for server - as remember your plugin is not the only one on server.
 
O

Olexorus

Feedback score
0
Posts
4
Reactions
0
Resources
0
LamerGamerYT said:
It's a double obfuscated jar.
Click to expand...
Do you still want us to try to reverse it? Because Ghast said he cracked it, but didn't say how

EDIT: Well nevermind, I was bored, here's code that produces exactly the same output as your jar:
Code: 
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class Reversed
{
    public static void main(String[] args)
    {
        try {
            String information = System.getenv("PROCESSOR_IDENTIFIER") + System.getenv("COMPUTERNAME") + System.getProperty("user.name").trim();
            byte[] hashed = MessageDigest.getInstance("MD5").digest(information.getBytes("UTF-8"));
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < hashed.length; ++i) {
                sb.append(Integer.toHexString(hashed[i] + 0x300));
                if (i != hashed.length - 1)
                    sb.append("-");
            }
            System.out.println(sb);
        } catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }
}
 
Last edited:
LamerGamerYT

LamerGamerYT

Discord Bots - Discord Setups
Premium
Feedback score
24
Posts
329
Reactions
84
Resources
0
Olexorus said:
Do you still want us to try to reverse it? Because Ghast said he cracked it, but didn't say how

EDIT: Well nevermind, I was bored, here's code that produces exactly the same output as your jar:
Code: 
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class Reversed
{
    public static void main(String[] args)
    {
        try {
            String information = System.getenv("PROCESSOR_IDENTIFIER") + System.getenv("COMPUTERNAME") + System.getProperty("user.name").trim();
            byte[] hashed = MessageDigest.getInstance("MD5").digest(information.getBytes("UTF-8"));
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < hashed.length; ++i) {
                sb.append(Integer.toHexString(hashed[i] + 0x300));
                if (i != hashed.length - 1)
                    sb.append("-");
            }
            System.out.println(sb);
        } catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }
}
Click to expand...
Hmm, thanks, could you let me know how you did it?
 
O

Olexorus

Feedback score
0
Posts
4
Reactions
0
Resources
0
LamerGamerYT said:
Hmm, thanks, could you let me know how you did it?
Click to expand...
Nothing special, I put it into ProGuard to change the identifiers into normal letters which made the decompiled source readable. Then I added code to the String decryption method that prints out the decrypted String right before it's returned, which gave me almost all of the information I needed. Last, I just had to copy the decompiled source into my IDE, give the variables names that made sense and simplified the useless ifs. The result is the code I posted.
 
Last edited:
LamerGamerYT

LamerGamerYT

Discord Bots - Discord Setups
Premium
Feedback score
24
Posts
329
Reactions
84
Resources
0
Olexorus said:
Nothing special, I put it into ProGuard to change the identifiers into normal letters which made the decompiled source readable. Then I added code to the String decryption method that prints out the decrypted String right before it's returned, which gave me almost all of the information I needed. Last, I just had to copy the decompiled source into my IDE, give the variables names that made sense and simplified the useless ifs. The result is the code I posted.
Click to expand...
Alright, thanks for your help.
 
Status
This thread has been locked.
Top