Wednesday, July 27, 2016

Java JAR Reverse Engineering Walkthrough

There are many ways to reverse engineer Java JAR file. However, I found the following steps are the fastest for me to understand the inner working of the Java code that I try to understand:
  1. Extract the target *.class file(s) from the Jar file with: jar -x command.
  2. If the class file(s) is/are recent one (>= java 1.5), use jadretro to condition the class file(s) before passing it through the jad java decompiler. jadretro is at:
  3. Decompile the java class(es) with jad. You can download jad at:
  4. Use doxygen ( plus graphviz( to generate the class inheritance and function call graph(s). This should give you an overview of how the class(es) works.
  5. Read the decompilation result as needed. I found that, step 4 will made this step easier as it gives you the hint(s) as to where to start reading the code.
Another approach is to use Radare2 ( But, I've never used Radare for Java decompilation. Therefore, I don't know yet how mature its support. 

Anyway, sometimes interoperability needs forced us to rely on reverse engineering to get insight into how things work. This also applies to Java.