Decompiling Java Classes

Reverse Engineering
by TechnoHerder : 2 Comments

While there are many tools that we could use to decompile Java bytecode (with various degrees of success), let’s checkout the JD-GUI decompiler. Java-based web applications primarily consist of compiled Java class files that are compressed into a single file, a Java ARchive, or JAR, file. Using JD-GUI, we can extract the class files and subsequently decompile them back to Java source code.

http://java-decompiler.github.io/

Let’s demonstrate decompilation in JD-GUI with a test JAR file. We’ll create JAR/test.java on our Kali machine:

import java.util.*;

public class test{
	public static void main(String[] args){
		Scanner scanner = new Scanner(System.in);
		System.out.println("What is your favorite Web Application Language?");
		String answer = scanner.nextLine();
		System.out.println("Your answer was: " + answer);
	}
}

This basic Java application prompts for the user’s favorite language and prints the answer to the console. As part of the compilation process, we also set the Java source and target versions to 1.8, which is the current long-term suggested version from Oracle.

For this section, we will need a Java Development Kit (JDK) to compile the Java source. If it is not already installed, we can install it in Kali with “sudo apt install default-jdk”.

kali@kali:~$ javac -source 1.8 -target 1.8 test.java

After compiling the source code, test.class is written to our JAR directory. In order to package our class as a JAR file, we will need to create a manifest file. This is easily accomplished by creating the JAR/META-INF directory and adding our test class to the MANIFEST.MF file as shown below.

kali@kali:~$ mkdir META-INF
kali@kali:~$ echo "Main-Class: test" > META-INF/MANIFEST.MF

We can now create our JAR file by running the following command:

kali@kali:~$ jar cmvf META-INF/MANIFEST.MF test.jar test.class
added manifest
adding: test.class(in = 747) (out= 468)(deflated 37%)

Great! Now that we know our JAR file works, let’s copy it to the machine running JD-GUI. One easy way to transfer files is via SMB with an Impacket script. In our JAR directory, we will issue the following command:

Creating a temporary SMB Server on Kali Linux

We’ll use Windows Explorer to navigate to our Kali SMB server with the Samba server running using the \\your-kali-machine-ip\test path. We’ll then copy test.jar to the desktop of the machine with JD_GUI installed. Finally, we can open JD-GUI using the taskbar shortcut and drag our JAR file on its window.

At this point, we should be able to use the left navigation pane to navigate to the decompiled code in JD-GUI, as shown in Figure 46.

Navigating the decompiled source code

In a manner similar to the cross-reference analysis that can be performed with dnSpy, we can also search the decompiled classes for arbitrary methods and variables with JD-GUI. However, the user interface is non-intuitive and may be cumbersome when used with large and complex applications.

Searching for arbitrary strings in JD-GUI

2 thoughts on “Decompiling Java Classes

  1. Thіs site was… how ddo yoᥙ say it? Relevant!! Finalⅼy Ӏ’ve found somеtһing that
    helped me. Thаnks a lօt!

    Reply

  2. A motivating discussion is definitely worth comment.

    There’s no doubt that that you ought to publish more about this issue, it may not be a
    taboo subject but usually folks don’t speak about these issues.
    To the next! Best wishes!!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *