DANUT RUSU Protection Methods of Java Bytecode
DANUT RUSU Protection Methods of Java Bytecode
DANUT RUSU Protection Methods of Java Bytecode
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
if(!flag1){flag1 = true; maxs++;maxl++;}branch<strong>of</strong>fset += the count <strong>of</strong> theinserted bytes between i+3 andi+3+branch<strong>of</strong>fset;int n = flag2?maxl-2:maxl-1, h = 1;if(n > 4){inserts two bytes at i+3; count+=2;Byte[i] = 21; // iload nByte[i+1] = n; h = 2;}else{inserts one byte at i+3; count++;Byte[i] = 26+n; // iload_n}Byte[i+h] = 153; // ifeq branch<strong>of</strong>fsetwrite branch<strong>of</strong>fset into Byte[i+h+1]and Byte[i+h+2];continue;}// if instructionsif(tag is between 153 and 166 ||tag == 198 || tag == 199){if(branch<strong>of</strong>fset > 0){//this block inserts a sequence <strong>of</strong> the//following type before the current//instruction:// iload_(maxl-1)// ifne (with a branch<strong>of</strong>fset > 0)if(!flag){flag = true; <strong>of</strong>fset = i;continue;}if(!flag1){flag1 = true; maxs++;maxl++;}int n = flag2?maxl-2:maxl-1, h = 1;branch<strong>of</strong>fset = <strong>of</strong>fset - i;if(n > 4){inserts 5 bytes at i; count += 5;Byte[i] = 21; // iload nByte[i+1] = n;h = 2; <strong>of</strong>fset = i-5;}else{inserts 4 bytes at i; count += 4;Byte[i] = 26+n; // iload_n<strong>of</strong>fset = i-4;}Byte[i+h] = 154; // ifne branch<strong>of</strong>fsetwrite branch<strong>of</strong>fset into Byte[i+h+1]and Byte[i+h+2];continue;}else{//this block is similar with above//blocks and inserts a sequence <strong>of</strong> the//following type after the current//instruction:// iload_(maxl-1)// ifne <strong>of</strong>fset//where branch<strong>of</strong>fset < <strong>of</strong>fset < -8}}// tableswitch and lookupswitchif(tag == 170 || tag == 171){}if(!flag1){flag1 = true; maxs++;maxl++;}if(!flag2){flag2 = true; maxs++;maxl++;}//this block is similar with the above//blocks//it inserts before the current//instruction, between istore and iload,//a sequence <strong>of</strong> the type:// iload_(maxl-2)// iload_(maxl-1)// ifne (branch<strong>of</strong>fset=7)// ifne (branch<strong>of</strong>fset at an instruction//placed after lookupswitch)//inserts between iload and//lookupswitch a sequence <strong>of</strong> the type:// iload_(maxl-1)// ifne (branch<strong>of</strong>fset at an instruction//placed after lookupswitch)}}for each instruction with a negativebranch<strong>of</strong>fset, writes the actual branch<strong>of</strong>fse;Max_Stack = maxs; Max_Locals = maxl;Bytes_Count += count - Code_CountCode_Count = count;3.2. Some testsAll the following codes have been obfuscatedand disassembled by means <strong>of</strong> JCD and decompiledby means <strong>of</strong> JAD.3.2.1. for/while ObfuscationWe consider the method:static void a(){for(int i=0; i< 100;i++) System.out.println(i);}By obfuscating we obtain the following JVM code:0 iconst_03 istore_14 iconst_05 istore_06 iload_1 // goto substitute7 ifeq 2010 getstatic java/lang/System/out Ljava/io/PrintStream;13 iload_014 invokevirtual java/io/PrintStream/println (I)V17 iinc 0 120 iload_021 bipush 10023 if_icmplt 1026 iload_1 // code <strong>of</strong> confusion27 ifne 1730 returnInserted and replaced instructions are in bold-italics.217
Change language