Re: reverse engineer c or java

[dagon () DAGON NET (Mark Rafn)]

On Fri, 19 May 2000, kj wrote:

> > Is there any difference in difficulty between reverse engineering
> > an executable file or a Java Class.

Java is quite a bit easier than C to decompile.  Both can be done,
however, and both are "difficult enough" that a casual user isn't going to
bother.

> > If the C or Java program is written with security in mind by an
> > experienced programmer, how long would it take to reverse engineer
> > each version of a fairly simple application?

"Written with security in mind" usually means that you don't care if it's
disassembled - you've paid attention and minimized exploitable errors, so
you could publish source if you liked and your product would be secure
(more secure, actually, as white-hats that find bugs will tell you).

But on the reverse-engineering front, java decompiles to somewhat-obscured
java, while native executables written in c disassemble into assembler,
not c.

> The desired effect is to have a program that a client downloads off
> the internet, and Matthew wants to know if it should be written in
> c or java.

Depends on the application.  It's rather paranoid and stupid IMO to choose
a language based on it being slightly easier for someone to reuse your
work.  There may be instances where this is a major concern, but they're
pretty rare.

--
Mark Rafn    dagon () dagon net    <http://www.dagon.net/>   !G