臺灣博碩士論文加值系統

遠端運算近來使用得相當廣泛，在這類的應用上，程式往往是在執行時才動態地從伺服器端下載回客戶端，而客戶端的平台有許多種類，所以此類的程式必須具備跨平台的能力。為了要能夠跨平台，此類程式往往都相當高階，和原始程式之間同質性高，如此一來，程式就會很容易被反編譯，容易遭受到惡意反向工程的攻擊。
今日，Java的執行檔（bytecode）是最常使用的遠端程式。網路上有許多Java的程式。許多人透過Java的反編譯器（例如：SourceAgain與JAD）就可以將這些程式反編譯來取得其原始程式，為了要保護程式免於被反編譯，使用混淆器是最簡單的方式。經過混淆器的處理之後，程式執行起來依然正常，但是反編譯成功的難度卻大大地提高了。
目前對於混淆器的研究，都是集中在加入一些額外的分支來讓程式的控制流程變亂。在本論文中，我們提出一個全新的想法，利用Java的例外處理機制來混淆Java執行檔。我們將某些正確的分支藏在所謂的「例外處理表」中，並加入一些多餘和欺騙的分支。
我們將分支相關的指令使用一些會產生例外的指令來取代，當執行到此指令時便產生例外，然後到例外處理表查詢之後，直接跳到正確的程式區塊。我們可以把這個方式做一些改良，使得反編譯器更難偵測此例外。改良的方式分成「間接例外連結」與「多重例外連結」兩大類。如果同時混合使用上述的方式，即使反編譯器有偵測例外連結的機制，也不容易破解。我們取得了許多套反編譯器軟體，根據我們的實驗，目前的反編譯器都無法將已經被此技巧所混淆過的Java程式反編譯成功。

Recently, mobile computing and enterprise computing are more and more popular over computer networks. In mobile computing, it has become common to distribute mobile programs to the clients at the time when they needed. Because the client platforms are of many types, mobile programs have to be platform-independent. To ensure that, these mobile programs should be in high-level forms and be quite similar to the original source codes. Thus, the common platform-independent codes are easy to be decompiled, and hence they may trap into the risk of malicious reverse engineering attacks.
Nowadays, Java bytecode is the most widely-used platform-independent code and many Java programs have been developed and distributed. To get these programs as the form of source code, some Java decompilers, such as SourceAgain and JAD, are developed. To protect those Java bytecodes from being decompiled, the most feasible way is to obfuscate it. Normally, obfuscated code has logically the same behavior in execution as the original one, but much more difficult to be decompiled.
Most of the obfuscators today concentrate on attaching many redundant links to complicate program control flow; thus, confuse the decompilers. In this thesis, we propose an effective method, which is based on the Java exception handling mechanism, to extend the obfuscation capability. We hide links in exception tables, and replace original links with redundant and fake links.
We replace some branch-like instructions with the so-called exception-generating instructions whose exception handlers are the original blocks. The simplest way is to hide the links in the exception tables directly. But we can strengthen this with several indirect exception links, which make it more robust from being decompiled. Another effective way is to add some fake branches in the control flow to confuse the decompiler. The obfuscated code with faking links can be decompilable but the program logic is no longer meaningful, or even cannot be decompiled because of violating the Java language. In our experiments, the codes obfuscated using our approach are successfully protected from all of the decompilers and unobfuscators that we have found.

Chapter 1 Introduction
Chapter 2 Java Class File Format
2.1 The ClassFile Structure
2.2 The “Code” Attribute
Chapter 3 Exception Handling Mechanism
3.1 The Causes of Exceptions
3.2 Handling an Exception
3.3 The Exception Hierarchy
3.4 The Classes Exception and RuntimeException
3.5 Bytecode about Exception Handling
Chapter 4 Obfuscation using Exception Handling Mechanism
4.1 Traditional Approaches
4.2 Direct Exception Links
4.3 Indirect Exception Links
4.4 Multiple Exception Links
4.5 An Example Using Our Approach
Chapter 5 Runtime Exceptions
Chapter 6 Concluding Remarks and Future Works

1. Pamela Samuelson. Reverse-engineering Someone Else’s Software: Is It Legal? IEEE Software, page 90-96, January 1990.
2. Apple’s QuickTime lawsuit. http://www.macworld.com/pages/june.95/News.848.html and http://www.macworld.com/pages/may.95/News.705.html, May-June 1995.
3. David Aucsmith. Tamper Resistant Software. In Information hinding, pages 317-334, May/June 1986. LNCS 1174.
4. James R. Gosler. Software Protection: Myth or Reality? In CRYPTO’85 — Advances in Cryptology, pages 140-157, August 1985.
5. Christina Cifuentes and K. John Gough. Decompilation of Binary Programs. Software — Practice & Experience, 25(7):811-829, July 1995.
6. Amir Herzberg and Shlomit S. Pinter. Public Protection of Software. ACM Transactions on Computer Systems, 5(4):371-393, November 1987.
7. Uwe G. Wilhelm. Cryptographically Protected Objects. http://lsewww.epfl.ch/~wilhelm/CryPO.html, 1997.
8. Tim Lindholm and Frank Yellin, The Java Virtual Machine Specification, 2nd Ed. 1999, Addision-Wesley.
9. Christian Collberg, Clark Thomboson, and Douglas Low. A Taxonomy of Obfuscating Transforms. Technical Report 148, Department of Computer Science, University of Auckland, July 1997. http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborsonLow97a/index.html.
10. Christian Collberg, Clark Thomboson, and Douglas Low. Manufacturing Cheap, Resident, and Stealthy Opaque Constructs. SIGPLAN-SIGACT POPL’98. ACM Press, San Diego, CA, January 1998. http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborsonLow98a/index.html.
11. Christian Collberg, Clark Thomboson, and Douglas Low. Breaking Abstractions and Unstructuring Data Structures. Computer Languages, 1998. Proceedings. 1998 International Conference, pages: 28 — 38.
12. Godfrey Nolan, Decompiling Java, http://www.riis.com/depile.html