Future work

November 29, 2006

You must be noticed that I was absent for quite a long period of time. Well, nothing serious I have had some more important things to do, but it is over and I am here again. What are my plans? Finish COD work, article about funny stuff with Pointsec for Windows Mobile …

Advertisements

Answering the questions …

November 29, 2006

Answering the questions regarding reverse of COD files. COD file is a result of conversion of a normal java application. RIM provides a special tool which allows to do that – rapc.exe. The first thing you can notice about this tool is that it contains two parts – rapc.exe and rapc.jar. The first part seems to be a simple wraper around jar file which looks like a main code repository. But quick look on rapc.jar brings you a bad news – it is obfuscated by RetroGuard. Well, nobody expected that it would be easy. But an old trick with RetroGuard still works fine. The result of deobfuscation is still far away from a normal java source code but it gives us a nice starting point – unique identifiers for functions, variables and constants. The next magic word is Refactoring. It is probably the most boring and in the same time interesting part of the process. At this stage we are looking for any clue inside of the code – memory references, constants, application messages, and etc. Once a clue is found we slowly progress forward from this point trying to trace all usage of discovered constant or function, replacing non-sense identifiers to functional ones. Imagine yorself to be a kind of Sherlock Holmes investigating a difficult case. Lucky for us RIM left a lot of clues inside.

Generally that is it. If you want details about reverse-engineering of java application you can check this link.