OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: reverse engineer c or java
From: Mark Rafn (dagonDAGON.NET)
Date: Sat May 20 2000 - 14:25:13 CDT

On Fri, 19 May 2000, kj wrote:

>> Is there any difference in difficulty between reverse engineering
>> an executable file or a Java Class.

Java is quite a bit easier than C to decompile. Both can be done,
however, and both are "difficult enough" that a casual user isn't going to
bother.

>> If the C or Java program is written with security in mind by an
>> experienced programmer, how long would it take to reverse engineer
>> each version of a fairly simple application?

"Written with security in mind" usually means that you don't care if it's
disassembled - you've paid attention and minimized exploitable errors, so
you could publish source if you liked and your product would be secure
(more secure, actually, as white-hats that find bugs will tell you).

But on the reverse-engineering front, java decompiles to somewhat-obscured
java, while native executables written in c disassemble into assembler,
not c.

> The desired effect is to have a program that a client downloads off
> the internet, and Matthew wants to know if it should be written in
> c or java.

Depends on the application. It's rather paranoid and stupid IMO to choose
a language based on it being slightly easier for someone to reuse your
work. There may be instances where this is a major concern, but they're
pretty rare. 

--
Mark Rafn    dagondagon.net    <http://www.dagon.net/>   !G