zaboo.ma.fu

• Next message: SMILER: "Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER"
• Previous message: Pedro Hugo: "Re: reverse engineer c or java"
• In reply to: John Swensson: "Re: reverse engineer c or java"
• Next in thread: Bluefish: "Re: reverse engineer c or java"
• Next in thread: Mark Rafn: "Re: reverse engineer c or java"
• Reply: zaboo.ma.fu: "Re: reverse engineer c or java"
• Reply: Bluefish: "Re: reverse engineer c or java"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sup,
        I'd like to respond to this question by saying that I don't
believe worrying how reversable your program is is the answer. There
are many java class decompilers, such as my personal favorite 'jad',
that do an excellent job of translating compiled java to actual working
code. In the case of c/c++, there is always a 'ThreatCon Alpha' of
decompilation and disassembly. Any good hacker worth his weight in
code will be able to read the asm statements from a compiled program
or hex from a stripped binary.
        So what would be your most valuable tool to maintain proper
security in any program you write? Write well thought out code.
Learn about common bugs such as bad 'system()' placement or
buffer overruns. If you are dealing with encryption make sure your
code is strong enough so that it isnt easily brute forced. Don't
rely on advanced programming skills as a way to keep code secure
and obfuscated as there will always be someone talented enough to
understand it.
        What I really think good code comes down to is the following.
If you aren't secure enough to release the program to the public
open sourced you didn't secure the program.

Best of luck,
        initd_

initd_digital.net
http://digital.net/~initd_

> Hey KJ. I don't know if this sounds stupid or not, but this is
> basically what I want to know.
> Matthew
>
> Is there any difference in difficulty between reverse engineering
> an executable file or a Java Class. If the C or Java program is
> written with security in mind by an experienced programmer, how
> long would it take to reverse engineer each version of a fairly
> simple application?

> The desired effect is to have a program that a client downloads off
> the internet, and Matthew wants to know if it should be written in
> c or java. Though, I take it both can be reversed engineered by
> talented programmers; but I guess he wants to know which would be
> harder or more complex to "hack".

> I am not too sure, thus I am passing it on to you gurus.

> K.J.

> "Never argue with an idiot. He will take you down to his level, and
> beat you with experience."

• Next message: SMILER: "Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER"
• Previous message: Pedro Hugo: "Re: reverse engineer c or java"
• In reply to: John Swensson: "Re: reverse engineer c or java"
• Next in thread: Bluefish: "Re: reverse engineer c or java"
• Next in thread: Mark Rafn: "Re: reverse engineer c or java"
• Reply: zaboo.ma.fu: "Re: reverse engineer c or java"
• Reply: Bluefish: "Re: reverse engineer c or java"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]