Hey so we’re going to take a look today at how to start reading obfuscated code and how to understand it so you can study it so we’re going to use the minecraft.jar as our example because the minecraft community has a very strong modding community around it so here you See I’m I’m playing a little bit of Minecraft originally I wanted to go in and mod the rate that seeds are dropped when you use the hoe tool there but I kind of decided to do something a little bit more advanced we’re going to try to understand a little bit more about how And when mobs spawn so here I’m I’m going to find the minecraft.jar which is in the in your app data folder on windows under dot minecraft bin and i’m using java decompiler or JD GUI and opening up the minecraft.jar and here on the left you see all these lovely obfuscated classes On the right they show up as perfect Java so here we’re just looking at some of the decompiled classes here and now you can see there are also JD GUI will show you resources as well as of the latest version it’ll show you everything That’s in the jar so go to file save all sources and JD GUI will save all the Java files for you and in a nice handy zip file I’m going to save it in my dev folder so we can turn it into a Java project and start taking a look at the code All right I like to use IntelliJ I think it’s the best Java IDE but a lot of the same functionality you’ll see me use is available in eclipse or NetBeans for example so once you have your source zip go ahead and unzip it when I open this Up in IntelliJ it will prefer that I have a source folder here so I’m just going to rename this source and then if I go in here you’ll see all those Java classes we were just looking at in the D compiler um it’s kind of strange that All these Java files are just in the root usually they’re in package but because of the Diab fisken it just dumps them all into one folder but that’s fine so here in IntelliJ I’m creating a new project from existing sources and I’m going to specify the folder where I Unzipped all the minecraft Java source files use the source directory it detected the source zip as a library I’m just going to deselect that and it’s going to make one module a module in Eclipse is the same as a project so we’re just going to have one one project Or one module and we’re going to look at all the source code IntelliJ does some indexing so we get some nice help with code complete and cindex syntax highlighting and we’re going to use a lot of refactoring features like renaming classes renaming variables and things so basically when you start to Pick apart out this gated code you want to look for the low-hanging fruit and you want to find a lot of easy changes mark those rename those classes and then those will start to give you insight into the medium difficulty and so on up until the the hard to interpret classes So here’s the first way to get started the first the first way to kind of figure out where to start is to look for strings basically so here I’m specifying a regular expression that says basically find any string that is in quotes that’s of at least we’ll say of length 10 That’s a good place to start so it’s going to give us some good medium length strings and hopefully we’ll find something so I specify a regular expression I’m going to look in the whole project we’ll just limit it to Java files and let’s see what pops up okay so we have a Hit there I’m going to expand everything okay and let’s see what we have pixels resources feel to add size on disk okay so we have some interesting stuff ah okay jackpot okay so these are describing game items entities rain forest seasonal forest okay so this is Great we have a ton of stuff here this is what I meant by low-hanging fruit so anything that looks familiar we can double click on it and we can start renaming these variables in these classes based on these text hints that we’re picking up so this is all kinds of great places to Start the second way that you can go about starting the deification process is simply by just searching for particular elements that you know about my favorite enemy in the game is the creeper and since I want to focus on learning more about the enemy AI I’m Just going to do a search for a creeper and see what’s reference referencing this creeper ping so here I got a hit right away I could also just do a search for text creeper and the whole project and we can see see what we match just take off this and expand all results Okay and we have a couple of great hits here mob creeper that looks like a string ID mob creeper death creeper the name of a class so this is a great place to start we found something it’s definitely identifying this class as being the creeper so we can go ahead and rename it Yeah you can see right here is picking up the creeper pain this is definitely the creeper monster so I’m going to rename this since it’s pointing to a pain we know that this is going to represent the ping file name so that’s that’s easy see if there’s any other low Hanging fruit we see mob creeper random fuse which is probably that sound that it makes one is about to blow you up mob creeper death is probably a like some sort of death related tag so we’re going to rename this here and don’t be afraid to make mistakes or or make Guesses if you find information later that contradicts names that you put in before you know take take what you take take the new information that you learn and and and incorporate it into what you know you’ll find that even really vague renaming can give you a lot of insight And help you take the next step in uncovering and kind of peeling away the layers of obfuscated code okay so we can just go ahead and rename this the creeper class alright umm once you rename it pop into the superclass okay this is all red here let’s see what’s Going on with that doo doo is a keyword and the obfuscator has named this this empty interface du which is probably causing my IDE to mess up so since that’s empty I’m just going to take it out yeah that’s much better okay so there’s the creeper it looks Like there’s a handful of other subclasses alright this is obviously the spider okay so this is probably the the enemy mob base class yep here’s skeleton okay so already we’re making some good headway in uncovering which classes are related to the the enemy mobs zombie yep okay so I’m just going to go through and rename some of these and you can see that that living paying file name variable that we renamed is in all of the well that’s cool I didn’t know that intelligent would show you a little picture of the ping that’s awesome anyway the living Ping file name equals and then it has that there so every little renaming that you do is going to help you later on like here I I named that class zombie too and pig zombie inherits from it so that’s a good hint yeah so we can rename this like enemy mom There we go so we go to enemy mobs base class and we see we have a whole slew of other new mobs okay sheep so type this in so this base class is probably the base class for all the friendly and enemy monsters here chicken extends Unknown living so I did when I named unknown living I didn’t know exactly what I did I didn’t have any hint for it so now I have some additional information that unknown living is a base class for something else so I can go to unknown living to I can see what Else is sub classing it okay so I’m nonliving to is the base class for all of these friendly mobs so this is probably a friendly mob base class I’m just trying to walk you through my thought process as I go through and pick apart office gated code okay we have Creepers enemy friendly mob if one more guy here it’s the squid and squid extends unknown living one perfect so we can rename this squid and I’m nonliving one these classes obviously for friendly water mobs so again even vague a vague name like unknown living later on helps Us to figure out what its true purpose is okay YouTube limits me to 15 minutes so I’m going to continue this in the next video okay I happen to know that char King is the player so we’re probably finding the player class well okay there’s a guest okay So I’ll talk to you in the in part two of trying to figuring out how to read obfuscated code Video Information
This video, titled ‘How to read obfuscated code (minecraft): part 1 of 3’, was uploaded by lterheyden on 2011-01-23 04:00:42. It has garnered 80647 views and 598 likes. The duration of the video is 00:12:56 or 776 seconds.
A multi-part tutorial on how to read / understand / de-obfuscate decompiled java source code. I decompile minecraft in order to analyze mob behavior. I walk you through how to get started deciphering obfuscated source code.
There are currently 3 parts to this tutorial. I might make a couple more in the future, if people like these.
Java app analyzed: Minecraft (1.2_2 beta) Decompiler: Java Decompiler (JD-GUI) Java IDE: IntelliJ IDEA (though any will work)
Thanks for watching!
