JD-GUI

Overview

JD-GUI (Java Decompiler GUI) is a standalone graphical application that displays Java source code from compiled class files and JAR archives. It enables security professionals to reverse engineer and analyze Java applications during authorized code reviews and penetration tests.

The tool converts Java bytecode back into human-readable source code, making it invaluable for vulnerability research, malware analysis, and application security assessment.

Installation

Prerequisites

• Java Runtime Environment (JRE) 8 or higher
• At least 2GB RAM recommended
• X11 display server (for Linux)
• Windows, macOS, or Linux operating system

Download and Installation

# Download latest release (Linux/macOS)
wget https://github.com/java-decompiler/jd-gui/releases/download/latest/jd-gui-linux-1.6.6.zip

# Extract archive
unzip jd-gui-linux-1.6.6.zip
cd jd-gui

# Make executable
chmod +x jd-gui

# Run application
./jd-gui

macOS Installation

# Using Homebrew
brew install jd-gui

# Or download DMG
wget https://github.com/java-decompiler/jd-gui/releases/download/latest/jd-gui-osx-1.6.6.tar.gz
tar -xzf jd-gui-osx-1.6.6.tar.gz

Windows Installation

# Download Windows executable
# https://github.com/java-decompiler/jd-gui/releases

# Extract and run jd-gui.exe
cd jd-gui
jd-gui.exe

Docker Installation

# Build Docker image
docker build -t jd-gui .

# Run with display forwarding
docker run -it -e DISPLAY=$DISPLAY \
  -v /tmp/.X11-unix:/tmp/.X11-unix \
  -v /path/to/jars:/workspace \
  jd-gui

Basic Usage

Command Line Interface

# Open JAR file
./jd-gui target.jar

# Open CLASS file
./jd-gui MyClass.class

# Open multiple files
./jd-gui file1.jar file2.jar file3.class

# Export decompiled source
./jd-gui -o output.src target.jar

GUI Workflow

Task	Steps
Open File	File → Open or Ctrl+O
Export Source	File → Export → Source Code
Export as Zip	File → Export → Zip Archive
Search Text	Edit → Find or Ctrl+F
Navigate Class	View → Hierarchy or F2
Back/Forward	Navigation arrows or Alt+← / Alt+→

Decompilation Operations

Opening and Analyzing Code

# Start JD-GUI
./jd-gui

# Open JAR through command line
./jd-gui application.jar

# Open multiple archives
./jd-gui app1.jar app2.jar lib/*.jar

# Open WAR file (Web Archive)
./jd-gui application.war

# Open EAR file (Enterprise Archive)
./jd-gui enterprise.ear

Viewing Decompiled Code

The main window displays:

• Left panel: Package and class tree structure
• Right panel: Decompiled Java source code
• Bottom: Line numbers, syntax highlighting
• Search bar: Find strings in code

# Example: Navigate application structure
# 1. Expand packages in left tree
# 2. Click class to view source in right panel
# 3. Use Ctrl+F to search within source
# 4. Double-click methods to jump to definition

Code Analysis Techniques

Searching and Navigation

# Search for text in decompiled code
# Menu: Edit → Find (Ctrl+F)
# - Find class names containing "Controller"
# - Search for hardcoded credentials or API keys
# - Locate security checks and validation logic

# Use Find & Replace dialog
# - Highlight instances of sensitive strings
# - Track usage patterns across codebase

# Navigate class hierarchy
# Menu: View → Hierarchy or F2
# - Shows inheritance relationships
# - Displays interface implementations
# - Reveals composition structure

Method and Field Analysis

# Examine method signatures
# Click method in source code to see:
# - Return types
# - Parameter types and names
# - Exception declarations
# - Annotation decorators

# Analyze field access
# Track where fields are read/written
# Identify data flow through application
# Find sensitive variable handling

# Search for specific patterns
Find Dialog:
  - "password" → locate credential handling
  - "encrypt" → find encryption routines
  - "secret" → identify key management
  - "System.exit" → find exit handlers
  - "Runtime.exec" → locate command execution

Export and Processing

Export Decompiled Source

# Export single file as source
./jd-gui target.jar --output output.src

# Export to zip archive containing all source
./jd-gui target.jar -o application-sources.zip

# Batch export multiple JARs
for jar in *.jar; do
    ./jd-gui "$jar" -o "${jar%.jar}-source.zip"
done

Organize Exported Code

# Extract exported sources
unzip application-sources.zip

# Create directory structure
mkdir -p analysis/sources
cd analysis/sources

# Extract and organize
unzip ../../application-sources.zip

# Verify structure
find . -name "*.java" | head -20

Post-Processing Exported Code

# Count total lines of code
find . -name "*.java" -exec wc -l {} + | tail -1

# Find largest classes
find . -name "*.java" -exec wc -l {} \; | sort -nr | head -10

# Identify decompilation issues
grep -r "/* synthetic method */" . | wc -l
grep -r "// TODO" . | head -10

# Search for vulnerable patterns
grep -r "exec(" . --include="*.java"
grep -r "eval" . --include="*.java"
grep -r "getRuntime()" . --include="*.java"

Security Analysis Workflows

Vulnerability Detection

# Analyze for common security issues

# 1. Find SQL injection vulnerabilities
grep -r "SELECT\|INSERT\|UPDATE" . --include="*.java" | \
  grep -v "PreparedStatement" | head -20

# 2. Locate hardcoded credentials
grep -r "password\|api_key\|secret" . --include="*.java" \
  --include="*.properties" -i

# 3. Check for insufficient input validation
grep -r "parseInt\|parseDouble" . --include="*.java" | \
  grep -v "try\|catch"

# 4. Find dangerous method calls
grep -r "Runtime.getRuntime\|exec\|ProcessBuilder" . \
  --include="*.java"

# 5. Identify encryption weaknesses
grep -r "DES\|MD5\|SHA-1" . --include="*.java" -i
grep -r "new Random\|nextInt" . --include="*.java"

Code Quality Analysis

# Identify code patterns for review

# Find class complexity indicators
for file in $(find . -name "*.java"); do
  lines=$(wc -l < "$file")
  methods=$(grep -c "public\|private\|protected" "$file")
  echo "$lines methods:$methods - $file"
done | sort -rn | head -20

# Locate hardcoded values
grep -r "\"[0-9.]*\"" . --include="*.java" | \
  grep -v "version\|debug" | head -20

Advanced Features

Customization and Preferences

In JD-GUI menu, navigate to:

• Preferences → Appearance: Font, colors, syntax highlighting
• Preferences → Decompiler: Algorithm options
• Preferences → Security: Display hints for decompilation issues

# Configuration files typically located in:
# Linux: ~/.jd-gui or ~/.config/jd-gui
# macOS: ~/Library/Preferences/JD-GUI
# Windows: %APPDATA%\JD-GUI

Decompilation Settings

Setting	Purpose
Show Line Numbers	Track decompiled code locations
Show Metadata	Display bytecode information
Colorized Syntax	Improve code readability
Auto Update	Refresh on file changes
Show Warnings	Display decompilation issues

Handling Special Files

# JAR files with native libraries
./jd-gui app-with-natives.jar
# JD-GUI extracts and shows .jar contents, lists .so/.dll separately

# Obfuscated code analysis
./jd-gui obfuscated.jar
# - Variables show as: a, b, c, $1, $2
# - Class names may be: a, b, aaa, bbb
# - Methods appear as: a(), b(), execute()
# - Examine flow logic despite unclear naming

# Android APK files (via APK tool first)
# Convert APK to dex, dex to jar, then analyze
apktool d app.apk
# Then analyze extracted classes.dex

Integration with Other Tools

Combine with Bytecode Analysis

# Use javap for detailed bytecode inspection
javap -c -private -constants ClassName > bytecode.txt

# Cross-reference with JD-GUI decompiled output
# Compare decompiled source to actual bytecode

# Identify decompilation accuracy
javap -v ClassName.class | grep -A 10 "methodname"

Integration with IDE

# Export sources to IDE project
./jd-gui target.jar -o sources.zip

# Import into IntelliJ IDEA
# File → Open → sources.zip → Open as Project

# Import into Eclipse
# File → Import → General → Existing Projects into Workspace
# Select extracted sources directory

# Use IDE's built-in analysis tools
# - Inspect Code
# - Find Usages
# - Call Hierarchy
# - Dependency Analysis

Automation Scripts

#!/bin/bash
# Batch decompile multiple JARs with analysis

TARGET_DIR="${1:-.}"
OUTPUT_DIR="decompiled_analysis"

mkdir -p "$OUTPUT_DIR"

for jar_file in $(find "$TARGET_DIR" -name "*.jar"); do
    echo "Decompiling: $jar_file"
    jar_name=$(basename "$jar_file" .jar)
    
    # Decompile JAR
    jd-gui "$jar_file" -o "$OUTPUT_DIR/${jar_name}-source.zip"
    
    # Extract and analyze
    unzip -q "$OUTPUT_DIR/${jar_name}-source.zip" \
      -d "$OUTPUT_DIR/$jar_name"
    
    # Generate analysis
    echo "=== $jar_name ===" >> "$OUTPUT_DIR/analysis.txt"
    find "$OUTPUT_DIR/$jar_name" -name "*.java" | \
      wc -l >> "$OUTPUT_DIR/analysis.txt"
done

echo "Decompilation complete. Results in $OUTPUT_DIR/"

Handling Decompilation Issues

Common Decompilation Problems

Issue	Cause	Solution
Unreadable variable names	Obfuscation	Analyze control flow instead
Syntax errors in output	Version mismatch	Try alternative decompiler
Missing code sections	Encrypted/packed	Use bytecode analysis tools
Corrupted output	Malformed class	Verify class file integrity
Performance slowdown	Large JAR files	Process incrementally

Troubleshooting

# JAR file won't open
# - Verify file is valid JAR: unzip -t file.jar
# - Check file permissions: ls -la file.jar
# - Try with specific JRE version

# Decompiled code has errors
# - Check JD-GUI version is up to date
# - Verify Java source target version matches
# - Try alternative decompiler (cfr, procyon, JADX)

# Out of memory errors
# - Increase heap size: export _JAVA_OPTIONS="-Xmx4g"
# - Process smaller files first
# - Close unnecessary windows

# Display issues on Linux
# Verify X11 forwarding: echo $DISPLAY
# Or use headless alternative: cfr-all.jar --outputdir src/ target.jar

Best Practices

Ethical Reverse Engineering

• Only reverse engineer applications you own or have explicit authorization
• Document legitimate business reasons for analysis
• Follow responsible disclosure for found vulnerabilities
• Respect software licensing agreements and terms
• Maintain confidentiality of analysis results
• Use for authorized security testing only

Efficient Analysis

# Create organized workspace
mkdir -p analysis/{sources,notes,exports}

# Start with overview
# 1. Export complete sources
# 2. Analyze package structure
# 3. Identify key classes (main, controller, service)
# 4. Deep dive into interesting components

# Take organized notes
# - Record findings as you analyze
# - Note suspicious patterns
# - Track potential vulnerabilities
# - Document code flow and data movement

Security Testing Workflow

# 1. Preparation
jd-gui target.jar -o target-sources.zip
unzip target-sources.zip -d analysis/sources

# 2. Initial reconnaissance
find analysis/sources -name "*.java" | wc -l
find analysis/sources -name "Main*.java" -o -name "*Application.java"

# 3. Vulnerability search
cd analysis/sources
grep -r "eval\|exec\|Runtime" . --include="*.java"
grep -r "password\|secret\|key" . --include="*.java" -i

# 4. Document findings
cat > findings.txt << EOF
- Identified entry points
- Found security controls
- Noted potential vulnerabilities
- Recommended mitigations
EOF

See Also

• CFR decompiler (modern Java bytecode)
• Procyon decompiler (Java 8+ features)
• JADX (Android and Java decompiler)
• javap (bytecode inspection tool)
• Bytecode Viewer (multi-tool decompiler)
• Java reverse engineering methodologies
• Application security testing frameworks