chris uchizono

he/him/his

Blog posts

2025

I Always Forget Nakayama’s Lemma

13 minute read

Published:

One theorem that I have learned in algebra and always forget the statement(s) of is the famous Nakayama’s Lemma. A quick Google search shows that I am probably not the only the person who has this issue. In any case, there is a particularly nice case of Nakayama’s Lemma that I use to reconstruct the more general version via quiver representation theory that I thought would be cool to write about.

Thoughts on Signed Measures

18 minute read

Published:

When I first learned about signed measures, I found the idea pretty confusing. I was given the definition verbatim out of Folland’s book, but never actually understood why we would care about such a thing in the first place. What’s an example problem that we would want to solve via signed measures? Sure, Folland says that we can classify the signed measures via Radon-Nikodym, but why should we care about that at all? I spent a bit of time pondering this recently and I came up with an answer that I think is somewhat satisfactory to me.

2024

Meme (Dumb) Ideas for Java Bytecode Constant Obfuscation

18 minute read

Published:

Not too long ago, I took a quick look at some of the activity that has been going on in the Java bytecode obfuscation/deobfuscation communities. So far, I have noticed that most of the same ideas since I have went inactive have remained the same:

  • Flow obfuscation:
    • opaque predicates;
    • reordering blocks through goto;
    • weird try-catch block flow;
    • callstack-sensitive keys used for branching;
    • CFG flattening;
    • complicate existing jumps;
    • etc.
  • Constant obfuscation:
    • encrypt strings via context-sensitive keys;
    • split numerical constants into a ton of arithmetic;
    • abuse constantdynamic;
    • etc.
  • Reference obfuscation:
    • abuse the Reflection API;
    • abuse invokedynamics;
    • proxying of method and field invocations;
    • changing all parameter types to java.lang.Object;
    • etc.
  • Exploits:
    • HTML-injection of vulnerable tools;
    • fake directories;
    • tool-specific crashers;
    • etc.
  • And the usual other stuff like class encryption and math obfuscation and whatnot.

2021

redpwnCTF 2021 - javaisez3

118 minute read

Published:

If you participated in redpwnCTF 2021, you might know that I authored the javaisez3 reverse-engineering challenge. So… here is my writeup. I attempted to write this writeup in a way that is friendly to those who do not have a lot of experience with the Java Virtual Machine (JVM), so hopefully you will find this educational and helpful should you ever run into future Java bytecode reverse-engineering scenarios.

2020

Math Operation Obfuscation of Java Bytecode

5 minute read

Published:

Earlier today, I visited the Tigress C obfuscator website today (I haven’t for awhile) and it looks much nicer now ;). Anyways, something that particularly interested me was Tigress’s page on EncodeArithmetic. Since I, a maintainer of a Java bytecode obfuscator, am always looking for cool things to try, found the book they linked of interest. For reference $\neg$ is the bitwise NOT, $\oplus$ is XOR, $\wedge$ is AND, and $\vee$ is OR. If this notation is interesting to you, consider visiting Wikipedia’s page on boolean algebra. In the linked book, several identities are given but here are the ones relevant to today’s blog post: