Convert Java Applet CAP file to *.class for decompilation

[SmInc]

Here is a CAP file possible containing a malware code, without source code, and also without an export file.

It is a CAP file for old platform version, i.e. GP211.

I have a big experience Java reverse-engineering in Classic JVM and Dalvik. But Java Card is lesser popular and closer platform. Most tools are for CLASS/JAR or DEX, not CAP.

I found the several tools (including some VMs who simulates the JCOP) which could disassemble a CAP file, but the CAP is quite big, and the working with assembly code is too complex and slow for me.

And we cannot simply do "CAP text bytecode -> Notepad++ --> some Java Bytecode editor -> Java bytecode".
Too many differences between CAP bytecode and Java bytecode. Not just method table, it is also a big amount of different opcodes.
Just decompile the converter.jar of a Java Card Kit (it is a tool which converts CLASS -> CAP) and see that conversion is a quite complex process.

I need some automated converter.

Meanwhile, I developing a set of smart card solutions and the "CAP decompiler" will be a good piece in the list.
Yes, I'm going to write it.
I plan to build it on top of Javassist from one side, some CAP disassembling library from the second one, and some standard Java decompiler(-s) from the third one.

But I should be sure that there are no analogs.

QUESTION IS HERE:
Is there some tool in the Earth which can convert Java Card *.cap to Java *.class (or decompile *.cap directly) or no?

(Also if you know some pitfalls in this bytecode conversion I will be grateful if you'll describe them to me. Now I saw it as just a copying one opcode list to another one with a giant if...else if...else if...else if... or switch...case...case...case tree (and some misc staff i.e. conversion of access modifiers, fields, etc).

[wumindejia]

That is impossible.

[duke3d]

I think it is possible. And there is another similar topic in this forum already, and a post of reply maybe has mentioned a source code about your idea (But I am sorry that I haven't research it yet, I am still in struggling for my life ). From my point a decompiler (Cap2Class or Cap2Java) will use some technologies relating with java card virtual machine , it would try to understand the bytecode actions , calculations of stack balance , and so on . All of that is just my imagination. Good luck buddy.

[SmInc]

That is impossible.

Anything is possible, if you are an researcher rather than the monkey who just uses stuff created by another person. (And if you finding it cost-effective.)

I think it is possible

This is possible.
However, really, It should be a tool based on JavaCard VM emulator rather than just opcodes parser. I don't know any open-source (mature) JavaCard VM in java, but in Python only: https://github.com/benallard/caprunner
Also, now I paused in this question because I thinking is this jub cost-effective or no. I think - no, at all. Partly because we still cannot download a *.cap from any card, even our own, especially stranger. We just haven't any *.cap files really need to be decompiled. Just another pet project, which can be cool as a portfolio only, and even unclear for most customers.
Most likely, I willn't do it in nearest weeks. As I mentioned above I already developing a set of smartcard solutions (I have one customer, but not so good), I will release them as a big pack and check the relevance, and only next I will think should I write the decompiler or something another or it's better to abandon this direction at all until it will found a good customer who really needs something from it.

https://github.com/benjholla/Card2Jar - I viewed this.
Not yet tried. But...
"Currently this is just a handy wrapper around the JCDK3.0.4_ClassicEdition SDK distribution's normalizer utility. It is subject to all the same caveats as the normalizer.bat interface (must have export EXP file and must be a Java Card 2.2.2 or lower applet)."

[lodShow]

In the normal condition, we can't get a CAP file from the most of applet development vendor. Maybe since this reason, there are not enough motivations for the most of us to develop a cap2class in smart card industry field.
Because of the java card cap file format is public (describing in Java Card Virtual Machine Specification ), the format of java class file is also described in the Java Virtual Machine Specification.
But I have a half-baked idea, how about developing a tool which can convert the CAP file to JCA file, then convert the JCA file to JAL (standard Java Assembly Language) file. As I know, there are perfect JAL tools nowadays. A JAL tool can easily do the task converting Java Assembly Language file to the class file.

Developing a CAP2JCA tool may be not very difficult, likewise developing a JCA2JAL tool is a task which is nearly Text to Text translation from one assembly language(JCA) to another assembly language(JAL). This may be feasible if there are any mistakes with my thinking anybody can point it out.

Does anybody know some information about standard Java bytecode Assembly tools? Any download URL link or some experience of using that software.

[SmInc]

developing a JCA2JAL tool is a task which is nearly Text to Text translation from one assembly language(JCA) to another assembly language(JAL)

I have no idea about JCA files (and why you want convert it to JCA file if we have CAP manipulation libraries which can directly extract CAP's opcodes as a data structure).
About JCA, if we disassemble its methods with any CAP manipulation library (or VM), and same methods from original *.class, we will find a complexity with gotos. Sometime JCA's 1 opcode does the thing which done by the several JAL opcodes sequence, therefore we should re-write offsets of the gotos.

Does anybody know some information about standard Java bytecode Assembly tools?

What information is need for you?
You can decompile+debug them and see all what you want.