1 2 Previous Next 28 Replies Latest reply: Feb 6, 2009 10:49 AM by 843785 Go to original post RSS
      • 15. Re: Advice on encrypting the class files so that it cannot be reverse engineer
        3004
        baftos wrote:
        I think this question, when formulated correctly, is legitimate and does not deserve being ridiculed.
        The right formulation, IMHO, is something like: is there a way to protect Java bytecode from reverse engineering about as much as native code can be called 'protected'?
        Everyone, English speaker or not, is asking this in their own way.
        From my experience, it is not the developer who asks this because he thinks his code is made of gold, but upper management.
        Even with that more reasonable phrasing, I doubt anyone who has asked it here has ever produced code needing that kind of protection.
        • 16. Re: Advice on encrypting the class files so that it cannot be reverse engineer
          843785
          leeChaolan wrote:
          i will like to ask if there is any way where we can encrypt the class files
          Yes, but that would also make them unreadable to the java application launcher - and thus would be pointless.
          so that people cannot use reverse engineering to modify the codes?
          You can design your offering as a thin client that calls back to your server where your precious classes can do their magic without being exposed.
          • 17. Re: Advice on encrypting the class files so that it cannot be reverse engineer
            baftos
            From my experience, it is not the developer who asks this because he thinks his code is made of gold, but upper management.
            Even with that more reasonable phrasing, I doubt anyone who has asked it here has ever produced code needing that kind of protection.
            I know, but my point is that the developer is not to blame, it's his boss. And bosses do think initially that the code is worth protecting. So the developer does his best to answer the concern by googling. And Google returns a lot of contradictory info: companies that pretend that they solved the problem once and for all (obfuscators, class loaders, encryption, you name it), more serious articles that explain why the problem is not solvable. Confused, he turns to the Sun forums. Actually, some obfuscators do a pretty good job. I discovered this, I made my boss pay 200$, everyone was happy and I received a bonus for my good atitude.

            Edit: Refering to the OP, the poster seems to be new to Java, he posts in the appropriate forum and I don't feel that he thinks his code deserves the Nobel price. The 'encryption' word outstanding, the question is reasonably formulated.

            Edited by: baftos on Feb 6, 2009 1:12 PM
            • 18. Re: Advice on encrypting the class files so that it cannot be reverse engineer
              800282
              baftos wrote:
              ... So the developer does his best to answer the concern by googling. And Google returns a lot of contradictory info: companies that pretend that they solved the problem once and for all (obfuscators, class loaders, encryption, you name it), more serious articles that explain why the problem is not solvable. Confused, he turns to the Sun forums. ...
              You can read all that from the single-sentence-question the OP posted?
              Wow! ; )
              I can't make up from the original post that s/he Googled, or read articles or found proof that the OP visited websites of companies that sell some product that they say solves the problem.
              • 19. Re: Advice on encrypting the class files so that it cannot be reverse engineer
                baftos
                prometheuzz wrote:
                baftos wrote:
                ... So the developer does his best to answer the concern by googling. And Google returns a lot of contradictory info: companies that pretend that they solved the problem once and for all (obfuscators, class loaders, encryption, you name it), more serious articles that explain why the problem is not solvable. Confused, he turns to the Sun forums. ...
                You can read all that from the single-sentence-question the OP posted?
                Honestly not! But I can imagine it, I went through all this myself, so I would give him the benefit of the doubt.
                My standard answer would be that the only viable solution are obfuscators, if you use one know that there is a price to pay (meaningless stack traces, just like with native code) and that the quality of obfuscation does not match the inherent obfuscation of native code. I somehow don't like the lesson about 'do you think your code is worth it?'.
                You may have a bunch of high caliber scientists producing the code and one novice programmer whose mandate is just to find a way to 'protect' it.
                • 20. Re: Advice on encrypting the class files so that it cannot be reverse engineer
                  3004
                  baftos wrote:
                  From my experience, it is not the developer who asks this because he thinks his code is made of gold, but upper management.
                  Even with that more reasonable phrasing, I doubt anyone who has asked it here has ever produced code needing that kind of protection.
                  I know, but my point is that the developer is not to blame, it's his boss
                  I'm not sure what point you're trying to make, but I certainly don't think any posts here so far were out of line or overly harsh.
                  • 21. Re: Advice on encrypting the class files so that it cannot be reverse engineer
                    baftos
                    Not harsh, but replies somwhere between 3 and 10, including 4, were enough to make OP feel like an idiot.
                    To understand why java bytecode cannot get the same type of protection as C code, which is a reasonable expectation,
                    you have to know a lot about how C/C++ compilers work, about machine language, about the important differences
                    between java bytecode and machine language, about class loaders, about the limits of cryptography.
                    • 22. Re: Advice on encrypting the class files so that it cannot be reverse engin
                      843785
                      Greetings,

                      thanks for the harsh answers.

                      Actually i come across some programs such as proguard where it can obscure the codes. However i wonder if Sun has something like tis that works something like proguard. So i just write in to see what advice can i get to complete my school project
                      • 23. Re: Advice on encrypting the class files so that it cannot be reverse engin
                        800308
                        Greetings,
                        Hi.
                        thanks for the harsh answers.
                        You're welcome.
                        Actually i come across some programs such as proguard where it can obscure the codes. However i wonder if Sun has something like tis that works something like proguard. So i just write in to see what advice can i get to complete my school project
                        Nope. Code obfiscators are basically useless (for the reasons discussed above), so why would serious people seriously bother with java-code-obfiscation when there's lots of interesting serious problems to be solved? Kapish?

                        And yes, IMHO this question got it's just-deserts of double dripping derision.

                        Cheers. Keith.
                        • 24. Re: Advice on encrypting the class files so that it cannot be reverse engin
                          843785
                          Yes true. But it for school project purposes, so i'm just researching to see if anyone who has ever done trying to obscure the class file. Actually i have program a system out for the project. I try to obscure the codes using the proguard but it removes some of my methods in my java file.
                          • 25. Re: Advice on encrypting the class files so that it cannot be reverse engin
                            800308
                            but it removes some of my methods in my java file.
                            Huh? If this is really true (which doubt) then proguard is useless.

                            How did you come to the conclusion that it's removing methods?

                            to see if anyone who has ever done trying to obscure the class file
                            Yeah, Like we all said... a real programmer really wouldn't bother... if it can be executed then it can be decompiled. Obfuscation just mucks up the names, not the logic, which is an effective deterent to (most) script-kiddies, it is not (and does not claim to be) an effective barrier to a determined professional.
                            • 26. Re: Advice on encrypting the class files so that it cannot be reverse engineer
                              843785
                              baftos wrote:
                              I somehow don't like the lesson about 'do you think your code is worth it?'
                              I think perhaps you missed a subtlety regarding that idea. The implication that the code isn't worth obfuscating applies to most code that most people write, including that of most of us here. It's not meant to deride or belittle the OP
                              • 27. Re: Advice on encrypting the class files so that it cannot be reverse engin
                                843785
                                corlettk wrote:
                                but it removes some of my methods in my java file.
                                How did you come to the conclusion that it's removing methods?
                                Well, obfuscators are also good for jar file compression.
                                Not only renaming classes & members but also
                                removing unused classes & members.

                                We used Dash-O in the early days - it was a pain and eventually we moved to yGuard
                                one of the [open source offerings|http://java-source.net/open-source/obfuscators]; free and suitable for a school project.
                                • 28. Re: Advice on encrypting the class files so that it cannot be reverse engineer
                                  3004
                                  baftos wrote:
                                  I somehow don't like the lesson about 'do you think your code is worth it?'.
                                  So it's better to let him continue with an overinflated notion of the value of his code? Protect him from reality so his feelings don't get hurt?
                                  1 2 Previous Next