This discussion is archived
8 Replies Latest reply: May 11, 2011 5:50 PM by EJP RSS

Protect your source code and application

798853 Newbie
Currently Being Moderated
Hi ,

I would like to know how I can protect my java source code and application ( class files ) from reverser engineering and decompilation softwares.

In fact I want two add 2 feature to my application .
1. I want to sell my application base on license and security file which don`t allow people copy to other system or web host and use it .

I really don`t have idea how i can do it , could you please guide me in this task .

2. I would like to do my class bytecode obfuscator and shrinker to protect my application and not allow people decompile with software or etc .

I try to search on Google and found some different application and way for obfuscator and shrinker but I really don`t know which one is the best one and can protect better and easy to use as well .


Many Many Thanks
  • 1. Re: Protect your source code and application
    gimbal2 Guru
    Currently Being Moderated
    AJ wrote:
    Hi ,

    I would like to know how I can protect my java source code and application ( class files ) from reverser engineering and decompilation softwares.
    Put it on a server and let people use it as a service. Generally this is done through a web interface.

    Seriously, if you don't want people to hack your app, don't give them access to the binaries. Otherwise it is going to happen if someone finds a need for it, even if you obfuscate the code.
    y to search on Google and found some different application and way for obfuscator and shrinker but I really don`t know which one is the best one and can protect better and easy to use as well .
    You'll have to try them and see, won't you? "Best" does not exist and ease of use is a personal thing.
  • 2. Re: Protect your source code and application
    798853 Newbie
    Currently Being Moderated
    Thank you , You might right , but expert in this field can give advise which is save time and effort .
    Also This application is two model . 1. applet which i can put on the webserver , 2. Second is desktop application which I can not avoid to not give to customer .
    These application is very small code ( something around 400 lines or 500 lines ) but I really don`t want any body can get idea and copy or brake it .

    Please let me share your experience with me and let me learn from you :) .

    Many Thanks
  • 3. Re: Protect your source code and application
    EJP Guru
    Currently Being Moderated
    You might [be] right, but expert in this field can give advise which is save time and effort.
    So hire an expert. At present you are just asking on a forum, where one answer is as good as another, and it is up to you to evaluate them. You don't for example have any grounds for your apparent assumption that gimbal2 isn't an expert.
  • 4. Re: Protect your source code and application
    798853 Newbie
    Currently Being Moderated
    Ok but by hire somebody to do this need to have same risk as you do with your own and ask what need to be done . Same way i can judge people knowledge the same way you can find out the best answer in this forum . The forum or sun as for to share and use the massive knowledge from other people . otherwise what`s the point ? Do you agree or not ?
  • 5. Re: Protect your source code and application
    sabre150 Expert
    Currently Being Moderated
    AJ wrote:Same way i can judge people knowledge the same way you can find out the best answer in this forum .
    I will add my voice to those who say you can't 100% protect your code. Now you have 3 people who say you can't and none who say you can. Whether or not you believe us is up to you.
  • 6. Re: Protect your source code and application
    796440 Guru
    Currently Being Moderated
    sabre150 wrote:
    AJ wrote:Same way i can judge people knowledge the same way you can find out the best answer in this forum .
    I will add my voice to those who say you can't 100% protect your code. Now you have 3 people who say you can't and none who say you can. Whether or not you believe us is up to you.
    4-0

    And I would also say that:

    1) Your app is not so fantastic that many people will be interested in reverse engineering it in the first place. Especially at only a few hundred lines. (Not that an app of a few hundred lines can't be useful, just that it's colossally unlikely to be particularly original or groundbreaking.)

    and

    2) The amount of actual loss you will suffer from the few (if any) that do hack it will be much smaller than the time, effort, expense, and trouble of "protecting" your app.

    Additionally, even if somebody does buy into the notion that you need an obfuscator, you still haven't defined what "best" means for you, so nobody can really answer that question. I can think of at least 6 criteria that one might use to evaluate such a tool. You have not mentioned any specific criteria that factor into what is "best" for your needs.
  • 7. Re: Protect your source code and application
    gimbal2 Guru
    Currently Being Moderated
    EJP wrote:
    You might [be] right, but expert in this field can give advise which is save time and effort.
    You don't for example have any grounds for your apparent assumption that gimbal2 isn't an expert.
    Well in the defense of the OP, I believe he was referring to my comment on trying the obfuscators himself VS getting advice on them. I don't like labels anyway, if people believe you are an expert they will bother you with all their problems. "You do it because you are much better at it", recognize that line?


    100% agree with everything thats been said so far. But then again, the same was true the last time this very subject came up ;)
  • 8. Re: Protect your source code and application
    EJP Guru
    Currently Being Moderated
    Ok but by hire somebody to do this need to have same risk as you do with your own and ask what need to be done.
    Please restate that in standard English.
    Same way i can judge people knowledge the same way you can find out the best answer in this forum.
    I thnk I can almost make sense out of that.
    The forum or sun as for to share and use the massive knowledge from other people . otherwise what`s the point ? Do you agree or not?
    Of course that's what a forum is for. It isn't for demanding 'experts'. What you get is what you get. Evaluating it is up to you.

    BTW I agree with all the other responders.

    (a) Nobody is going to steal your code in the first place.

    (b) If you want to protect your source code, don't ship it. Nobody else does. I don't know why you're even asking about source code.

    (c) You can't protect a .JAR file against extraction.

    (d) There are obfuscators, if you believe in that sort of thing, but if I really wanted to reverse engineer your product an obfuscator wouldn't stop me.

    (e) Your best protections against decompilation are not technical, they are (1) price and (2) your licence agreement. Re price, you can either charge so much for your product that legitimate purchasers won't give it away, or so little that reverse engineering is more expensive than buying a copy.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points