1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Java obfuscator

Collapse
X
1 to 10 of 12 Previous 1 2 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
1 to 10 of 12 Previous 1 2 template Next
    #1

    Java obfuscator

    Can anyone recommend a program to strip as much information as possible from java class files for distribution.

    I know its always possible to decompile but I making the decompiled source hard to understand (i.e bogus names for classes, methods etc) will be fine.

    Free preferably
    All that is necessary for evil members to succeed is that good members post nothing
    Tags: None
    #2
    Don't bother. Consider the following scenarios:

    1. Your program is so very special that someone will actually want to invest the time and effort to determine how it works. Obfuscation will make it harder, but not impossible to do so. The "bad people" will find out how your program works no matter what. Obfuscation is useless. Chances of your program being in this category are < 1%, btw.

    2. Your program is useful and people will use it because it will take too much effort to find or write something similar. Obfuscation will only make problems harder to find when they occur (think of seeing stacktraces that have a.b.A instead of com.example.MyClass). Obfuscation is useless.

    3. Your program is ****. No one will care. Obfuscation is useless.

    not my words, the words of Herko_ter_Horst, wise words
    Last edited by HankWangford; 19 October 2006, 21:27.
    whats the lowest you can do this for?

    Comment

      #3
      I use ProGuard - http://proguard.sourceforge.net/

      Though I don't use it because of the obfuscation, I use it for my J2ME projects as a happy side effect is that it shrinks the size of the bytecode which is good for devices with small amounts of memory.
      Listen to my last album on Spotify

      Comment

        #4
        Obfuscation is not useless but a MUST have.

        Comment

          #5
          Originally posted by AtW
          Obfuscation is not useless but a MUST have.

          in all cases? big sweeping statement atw. Care to express why it is a MUST have?? Cant see it myself
          whats the lowest you can do this for?

          Comment

            #6
            Originally posted by AtW
            Obfuscation is not useless but a MUST have.
            Security by obscurity is a waste of time. Obfuscators have their uses (like the byte code shrinkage that I use them for) but ultimately, byte code can always be reverse engineered. Obfuscators just make it a bit harder, that's all.
            Listen to my last album on Spotify

            Comment

              #7
              Originally posted by Cowboy Bob
              Security by obscurity is a waste of time.
              It is not waste of time: it raises the bar to cut off 99% of wanna bes who would not otherwise put effort into understanding how obfuscated code works: it is not a bit harder, it is a LOT harder to understand how application works, albeit cracking serial or some sort of protection is still pretty easy, but the real thing that should be protected is how app does things, key algorithms inside it - a simple name of the function can give out enough information for me to know how I can achieve the same.

              Obfuscation is a must because without it you are practically shipping source code with your build - I actually do ship part of SKA without obfuscation, but it can't be used on its own without server, plus it is functional but small part of the whole system that has not actually been released just yet, but when it will be, then I will certainly obfuscate it pretty hard.

              Comment

                #8
                Originally posted by AtW
                It is not waste of time: it raises the bar to cut off 99% of wanna bes who would not otherwise put effort into understanding how obfuscated code works: it is not a bit harder, it is a LOT harder to understand how application works
                I disagree. I'm no .NET expert, but if your code was obfuscated Java byte code I could decompile your source code and be reading your algorithms in 10 minutes using a few simple tools available on the Internet.

                The best way to hide algorithms in Java is to encrypt your byte code files, then use a custom class loader to decrypt them before loading them into the virtual machine. Even then, it's still possible to get at the algorithms as the class loader itself is decompilable. However, in this case you'd have to write custom code to use that class loader, load the classes into the VM, serialize the classes out unencrypted, then decompile from the serialized objects. Much, much harder than a plain obfuscator. Don't know if that's possible in .NET though.
                Listen to my last album on Spotify

                Comment

                  #9
                  It is hard to understand what a complex application does without good namings - number of people who can actually do reverse engineering is very small these days and it is shrinking.

                  I am not saying that obfuscation is the best protection - of course it is not, but is it the minimum necessary thing really, that's why it is a must - this will cut off 95% of wannabes, even though in some cases like mine the code is so complex and it is useless on it's own without having server and a lot more other code, but even so I am going to obfuscate and encrypt it pretty hard shortly. Can't do a lot of things as it has to run on Mono too.

                  Comment

                    #10
                    Thanks cowboy bob thats what I was after.

                    I only want to deter casual poking attempts.
                    All that is necessary for evil members to succeed is that good members post nothing

                    Comment

                    Reply to Thread
                    1 to 10 of 12 Previous 1 2 template Next

                    Advertisers

                    1. Contracting
                      1. General
                        1. Brexit
                      2. Business / Contracts
                        1. Coronavirus Assistance
                      3. Accounting / Legal
                        1. Umbrella Companies
                        2. HMRC Scheme Enquiries
                        3. The Future of Contracting
                        4. IR35 Reform
                      4. Technical
                      5. Welcome / FAQs
                    2. Social
                      1. Light Relief
                      2. Social / Events
                    Working...
                    X