Java obfuscator

**HankWangford** · 19 October 2006, 21:24

Don't bother. Consider the following scenarios:

1. Your program is so very special that someone will actually want to invest the time and effort to determine how it works. Obfuscation will make it harder, but not impossible to do so. The "bad people" will find out how your program works no matter what. Obfuscation is useless. Chances of your program being in this category are < 1%, btw.

2. Your program is useful and people will use it because it will take too much effort to find or write something similar. Obfuscation will only make problems harder to find when they occur (think of seeing stacktraces that have a.b.A instead of com.example.MyClass). Obfuscation is useless.

3. Your program is ****. No one will care. Obfuscation is useless.

not my words, the words of Herko_ter_Horst, wise words

**Cowboy Bob** · 20 October 2006, 05:15

I use ProGuard - http://proguard.sourceforge.net/

Though I don't use it because of the obfuscation, I use it for my J2ME projects as a happy side effect is that it shrinks the size of the bytecode which is good for devices with small amounts of memory.

**AtW** · 20 October 2006, 08:20

Obfuscation is not useless but a MUST have.

**HankWangford** · 20 October 2006, 08:27

Originally posted by AtW

Obfuscation is not useless but a MUST have.

in all cases? big sweeping statement atw. Care to express why it is a MUST have?? Cant see it myself

**Cowboy Bob** · 20 October 2006, 08:32

Originally posted by AtW

Obfuscation is not useless but a MUST have.

Security by obscurity is a waste of time. Obfuscators have their uses (like the byte code shrinkage that I use them for) but ultimately, byte code can always be reverse engineered. Obfuscators just make it a bit harder, that's all.

**AtW** · 20 October 2006, 09:13

Originally posted by Cowboy Bob

Security by obscurity is a waste of time.

It is not waste of time: it raises the bar to cut off 99% of wanna bes who would not otherwise put effort into understanding how obfuscated code works: it is not a bit harder, it is a LOT harder to understand how application works, albeit cracking serial or some sort of protection is still pretty easy, but the real thing that should be protected is how app does things, key algorithms inside it - a simple name of the function can give out enough information for me to know how I can achieve the same.

Obfuscation is a must because without it you are practically shipping source code with your build - I actually do ship part of SKA without obfuscation, but it can't be used on its own without server, plus it is functional but small part of the whole system that has not actually been released just yet, but when it will be, then I will certainly obfuscate it pretty hard.

**Cowboy Bob** · 20 October 2006, 09:36

Originally posted by AtW

It is not waste of time: it raises the bar to cut off 99% of wanna bes who would not otherwise put effort into understanding how obfuscated code works: it is not a bit harder, it is a LOT harder to understand how application works

I disagree. I'm no .NET expert, but if your code was obfuscated Java byte code I could decompile your source code and be reading your algorithms in 10 minutes using a few simple tools available on the Internet.

The best way to hide algorithms in Java is to encrypt your byte code files, then use a custom class loader to decrypt them before loading them into the virtual machine. Even then, it's still possible to get at the algorithms as the class loader itself is decompilable. However, in this case you'd have to write custom code to use that class loader, load the classes into the VM, serialize the classes out unencrypted, then decompile from the serialized objects. Much, much harder than a plain obfuscator. Don't know if that's possible in .NET though.

**AtW** · 20 October 2006, 10:03

It is hard to understand what a complex application does without good namings - number of people who can actually do reverse engineering is very small these days and it is shrinking.

I am not saying that obfuscation is the best protection - of course it is not, but is it the minimum necessary thing really, that's why it is a must - this will cut off 95% of wannabes, even though in some cases like mine the code is so complex and it is useless on it's own without having server and a lot more other code, but even so I am going to obfuscate and encrypt it pretty hard shortly. Can't do a lot of things as it has to run on Mono too.

**Stan** · 21 October 2006, 20:03

Thanks cowboy bob thats what I was after.

I only want to deter casual poking attempts.

Java obfuscator

Java obfuscator

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Java obfuscator

Java obfuscator

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud