Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Creating non-reverse-engineerable Java programs

Is there a way to deploy a Java program in a format that is not reverse-engineerable?

I know how to convert my application into an executable JAR file, but I want to make sure that the code cannot be reverse engineered, or at least, not easily.

Obfuscation of the source code doesn't count... it makes it harder to understand the code, but does not hide it.

A related question is How to lock compiled Java classes to prevent decompilation?


Once I've completed the program, I would still have access to the original source, so maintaining the application would not be the problem. If the application is distributed, I would not want any of the users to be able to decompile it. Obfuscation does not achieve this as the users would still be able to decompile it, and while they would have difficulty following the action flows, they would be able to see the code, and potentially take information out of it.

What I'm concerned about is if there is any information in the code relating to remote access. There is a host to which the application connects using a user-id and password provided by the user. Is there a way to hide the host's address from the user, if that address is located inside the source code?

like image 818
Elie Avatar asked Sep 29 '08 18:09

Elie


People also ask

Can compiled code be reverse engineered?

Software applications comprise source code files that are compiled to convert them into binary executable code. If this binary executable code is converted back into source code files using a decompiler then this will be termed as reverse engineering of source code.

Can software be reverse engineered?

Many things can be reverse-engineered, including software, physical machines, military technology and even biological functions related to how genes work. The practice of reverse-engineering as applied to computer hardware and software is taken from older industries.


2 Answers

The short answer is "No, it does not exist".

Reverse engineering is a process that does not imply to look at the code at all. It's basically trying to understand the underlying mechanisms and then mimic them. For example, that's how JScript appears from MS labs, by copying Netscape's JavaScript behavior, without having access to the code. The copy was so perfect that even the bugs were copied.

like image 193
gizmo Avatar answered Oct 04 '22 20:10

gizmo


You could obfuscate your JAR file with YGuard. It doesn't obfuscate your source code, but the compiled classes, so there is no problem about maintaining the code later.

If you want to hide some string, you could encrypt it, making it harder to get it through looking at the source code (it is even better if you obfuscate the JAR file).

like image 33
albertein Avatar answered Oct 04 '22 19:10

albertein