Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does compiling Java to native code protect the source code?

Now, I know that...

Anything can be reverse engineered, given enough time and resources.

However, would compiling your Java code to native code with a tool like GCJ make it more difficult to decompile? I mean, given a few minutes, I can decompile a .jar using JD-GUI, and it is relatively accurate. Most of the "Java to EXE" converters are just .exe launchers for the JVM, and while there are many benefits to the JVM, I have been led to believe that security of the source code is not one of them.

Bottom line: Can you use something like GCJ to compile your Java source (or .class) files to native machine code, and if so, will that protect it from decompiling?

EDIT: Ideally, it would be something more than just obfuscation. The specific project is a commercial game, so what we are looking for is a way to make it more difficult to get to the source code to begin with, not just understand it. Also, I'm not sure that Steam accepts .jars, and we are planning on submitting it to the new Green Light project.

like image 836
tehtros Avatar asked Aug 30 '12 19:08

tehtros


People also ask

How do I protect my Java source code?

You can try the Java Protector. It is a better way than obfuscation.It makes a Native ClassLoader by modifying the source of OpenJDK, could encrypt the classes that you want to protect by AES and parse them in their custom-JRE. You can publish your software with the JRE and distribute your software safety.

Can you compile Java to native code?

Yes! Native Image The native image feature with the GraalVM SDK helps improve the startup time of Java applications and gives them a smaller footprint.

What is generated when Java source code is compiled?

When we use the java compiler, the JAVA source code gets compiled into bytecode. The bytecode then gets saved on the disk with the . class file extension.

Can Java bytecode be decompiled?

Abstract. Java virtual machines execute Java bytecode instructions. Since this bytecode is a higher level representation than traditional ob- ject code, it is possible to decompile it back to Java source.


2 Answers

I wouldn't choose that approach just for source-security.

Check out some Obfuscator tools out there like ProGuard

If you want to see what those tools do to your source code, just try read the decompiled Minecraft jar if you have one on hand.


A downside to using this is, that if your code depends on using reflection, you'll have to configure the tools to ignore those functions/classes/whatever, as those will not be found at runtime otherwise.

like image 200
Lukas Knuth Avatar answered Oct 03 '22 09:10

Lukas Knuth


Technically, yes. Using something like GCJ will make it harder to decompile, however keep in mind that you are losing some major benefits of using Java if you do this. Namely, you lose the ability to write cross-platform applications.

You could use an obfuscator to make the code harder to decompile AND still keep the benefits of using Java.

like image 42
Oleksi Avatar answered Oct 03 '22 11:10

Oleksi