1

I found that we can read the software source code of a JAR file by using de-compiling software. I downloaded such a software and read lot of such codes.

My questions are...

  1. How can we prevent decompiling our class files which is inside the JAR?
  2. Can anybody reveal the source code of a software from its setup file(not the JAR)?

I know that There are some answers for the first question on the internet. But I appreciate if you can explain it more explicitly. But the second question is the most important one for me.

durron597
  • 31,968
  • 17
  • 99
  • 158
S.Basnagoda
  • 671
  • 2
  • 8
  • 21
  • 3
    What do you mean by setup file? – Paolo Sep 06 '12 at 07:10
  • 1) Don't distribute them. 2) Only if they have a decompiler and know how to use it. It does not produce the exact source, but near enough. – Andrew Thompson Sep 06 '12 at 07:14
  • there are some signing tools... which sign your app using some developer signing tools.... this use your jdk key to sign ur app!! – Aditya Nikhade Sep 06 '12 at 07:21
  • possible duplicate of [How to protect compiled Java classes?](http://stackoverflow.com/questions/2443542/how-to-protect-compiled-java-classes) ... and the 2nd part about regenerating source code a "setup file" is unanswerable. – Stephen C Sep 06 '12 at 07:22
  • @Paolo > Setup file mean Setup.exe – S.Basnagoda Sep 06 '12 at 09:56

2 Answers2

2

You cannot completely prevent decompilation. But you can make this much harder.

Use obfuscation - process that changes your byte code making it very hard to understand. There are a lot of java byte code obfuscators. Some of them are free.

But the code still can be de-compiled. You can also store your classes in password protected zip file. But java by default does not support such files. You can however develop your own class loader and separate your application into 2 parts. First, small loader that just starts the application, then loads majority of classes using custom class loader that loads classes from password protected zip.

You can also load part of your application from internet over https, so it will be really hard to hack it.

AlexR
  • 114,158
  • 16
  • 130
  • 208
0

Generally you can use obfuscation to make things harder, but my guess is that if commercial programs like photo or office suites or videogames that are developed by multibillion companies can be cracked and redistirbuted freely around pirate sites, then there is not too much hope for homemade applications in this aspect of hacking. Generally, though, it depends on who is the one wanting to hack it, so you may get a way via obfuscation to get it past a decompiler somewhat but a serious hacker will make it into the code in other ways I believe...

Angelos Chalaris
  • 6,611
  • 8
  • 49
  • 75