-2

Say that I write a JAVA program and I create the JAR file. How can I make it so that if someone extracts the class files from the JAR, he cannot disassemble it? If you use DJ JAVA Decompiler for example you should see an error message "You cannot disassemble this file". I already saw this message. So, how can you lock class files?

Thank you

user1853200
  • 675
  • 1
  • 5
  • 4
  • 1
    duplicates http://stackoverflow.com/questions/49379/how-to-lock-compiled-java-classes-to-prevent-decompilation http://stackoverflow.com/questions/1879061/how-to-protect-java-codes-against-decompiler – rajesh Mar 04 '13 at 10:09

1 Answers1

0

How can I make it so that if someone extracts the class files from the JAR, he cannot disassemble it

The simple answer is that you can't.

Disassembly (to human readable bytecodes) is trivial. There's even a JDK tool that can do it.

Decompilation to Java code can be partially defeated if you use an obfuscator. An obfuscator can do things to remove useful symbols, and confuse typical decompilers so that they produce uncompilable "code". However, a hacker with moderate skills (and motivation / persistence) can figure out what your code is doing anyway, and hand edit the decompiler output into compilable Java (if that is his / her intent).

The other approach that is sometimes suggested is to encrypt the bytecodes. Unfortunately, that is easier for a hacker for sidestep than obfuscation. At some point your application has to decrypt the bytecode in order that they can be loaded. All the hacker needs to do is intercept them.

And there is no way that you can convince a decompiler / disassembler to tell the user / hacker that he can't decompile / disassemble. It would be a "big fat lie" for a start ...

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216