3

How can you protect/encrypt your Java classes?

I've been reading some articles on java.lang.ClassLoader and one PDF article Understanding the Java ClassLoader suggested that I could use a custom class loader to decrypt some encrypted class files on the fly. And there I found another article arguing that it's pointless to use a custom class loader to protect your code. The point was that it eventually has to call the defineClass method.

Perhaps it's my ignorance but what if I
1. encrypted my classes with a secret key
2. my app launcher accepts a password from the user (the password is the secret key)
3. my app launcher calls my custom classloader
4. then my custom class loader decrypts the encrypted files with the password(secret key)
5. and then the whole things start to run


Wouldn't this successfully protect classfiles from being decompiled ?

P.S.
I'm trying to do this just for fun.

Community
  • 1
  • 1
Ascendant
  • 827
  • 2
  • 16
  • 34
  • Don't bother - anyone who wants your classes can grab them off right from your classloader. Encrypting classes is a fundamentally flawed approach at DRM. – Durandal Jun 12 '13 at 10:24

1 Answers1

0

You already answered your own question:

Your decrypting class loader still has to call defineClass. Anyone can launch your app launcher in their own class loader and simply hand your app launcher a version of java.lang.ClassLoader that will write out anything that is passed to defineClass.

There is no way around defineClass (aside from native code, I suppose).

If you are so worried about your classes being decompiled you're better off with an obfuscator (ProGuard or the like) or possibly an ahead of time native compiler (GCJ, Jet).

Durandal
  • 19,919
  • 4
  • 36
  • 70