1

I can only seem to get the folder of the jar and not the contents inside.

Basically someone cracked my program and they put a File inside the JAR which the program loaded from, I want to add some sneaky checks inside an API that I use to check to see if there is an extra File inside and disable the product if so.

So - how can I check for any .json or .file files inside a JAR file? I looked at this, Viewing contents of a .jar file, but didn't get the answer I wanted.

Thanks.

Community
  • 1
  • 1
J. Doe
  • 105
  • 1
  • 6
  • [Java Decompiler](http://jd.benow.ca/) – Mário Moura da Silva Apr 21 '17 at 15:57
  • The answers in the post you linked will be the same answers you'll get here: 1. Use `jar tf your-jar` 2. Extract using software like 7-Zip or WinRar 3. Use a decompiler such as JAD. You could also load the contents at runtime using a `JarFile`, and you could obfuscate your code to deter hackers. – Vince Apr 21 '17 at 15:57
  • 2
    To be honest, this is what JAR signing and checksums are for – Igor Apr 21 '17 at 15:58

1 Answers1

0

In order to verify that a jar is unaltered, it is more common and reliable to either sign your jar or use a checksum like SHA256.

Signing your jar acts like a seal that is broken if the jar is opened. Signing a jar takes money and time, so it is typically only used for production-type software.

A checksum will be computed based on all binary and otherwise contents. If the contents change, so will the checksum. Using a SHA256 checksum will result in the near-impossibility of a duplicated hash, especially with working code.

Igor
  • 159
  • 5
  • I am not spending money on it - how can I manually check if the jar has an extra file in it? I'm also planning to edit the API and insert this code, since it's a big API, nobody would know that it is hidden in there. – J. Doe Apr 21 '17 at 22:08
  • Internally run the checksum on the folder you care about. If the checksum changed, the contents changed (i.e. addition/deletion). – Igor Apr 24 '17 at 16:06