Effective Obfuscation: Techniques to empower Java code safety

Why do you need Obfuscation ?

Do you lock your home door every night? You may know that a locked door will not stop an skilled thief for more than a few minutes.
If you add another lock then you can slow him down another minute or two. Reality is, no matter how many locks you use on your doors, a determined and skilled thief is going to get inside your house.
So why do you lock your doors at all? It is obvious that you have accepted the fact that a determined thief can get in, but the harder you can make it for him, the better it is. In fact, if it's too much of a pain, he may try somewhere else. In addition, by locking your door you keep out the other 99 percent of the people.

Wikipedia definition

Obfuscation is the concealment of meaning in communication, making it confusing and harder to interpret.
Obfuscating code to prevent reverse engineering is typically done to manage risks that stem from unauthorized access to source code.
These risks include loss of intellectual property, ease of probing for application vulnerabilities and loss of revenue that can result when applications are reverse engineered, modified to circumvent metering or usage control and then recompiled.

Protecting Java from reverse engineering works the same way. Java is too easy to effectively reverse engineer due to its byte code (.class file). Any decompiler across the street can regenerate very clear Java code for a class file.

A vast variety of tools exists to perform or assist with code obfuscation. These include experimental research tools created by academics, commercial products written by professionals, and Open-source software.

Few well known obfuscators are

Proguard: (http://proguard.sourceforge.net/)
Allatori Java Obfuscator: (http://www.allatori.com/)

Few well known decompilers are
JAD: http://www.kpdus.com/jad.html
DJ : http://www.download.com/DJ-Java-Decompiler/3000-2417_4-10046809.html
Eclipse Plugin Jadclipse : http://jadclipse.sourceforge.net/download.html

Obfuscators have evolved as full static analyzers of Java applications as far as those applications can be statically analyzed. Because of this, additional features such as code pruning, size reduction, optimization, and watermarking have become natural extensions to obfuscation systems.

Obfuscation can be made even more powerful by using some of the techniques listed below

Having Small Interface for System

Small interface helps obfuscator to obfuscate maximum classes, this makes sure you have few entry points to the system. If you are designing a framework then make sure only required things are exposed as interfaces.
While using obfuscator you can chose to not change the interface so that it behaves as expected, but your core implementation classes remain obfuscated.

Delegating Core methods

Delegating the core method to a separate object which again delegates the core logic inside its private method makes it difficult for decompilers to bring the code directly to the calling class.

Use of Inner classes

Inner classes makes it difficult for the code to understand, if you use inner classes for implementing core logic then it will be hard to walk thru. This can be made even more tough if you use Anonymous inner classes.

Beyond Obfuscation, tricks for obfusction, techniques of obfuscation, code safety, securing java code, making decompiler useless, can not decompile class file, obfuscation techniques, obfuscation, Obfuscator, simple tricks beyond obfuscation, simple tricks after obfuscation, effective obfuscation, difficult decompilation, difficult to pirate java code, empowering java obfuscation


Tips 2714289967018381160

Post a Comment Default Comments