如何锁定已编译的Java类以防止反编译？ [英] How to lock compiled Java classes to prevent decompilation?

问题描述

如何锁定已编译的Java类以防止反编译？

How do I lock compiled Java classes to prevent decompilation?

我知道这必须是互联网上讨论得很好的主题，但我无法得出任何结论在引用它们之后。

I know this must be very well discussed topic on the Internet, but I could not come to any conclusion after referring them.

许多人确实建议使用混淆器，但他们只是使用难以记忆的字符序列重命名类，方法和字段但是敏感常量呢？值？

Many people do suggest obfuscator, but they just do renaming of classes, methods, and fields with tough-to-remember character sequences but what about sensitive constant values?

例如，您已基于基于密码的加密技术开发了加密和解密组件。现在在这种情况下，任何普通的Java用户都可以使用 JAD 来反编译该类文件并轻松检索密码值（定义为常量）以及盐，然后可以解密编写小型独立程序的数据！

For example, you have developed the encryption and decryption component based on a password based encryption technique. Now in this case, any average Java person can use JAD to decompile the class file and easily retrieve the password value (defined as constant) as well as salt and in turn can decrypt the data by writing small independent program!

或者这些敏感组件是否应该用本机代码（例如VC ++）构建，并通过 JNI ？

Or should such sensitive components be built in native code (for example, VC++) and call them via JNI?

推荐答案

部分更高级的Java字节码混淆器不仅仅是类名称修改。例如， Zelix KlassMaster 也可能以一种非常难以遵循和工作的方式扰乱您的代码流作为一个优秀的代码优化器...

Some of the more advanced Java bytecode obfuscators do much more than just class name mangling. Zelix KlassMaster, for example, can also scramble your code flow in a way that makes it really hard to follow and works as an excellent code optimizer...

此外，许多混淆器也能够扰乱你的字符串常量并删除未使用的代码。

Also many of the obfuscators are also able to scramble your string constants and remove unused code.

另一种可能的解决方案（不一定排除混淆）是使用加密的JAR文件和执行解密的自定义类加载器（最好使用本机运行时库）。

Another possible solution (not necessarily excluding the obfuscation) is to use encrypted JAR files and a custom classloader that does the decryption (preferably using native runtime library).

第三个（并且可能提供最强大的保护）是使用早期的原生编译器，如 GCC 或 Excelsior JET 将您的Java代码直接编译为平台特定的原生二进制文件。

Third (and possibly offering the strongest protection) is to use native ahead of time compilers like GCC or Excelsior JET, for example, that compile your Java code directly to a platform specific native binary.

无论如何你必须记住爱沙尼亚语中的说法锁定动物。这意味着在运行时期间每一段代码都可用（加载到内存中）并且给予足够的技能，决心和动力，人们可以并且将反编译，解读和破解您的代码...您的工作只是让过程变得不舒服，如同你可以并且仍然保持工作......

In any case You've got to remember that as the saying goes in Estonian "Locks are for animals". Meaning that every bit of code is available (loaded into memory) during the runtime and given enough skill, determination and motivation, people can and will decompile, unscramble and hack your code... Your job is simply to make the process as uncomfortable as you can and still keep the thing working...

这篇关于如何锁定已编译的Java类以防止反编译？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！