如何保护Java代码免受反编译? [英] How to protect Java codes against decompiler?
问题描述
众所周知,有很多java反编译工具可以将.class转换为.java文件。
As we know , there are a lot of java decompiler tools which can convert .class to .java file.
因此,我们需要保护我们的.java文件反对反编译器。我知道这是一个很大的话题,也许没有结局。
Therefore,we need to protect our .java files against decompiler. I know this is a big topic,and maybe there is no ending.
通常,有两种方法:混淆器和自定义类加载器。
Usually, there are two ways : obfuscator and customized classloader.
是否有任何成熟的解决方案或开源框架,它们结合了这两种方式?
Is there any mature solution or open source framework, which combined those two ways ?
另一方面与exe4j有关,它将jar包装到exe文件,似乎它可以保护java代码,因为我们可以看到的是exe文件而不是jar或类文件。但实际上,当它运行时,它会将所有jar文件分解为临时目录,这意味着很容易获得反编译器的类文件。
那么从exe4j方面保护java代码的任何注意事项?
Another aspect is related with exe4j, which package jars to exe file,seems like it can protect java codes , because what we can see is exe file instead of jars or class files. But indeed, when it runs, it decompose all jars files into temporary directories, that means it is easy to get class files for decompiler. So any considerations for protecting java codes from the aspect of exe4j ?
感谢您的意见和建议。
更新
感谢大家的建议或经验分享。这对我很有帮助。
为了得出结论,我将放弃任何具有加密功能的混淆器或自定义类加载器。因为最终Java代码可以在聪明的黑客之前公开。
Thanks everyone for your suggest or experience share. That is helpful to me. To make a conclusion, I will give up any obfuscator or customized classloader with encryption things. Because finally Java codes can be disclosed before clever hackers.
我将在编译时使用C语言中的#ifdef等技巧删除一些核心代码。在Java中,static和final布尔类变量可用于执行相同的工作。
然后,compilered类文件将不包含受需要保护的java代码。
I will remove some core codes during compiler time using tricks like "#ifdef" in C language. In Java, static and final boolean class variable can be used to do the same job. Then the compilered class file will not contain need-protected java codes.
推荐答案
您无法保护反编译器和恶意用户的类文件。但是反编译器的输出可能不是有效的java。
You can't protect the class files from a decompiler and from malicious users. However the output of the decompiler may not be valid java.
最好的方法是记录你的API(假设这可供你的客户使用)和应用程序非常非常好。并让您的支持人员能够解决API和应用程序问题。那么您的客户就没有理由想要使用反编译器来探究为什么事情无法正常工作。
The best method is to document your API (assuming this is available for your customers to use) and application very very well. And have your support personnel be able to resolve API and application issues. Then your customers will have no reason to want to use a decompiler to explore why things are not working correctly.
这篇关于如何保护Java代码免受反编译?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
