如何锁定已编译的 Java 类以防止反编译? [英] How to lock compiled Java classes to prevent decompilation?

问题描述

如何锁定已编译的 Java 类以防止反编译?

How do I lock compiled Java classes to prevent decompilation?

我知道这一定是互联网上讨论得很好的话题，但我参考后无法得出任何结论.

I know this must be very well discussed topic on the Internet, but I could not come to any conclusion after referring them.

许多人确实建议使用混淆器，但他们只是用难以记住的字符序列重命名类、方法和字段，但敏感的常量值呢?

Many people do suggest obfuscator, but they just do renaming of classes, methods, and fields with tough-to-remember character sequences but what about sensitive constant values?

例如，您开发了基于密码加密技术的加密和解密组件.现在在这种情况下，任何普通的 Java 人都可以使用 JAD 来反编译类文件并轻松检索密码值(定义为常量)以及 salt 反过来可以解密通过编写独立的小程序来获取数据！

For example, you have developed the encryption and decryption component based on a password based encryption technique. Now in this case, any average Java person can use JAD to decompile the class file and easily retrieve the password value (defined as constant) as well as salt and in turn can decrypt the data by writing small independent program!

或者这些敏感组件是否应该用原生代码(例如，VC++)构建并通过JNI?

Or should such sensitive components be built in native code (for example, VC++) and call them via JNI?

推荐答案

一些更高级的 Java 字节码混淆器所做的不仅仅是类名修改.例如，Zelix KlassMaster 还可以打乱您的代码流，使其很难遵循和工作作为优秀的代码优化器...

Some of the more advanced Java bytecode obfuscators do much more than just class name mangling. Zelix KlassMaster, for example, can also scramble your code flow in a way that makes it really hard to follow and works as an excellent code optimizer...

此外，许多混淆器还能够打乱您的字符串常量并删除未使用的代码.

Also many of the obfuscators are also able to scramble your string constants and remove unused code.

另一种可能的解决方案(不一定排除混淆)是使用 加密的 JAR 文件 和进行解密的自定义类加载器(最好使用本机运行时库).

Another possible solution (not necessarily excluding the obfuscation) is to use encrypted JAR files and a custom classloader that does the decryption (preferably using native runtime library).

第三个(并且可能提供最强大的保护)是使用本地提前编译器，例如 GCC 或 Excelsior JET，例如，将您的 Java 代码直接编译为特定于平台的本机二进制.

Third (and possibly offering the strongest protection) is to use native ahead of time compilers like GCC or Excelsior JET, for example, that compile your Java code directly to a platform specific native binary.

无论如何，您必须记住，正如爱沙尼亚语中所说的锁是为动物准备的".这意味着在运行时每一段代码都是可用的(加载到内存中)，并给予足够的技能、决心和动力，人们可以并且将会反编译、解读和破解你的代码......你的工作只是让这个过程变得像你可以并且仍然保持工作......

In any case You've got to remember that as the saying goes in Estonian "Locks are for animals". Meaning that every bit of code is available (loaded into memory) during the runtime and given enough skill, determination and motivation, people can and will decompile, unscramble and hack your code... Your job is simply to make the process as uncomfortable as you can and still keep the thing working...

这篇关于如何锁定已编译的 Java 类以防止反编译?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！