有没有办法编译隐藏源代码？ [英] Is there a way to compile to hide the source code?

问题描述

使用Play或Grails或任何其他JVM框架;

是否有办法（或以何种方式）全面编译生成的war / jar文件，以便源代码可以隐藏起来，而不需要反编译？

甚至在编译之后，是否可以轻松地反编译并获取字符串和类？例如db连接等。

谢谢。

解决方案

如果没有反编译的可能性，你就无法编译任何东西 。也就是说，你可以做一些事情来使这个过程更加昂贵。

真正的诀窍是让成本降到最低，而其他人则要付出代价。总之，期望付出更多的时间/金钱/不便，并意识到你刚刚以一种方式（这可能会变得容易规避）更难以挑战。但是，从好的一面来看，整个软件行业已经一帆风顺，没有对反编译的绝对保护。

签署并密封您的JAR文件。这可以防止人们向你的JAR文件添加东西，并防止人们更换代码的一部分（以更好地理解操作程序）。

考虑一个类/方法名称混淆器。这会将您的类和方法名称重命名为包含诸如a.a（..）等小名称而不是Client.connect（...）的等效结构。这使得其他人更难阅读你的代码（在这种情况下，其他人也包括你自己，所以如果你打算调试，这会增加你支持代码的成本）。哦，这会打破任何反射，所以你必须为反射提供解决方法和修复。

如果您提供任何形式的体面日志，您还需要混淆日志记录，否则只需要读取从类发出的日志消息来确定类h是DatabaseConnection，类k是用户数据对象等。

可以始终提取类中的嵌入字符串。所以，如果你想保护它们，你必须嵌入混乱的字符串，并在使用之前解密它们。这样做有CPU的开销，并且一旦知道解扰路由，整个过程就可以避开。

存在异国情调的解决方案，例如重写代码执行类似操作的等效代码。问题是，为了最终交付成果是有用的，它仍然必须与原始的完全相同，但是现在调试输出甚至不遵循原始代码。

通常人们想保护解决问题的能力，而不是真正的源代码。牢记这一点，通过提供有用的东西，通常复制已编译的元素足以破坏这个代码是我的心态。如果你真的想控制你的代码，不要释放它，建立一个服务器，并提供软件解决方案作为一项服务在你自己的硬件。

Using Play or Grails or any other JVM framework;

Is there a way (or what is the way) to full compile the generated war/jar files so that the source code can be hidden, without the possibility of decompiling?

Or even after compilation, is it possible to easily decompile and get strings and classes? e.g. db connection et al.

Thank you.

解决方案

No, you cannot compile anything without the possibility of decompiling. That said, you can do some things to make the process more costly.

The real trick is to make the costs low to you and expensive to others. In short, expect to pay more in time / money / inconvenience and realize that you have just made the challenge harder, in one way (that possibly might become easy to circumvent). But, look on the bright side, the entire software industry has gotten along just fine without absolute protections against decompiling.

Sign and seal your JAR files. This prevents people from adding things to your JAR files and prevents people from replacing parts of your code (to get a better understanding of the operating program).

Consider a class / method name obfuscator. This will rename your classes and method names into an equivalent structure that contains small names like "a.a(..)" instead of "Client.connect(...)". This makes it harder for others to read your code (and others includes yourself in this case, so if you intend to debug, this increases your cost to support the code). Oh, and this breaks any reflection, so you must provide work-arounds and fixes for reflection.

If you provide any kind of decent logging, you also need to obfuscate the logging, otherwise one need only read the log messages emitted from a class to figure out that class "h" is the DatabaseConnection, class "k" is the "User" data object, etc.

Embedded strings in your classes can always be extracted. So, if you want to protect them, you must embed "scrambled" strings, and "descramble" them prior to use. Doing so has a CPU overhead, and as soon as the "descrambling" routing is known, the entire process can be circumvented.

Exotic solutions exist, like rewriting your code into equivalent code which performs similar operations. The problem is that for the end deliverable to be useful, it still must perform identically to the original, yet now to debug the output isn't even following the original code.

Often one wants to protect the ability to solve the problem, not really the source code. Keep this in mind, by delivering something that works, often copying the already-compiled elements is enough to breach the "this code is mine" mindset. If you really want control over you code, don't release it, set up a server and offer the software solution "as a service" on your own hardware.

这篇关于有没有办法编译隐藏源代码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！