security: effective Java program source code to prevent people peeping
Java program source code is easy to be seen by others, as long as there is an anti compiler, anyone can analyze the code of others. This article discusses how to modify the original program without the use of encryption technology to protect the source code.
a, why encryption?
more was in the small code base www.xk15.cn
for traditional languages such as C or C++, it is easy to protect the source code on the Web, as long as it is not released. Unfortunately, the Java program source code is easy to be seen by others. As long as there is an anti compiler, anyone can analyze the code of others. The flexibility of Java makes it easy to steal the source code, but at the same time, it also makes it easy to protect the code by encryption, the only thing we need to understand is that the Java ClassLoader object. Of course, in the encryption process, the knowledge about the Java Cryptography Extension (JCE) is also essential.
there are several techniques can "fuzzy" Java class file, so that the effect of the anti class file processing class greatly reduced. However, it is not difficult to modify the compiler to deal with these fuzzy class files, so we can not simply rely on fuzzy technology to ensure the security of the source code.
we can use popular encryption tools to encrypt applications, such as PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard). At this time, the end user must decrypt before running the application. But after decryption, the end user will have a class file is not encrypted, which does not make any difference in advance encryption.
The mechanism by which
Java runs into a byte code in a fashion implies that bytecode modifications can be made. JVM each time you load a class file, you need an object called ClassLoader, which is responsible for loading the new class into the running JVM. JVM gives ClassLoader a string that contains the name of the class to be loaded (such as java.lang.Object), then the ClassLoader is responsible for finding the class file, loading the raw data, and converting it to a Class object.
we can modify it by customizing the ClassLoader before executing the class file. The application of this technology is very extensive, where it is used when the class file is loaded, so it can be seen as an instant decryption device. Because the decrypted byte code file never saved to the file system, so it is very difficult to get QieMi the decrypted code.
converts the original bytecode into a Class object