If you are writing Java classes and distributing them over the Internet, you should know that people can reverse-engineer, disassemble, or decompile your classes into Java source code. One of such decompiler is JAD. In this article we discuss about the usage of JAD to decompile the Java class.
So to make the job of reverse engineers tough, we uses Java Obfuscators to protect out class files and make them difficult to decompile. The process of obfuscation will convert bytecode into a logical
equivalent version that is extremely difficult for decompilers to pick apart. Keep in mind that the decompilation process is extremely complicated and cannot be easily ‘tweaked’ to bypassed obfuscated
code. Essentially the process is as follows:
- Compile Java source code using a regular compiler (ie. JDK)
- Run the obfuscator, passing in the compiled class file as a
parameter. The result will be a different output file (perhaps with a
This file, when renamed as a .class file, will be functionally equivalent to the original bytecode. It will not affect performance because a virtual machine will still be able to interpret it.
Let us see some tools that can be used to obfuscate the Java bytecode.
Zelix KlassMaster is a utility written in Java that reads and modifies Java class files. KlassMaster views, edits, obfuscates, and unobfuscates. It will run on any platform that supports version 1.1.6
of the Java Virtual Machine. Zelix KlassMaster 2.0 builds on 1.0 by providing a sophisticated name-exclude facility and an advanced script interface called ZKMScript, complete with its own interactive wizard.
Canner protects your code from reverse engineering by creating a native Windows executable (EXE file) that contains an encrypted version of all of your application’s classes and resources. The contents are decrypted in memory as they are requested by the JVM.
Jmangle – The Java Class Mangler
The Jmangle program helps discourage reverse engineering of Java programs and software piracy by allowing the developer to mangle the symbols used in the class file. Long descriptive names for classes,
methods and fields can be replaced by meaningless symbols making it much more difficult to reverse engineer. Jmangle allows the developer to selectively mangle just the classes internal to the application while leaving desired public class, method and field names unmangled.
– Mangle package, class, method and field names
– Control mangling by access control (e.g., public, protected, private, friendly)
– Control mangling options on a class by class basis
– Strip debugging information
– Insert string tags to secretly mark class files as yours
– Output map of symbols to mangled symbols
– Easy to use graphical user interface, see screenshot.
– Command line interface, useful in Makefiles and build scripts
– Reduces size of strings in class files for better performance
JavaGuard is a general purpose bytecode obfuscator, designed to fit effortlessly into your regular build and testing process, providing peace of mind that your valuable Java code is more secure against decompilation and other forms of reverse engineering.
JODE is a java package containing a decompiler and an optimizer for java. The optimizer transforms class files in various ways with can be controlled by a script file. It supports the following operations:
– Renaming class, method, field and local names to shorter, obfuscated, or unique names or according to a given translation table
– Removing debugging information
– Removing dead code (classes, fields, methods) and constant fields
– Optimizing local variable allocation
There are several other similar utilities that you can use as well. These utilities use many different techniques to obtain (more or less) the same result. Collectively, they allow conversion to .exe files (a different process), as well as obfuscation of .class and .jar files. A comprehensive list is available in the Google Directory: http://directory.google.com/Top/Computers/Programming/Languages/Java/Development_Tools/Obfuscators/