How to prevent jar-file from being downloaded?

Califrom · January 12, 2008, 7:00pm

I have a (signed) Java applet at my website. I don’t want that just anyone can download my Game.jar and take a look at my code. Of course I have just the .class-files (+pics,wav:s etc) packed there, but as far as I know they can be easily decompiled.
But still as I want to prevent jar from being downloaded, I also want that everyone can play my game.

The html code is similar to this:


<applet
  codebase = "."
  code     = "Appletclass.class"
  archive  = "Game.jar"
  name     = "The game"
  width    = 700
  height   = 500
  hspace   = 0
  vspace   = 0
  align    = top>

</applet>

So what options do I have? I would like to keep the game files packed as a jar.

ORFJackal · January 12, 2008, 7:34pm

You can’t prevent downloading the jar - if the user can’t do it, he won’t be able to play the game. There are some programs which obfuscate the class files so that they would be harder to decompile, but there is no 100% sure way to prevent it.

And besides, why should you protect the code? If somebody really wants to decompile it, you can only make it a little bit more complicated, but not prevent it. And if it’s just a normal little game applet, nobody would be interested in it anyway.

Califrom · January 12, 2008, 7:48pm

Yes, I’m aware of these code obfuscators. But there’s also image- and wav-files… And you are right about the fact, that it’s just a game and code doesn’t have to be 100% secure from that point of view.

Is there a way to hide the codebase? Some scripting or something like that…? (I don’t know anything about that) The goal is to make it a little bit harder for a user to download source files.

darkprophet · January 12, 2008, 9:09pm

don’t use wav or any common image formats…Make your own format, write your own parser and that makes it hard enough for casual users. But people who are insistent on getting your stuff will get it.

DP

ORFJackal · January 12, 2008, 10:31pm

If your game is a client-server game and you keep most of the logic in the server side, then nobody can access that part. If you have only a thin client, then the client is not much of a use without the server.

Everything on the client side is unprotected and unsecure. Especially in multiplayer games, you should always assume that a player’s client has been modified/hacked and that you can’t trust any parameters that the client gives to the server.

EDIT: If you keep the resources (images, sounds) outside the .jar and load them in the program code dynamically from the server, that will make it harder to copy the resource files. Somebody would need to read the decompiled program code and find out where the program gets its resources. He might also need to write a little custom program that saves all resources into files. But even then, it would take only an hour or two for an experienced programmer to get your resources.

oNyx · January 12, 2008, 11:30pm

Somebody would need to read the decompiled program code and find out where the program gets its resources.

No. a) Cache b) Sniffer.

But even then, it would take only an hour or two for an experienced programmer to get your resources.

More like a few minutes.

It’s pointless, really.