I’ve seen very little of anything being reused among projects. :point:
I’m currently attempting to make a Java bytecode encrypter, that uses a custom classloader to load encrypted classes at runtime. So far it’s been able to protect against decompilers (unreadable class files) and JVMTI (instrumentation, javaagents)
an example of a javaagent that is able to dump the source of encrypted class files is the following:
public class TestAttacker
implements ClassFileTransformer {
public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
try {
FileOutputStream fos = new FileOutputStream(className.replace("/", ".").replace("\\", ".") + "#" + this.hashCode() + ".class");
fos.write(classfileBuffer);
fos.close();
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
public static void premain(String paramString, Instrumentation paramInstrumentation) {
System.out.println("TestAttacker init");
paramInstrumentation.addTransformer(new TestAttacker());
}
}
I’ll post a demo later to see if anyone can actually crack it.
All you need to know is the key and the method.
The JVM itself at some point always loads regular bytecode, no matter how fancy your classloader is. You can alter the JVM itself and intercept the byte[] of the classes that are just about to be loaded. You don’t even need the key.
attempt to crack it: http://www.java-gaming.org/index.php/topic,24131.msg202144/topicseen.html#msg202144
@Riven: That’s certainly true. I was thinking just decompile the “plaintext” classes, modifiy the classloader(s) to spit out plaintext…cause that’s less work.
@Dx4: I’m too lazy. The point is that nothing you do on the client side is safe. Ever.
I don’t think modifying the classloader will work to crack my classloader as the plaintext class is never in java memory.
At some point the code must be plain text bytecode in the JVM. You can just intercept it there.
You are not the first to try, but what you are doing doesn’t work. It doesn’t work because the untrusted party must have the “key” in order to be able to use the code. As far as cryptography is concerned, its game over.
Seriously why are you so worried about decompilation? And why do you think it matters more than readable byte code anyway? We have been hacking hardware and software for a long time, and only one thing stays constant. It gets hacked. See mame, ACC, CSS, PS2 etc.
Hehe: Just for fun I downloaded your jar. It won’t run on my 64-bit version of hotspot (The DLL barfs). That’s one way to protect the info.
yeah, I compiled it on x86 therefore it only runs with 32-bit virtual machines.
ProGuard doesn’t really… work! Last time I tried it, it wouldn’t do anything to my code (I decompiled and checked) :cranky:
Then it told me to provide obfuscated names in some mysti-fysti-file-format and I gave up. Not really the most straightforward tool IMHO. I didn’t read the manual but good software works for anyone without a manual! Right?! Riight?
“3ds Max” -SshhhSssH!
It does work, I’ve used successfully many times. Maybe you didn’t set it up properly?
Code is as cheap as you allow it to be. Good code is a rare and valuable resource just like Albert Einstein was a rare and valuable resource, but it is only worth what you make it out to be.
Smart people tend not to make money from code because they don’t take advantage of others like leaders do. Is the code on a killing machine valuable? Hell Yes It Is. Is code you give away valuable? Yes, but you will you not make money from it.
So good code is not only going to become expense it will become a necessity soon.
You could also write your game in a non-Java language and then compile to bytecode. Doesn’t stop decompilation, but most people would attempt to decompile your program into Java. So having it written in Ruby or Scala would throw them (and maybe even brake the decompiler if it’s doing something non-Java).
OR you could write in LISP. Then it doesn’t matter too much if they can see the source.
Lisp is awesome. I would use it far more if i was “permitted”. As it was, my current work was a fight to get java rather than C.
LISP is awesome, but very few people can make heads-or-tails of it.

LISP is awesome, but very few people can make heads-or-tails of it.
LOL (I assume you meant that as a joke)
That’s one of those 99% joking & 1% serious kinda things.