AFAIK, there is currently no way in the standard applet runners to
encrypt your class file or anything similar -- i'm sure i'll be
corrected quickly enough if i'm wrong on this -- however one of the
best things you can do to make your decompiled code a lot more
impenetrable is to obfuscate it.
Most peoples preferred obfuscator thesedays seems to be Proguard
( http://proguard.sourceforge.net/ )
Whilst your class is still decompilable, all token names will be
replaced with one- or two-character versions that raise the stakes in
understanding and succesfully modifying the decompiled code.
[ProGuard is a free Java class file shrinker, optimizer, and
obfuscator. It can detect and
remove unused classes, fields, methods, and attributes. It can then optimize
bytecode and remove unused instructions. Finally, it can rename the
remaining classes, fields, and methods using short meaningless
names. The resulting
jars are smaller and harder to reverse-engineer.]
Also consider techniques such as addding checks to checksum the code
or classes (or to look into sensitive classes by reflection), if
possible and behave differently if you don't read the correct
checksum. Also be sure to look closely at how you are sending data to
the server (if you have a client-server app) and try to restrict the
server-side component to only respond to *valid* and possibly
*verified* requests from *your* client.
On 19 Sep 2005 17:01:42 -0000, confusionvalley@netcabo.pt
<confusionvalley@netcabo.pt> wrote:
Hello all,
I'm currently developing a Java applet and i want to protect the .class from
being downloaded.
It's very easy to download the .class file..just check the HTML code and get
the class name wich will be loaded..then with a download program you can get
the class file and decompile it to get the source code.
The real objective is to protect the source code from the html and not so
grabbers.
Any idea to protect the html/java?
Best regards,
Nuno
