I would like to bury a secret in an applet, let's say it's a string of digits. How difficult would it be for someone to disassemble the class file and divulge the secret? Regards Vernon
Dave Turner
Ranch Hand
Joined: Mar 13, 2001
Posts: 60
posted
0
I wasnt sure so i did a quick test, and it looks like it would be pretty easy to find the String if it was hard coded into the applet:
here is some of the bytecode generated: ()V <init> Code LineNumberTable Ljava/lang/String; SourceFile TestApplet TestApplet.java This is a hidden String destroy hidden init java/applet/Applet start stop 1 so you wouldnt need to disassemble it, just look at it in a text editor. Although you would have to know what you were looking for i guess. hope this helps dave
Though you could make a decryptor function in your program, and make another program to encrypt all the strings you wanted and then go hand code all the encrypted versions of the strings you want into your program... Though it's a little bit of overkill... this way it would be alot harder for someone using your applet to break down the decryptor function in the class file to decrypt the string themselves. HTH, -Nate
-Nate
Write once, run anywhere, because there's nowhere to hide! - /. A.C.
Vernon Gibson
Ranch Hand
Joined: Dec 01, 2000
Posts: 35
posted
0
Hi All, Thanks for your replies. In addition to the above, I've also found a site for someone who calls himself Java Jeff. He sells a piece of code that will disassemble a class file. I'm sure there are others. So... even if I encrypt the strings, as Nate suggested, an attacker could easily disassemble the class file and discover the decryption algorythm, and thereby the secrets. I guess the bottom line is that sensitive data should never be hard coded into a class file. Regards, Vernon
Hi Angela! Crema seems like it will do the trick to protect byte code. That's also nice marketing: The guy who sells Crema(the protector) also gives away Mocha (the disassembler)!! Thanks, Vernon
0
this way it would be 
