File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java in General and the fly likes Obfuscation using Alltori Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Obfuscation using Alltori" Watch "Obfuscation using Alltori" New topic
Author

Obfuscation using Alltori

moshi cochem
Ranch Hand

Joined: Nov 10, 2009
Posts: 91
Hi,
I try to find an obfuscator to obfuscate a jar file, and I found Alltori that seems very easy to use.
I did what I had to do according to their first step - I obfuscated a jar file of mine.
The problem is that I can open it with DJ Java Decompiler. Make sence ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41885
    
  63
An obfuscator does just that - it obfuscates code. That does not prevent decompilation, which is ultimately impossible for Java bytecode.


Ping & DNS - my free Android networking tools app
Wouter Oet
Saloon Keeper

Joined: Oct 25, 2008
Posts: 2700

An obfuscator just makes the byte code less readable. Nothing more nothing less


"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." --- Martin Fowler
Please correct my English.
moshi cochem
Ranch Hand

Joined: Nov 10, 2009
Posts: 91
Hi,
first of all - thanks a lot for your help.
My question is this:.

If I want to save a password in my java code inside a jar file - hardcoded ?
Evryone can invoke DJ on my jar, to go to my class and to find my password.
Any idea for it ?
By the way, I use a very simple database, so encrytion in the database may not be a good idea...
Thanks a lot for any help !
Wouter Oet
Saloon Keeper

Joined: Oct 25, 2008
Posts: 2700

You could run certain parts of your application on a server and let clients communicate with it.
But if it is a simple program that would probably be overkill. You could give the database user
very limited access to the database for instance only read rights.
John de Michele
Rancher

Joined: Mar 09, 2009
Posts: 600
Moshi:

I would avoid hardcoding passwords in jar files, if at all possible. A better choice would be to send the text password through a hash function, and save that result. Then, when someone enters the password text, you can hash that, and compare the two hashed versions to see if the password is correct.

John.
moshi cochem
Ranch Hand

Joined: Nov 10, 2009
Posts: 91
Hello friends, thanks for your help.
I had mistake about Alltori - it abfuscates the class files not the java files.
My problem now is how to execute a jar out of my project, that will contain .class files instead of .java files.
If anyone knows how to do it using eclipse, I'll be glad to here.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41885
    
  63
You do understand that it will always be possible to recover a form of source code that can be compiled, no matter what you do, right?

Obfuscation only applies to class files anyway (and you wouldn't be distributing the source code to begin with).
moshi cochem
Ranch Hand

Joined: Nov 10, 2009
Posts: 91
Hi,
I found how to execute jar without the .java files. Thanks.
about the pswrd, I won't make it hard coded.
Thanks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Obfuscation using Alltori