• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

Disassembly of applets

 
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to bury a secret in an applet, let's say it's a string of digits.
How difficult would it be for someone to disassemble the class file and divulge the secret?
Regards
Vernon
 
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wasnt sure so i did a quick test, and it looks like it would be pretty easy to find the String if it was hard coded into the applet:

here is some of the bytecode generated:
()V <init> Code
LineNumberTable Ljava/lang/String;
SourceFile
TestApplet
TestApplet.java This is a hidden String destroy hidden init
java/applet/Applet start stop 1
so you wouldnt need to disassemble it, just look at it in a text editor. Although you would have to know what you were looking for i guess.
hope this helps
dave
 
Vernon Gibson
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Dave!
That's a little too easy!!!
Vernon
 
Bartender
Posts: 4121
IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Though you could make a decryptor function in your program, and make another program to encrypt all the strings you wanted and then go hand code all the encrypted versions of the strings you want into your program... Though it's a little bit of overkill... this way it would be alot harder for someone using your applet to break down the decryptor function in the class file to decrypt the string themselves.
HTH,
-Nate
 
Vernon Gibson
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Thanks for your replies.
In addition to the above, I've also found a site for someone who calls himself Java Jeff. He sells a piece of code that will disassemble a class file. I'm sure there are others.
So... even if I encrypt the strings, as Nate suggested, an attacker could easily disassemble the class file and discover the decryption algorythm, and thereby the secrets.
I guess the bottom line is that sensitive data should never be hard coded into a class file.
Regards,
Vernon
 
Ranch Hand
Posts: 156
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here's an link to an article about preventing decompilation of your applets:
http://www.javaworld.com/javaworld/javatips/jw-javatip22.html
 
Vernon Gibson
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Angela!
Crema seems like it will do the trick to protect byte code.
That's also nice marketing: The guy who sells Crema(the protector) also gives away Mocha (the disassembler)!!
Thanks,
Vernon
 
Seriously? That's what you're going with? I prefer this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic