• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Disassembly of applets

 
Vernon Gibson
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to bury a secret in an applet, let's say it's a string of digits.
How difficult would it be for someone to disassemble the class file and divulge the secret?
Regards
Vernon
 
Dave Turner
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wasnt sure so i did a quick test, and it looks like it would be pretty easy to find the String if it was hard coded into the applet:

here is some of the bytecode generated:
()V <init> Code
LineNumberTable Ljava/lang/String;
SourceFile
TestApplet
TestApplet.java This is a hidden String destroy hidden init
java/applet/Applet start stop 1
so you wouldnt need to disassemble it, just look at it in a text editor. Although you would have to know what you were looking for i guess.
hope this helps
dave
 
Vernon Gibson
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Dave!
That's a little too easy!!!
Vernon
 
Nathan Pruett
Bartender
Posts: 4121
IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Though you could make a decryptor function in your program, and make another program to encrypt all the strings you wanted and then go hand code all the encrypted versions of the strings you want into your program... Though it's a little bit of overkill... this way it would be alot harder for someone using your applet to break down the decryptor function in the class file to decrypt the string themselves.
HTH,
-Nate
 
Vernon Gibson
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Thanks for your replies.
In addition to the above, I've also found a site for someone who calls himself Java Jeff. He sells a piece of code that will disassemble a class file. I'm sure there are others.
So... even if I encrypt the strings, as Nate suggested, an attacker could easily disassemble the class file and discover the decryption algorythm, and thereby the secrets.
I guess the bottom line is that sensitive data should never be hard coded into a class file.
Regards,
Vernon
 
Angela Lamb
Ranch Hand
Posts: 156
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here's an link to an article about preventing decompilation of your applets:
http://www.javaworld.com/javaworld/javatips/jw-javatip22.html
 
Vernon Gibson
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Angela!
Crema seems like it will do the trick to protect byte code.
That's also nice marketing: The guy who sells Crema(the protector) also gives away Mocha (the disassembler)!!
Thanks,
Vernon
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic