• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Obfuscation using Alltori

 
moshi cochem
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I try to find an obfuscator to obfuscate a jar file, and I found Alltori that seems very easy to use.
I did what I had to do according to their first step - I obfuscated a jar file of mine.
The problem is that I can open it with DJ Java Decompiler. Make sence ?
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An obfuscator does just that - it obfuscates code. That does not prevent decompilation, which is ultimately impossible for Java bytecode.
 
Wouter Oet
Saloon Keeper
Posts: 2700
IntelliJ IDE Opera
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An obfuscator just makes the byte code less readable. Nothing more nothing less
 
moshi cochem
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
first of all - thanks a lot for your help.
My question is this:.

If I want to save a password in my java code inside a jar file - hardcoded ?
Evryone can invoke DJ on my jar, to go to my class and to find my password.
Any idea for it ?
By the way, I use a very simple database, so encrytion in the database may not be a good idea...
Thanks a lot for any help !
 
Wouter Oet
Saloon Keeper
Posts: 2700
IntelliJ IDE Opera
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could run certain parts of your application on a server and let clients communicate with it.
But if it is a simple program that would probably be overkill. You could give the database user
very limited access to the database for instance only read rights.
 
John de Michele
Rancher
Posts: 600
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Moshi:

I would avoid hardcoding passwords in jar files, if at all possible. A better choice would be to send the text password through a hash function, and save that result. Then, when someone enters the password text, you can hash that, and compare the two hashed versions to see if the password is correct.

John.
 
moshi cochem
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello friends, thanks for your help.
I had mistake about Alltori - it abfuscates the class files not the java files.
My problem now is how to execute a jar out of my project, that will contain .class files instead of .java files.
If anyone knows how to do it using eclipse, I'll be glad to here.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You do understand that it will always be possible to recover a form of source code that can be compiled, no matter what you do, right?

Obfuscation only applies to class files anyway (and you wouldn't be distributing the source code to begin with).
 
moshi cochem
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I found how to execute jar without the .java files. Thanks.
about the pswrd, I won't make it hard coded.
Thanks.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic