11 replies to this topic

[SPEhosting]

ok basically im writing java programs, but i want it so no one can read or ever read the code ..... how do i do this ?

[Glassed Silver]

Well, Java is rather easy to decompile, so if you rely that much on lack of easy code extraction... You're basically screwed with Java.

Afaik at least.
I could be wrong.

Glassed Silver:mac

[omnicoder]

Java compiles to bytecode which can be rather easily converted back into readable source code with a free tool like this. Java isn't meant for keeping your source code secure and even if you use C++ someone sufficiently dedicated will manage to reverse-engineer your code if they want to. I'm not trying to be offensive, but if you have to ask this question you probably aren't writing anything that would be worth someone's time to try to steal anyway at the moment. Just write your program, practice and don't worry about people decompiling your code because anything you do can only make it slightly harder for them, not stop them.

[SPEhosting]

omnicoder, on 20 November 2012 - 15:38, said:

Java compiles to bytecode which can be rather easily converted back into readable source code with a free tool like this. Java isn't meant for keeping your source code secure and even if you use C++ someone sufficiently dedicated will manage to reverse-engineer your code if they want to. I'm not trying to be offensive, but if you have to ask this question you probably aren't writing anything that would be worth someone's time to try to steal anyway at the moment. Just write your program, practice and don't worry about people decompiling your code because anything you do can only make it slightly harder for them, not stop them.

I do not take you comment offensively but I am making encryption programs and I am simply exploring methods to ensure no reverse engineering of the encrypted data can happen (or happen with extreme ease)

[Eddie7]

Scramble Java with C++. It's what Facebook does. Take a look at their source and you'll be completely lost!

[Max Norris]

Could look into an obfuscator. Not 100% foolproof(if somebody wants to decompile your code they will, there are no magic bullets for software protection) but certainly makes it a bit tougher.

[Glassed Silver]

SPEhosting, on 20 November 2012 - 15:54, said:

I do not take you comment offensively but I am making encryption programs and I am simply exploring methods to ensure no reverse engineering of the encrypted data can happen (or happen with extreme ease)

Pure Java doesn't seem like a too great idea for me here.

Glassed Silver:mac

[+Asik]

SPEhosting, on 20 November 2012 - 15:54, said:

I do not take you comment offensively but I am making encryption programs and I am simply exploring methods to ensure no reverse engineering of the encrypted data can happen (or happen with extreme ease)

A good encryption method is hard to break even if the attacker knows exactly how it works. Obfuscating your source code will NOT improve the strength of the encryption it performs. Everyone knows how AES works, for instance, yet no one can break it. The program TrueCrypt is open-source yet it is widely used to secure sensitive data and is considered secure.

Security comes not from obfuscation of algorithms but from the time it would take an attacker to break the encryption.

[Lant]

Dr_Asik, on 20 November 2012 - 17:36, said:

A good encryption method is hard to break even if the attacker knows exactly how it works. Obfuscating your source code will NOT improve the strength of the encryption it performs. Everyone knows how AES works, for instance, yet no one can break it. The program TrueCrypt is open-source yet it is widely used to secure sensitive data and is considered secure.

Exactly, encryption should be provably difficult to calculate the reverse of some function. Don't rely on security through obscurity, use logic and proofs!

[n_K]

There is no such thing.
You can make it harder yes, if you want to completely stop people from knowing how your program works well then the best and only way I can see to do that is release your program in a non-working state.
If a computer can read and execute it, so can a human (with some effort/tools/hassle)

[+theblazingangel]

SPEhosting, on 20 November 2012 - 15:54, said:

I do not take you comment offensively but I am making encryption programs and I am simply exploring methods to ensure no reverse engineering of the encrypted data can happen (or happen with extreme ease)

Dr_Asik, on 20 November 2012 - 17:36, said:

A good encryption method is hard to break even if the attacker knows exactly how it works. Obfuscating your source code will NOT improve the strength of the encryption it performs. Everyone knows how AES works, for instance, yet no one can break it. The program TrueCrypt is open-source yet it is widely used to secure sensitive data and is considered secure.

Security comes not from obfuscation of algorithms but from the time it would take an attacker to break the encryption.

This!

OP, forget it, code obfuscation is not about protecting data, it's about making it harder for other programmers to copy your code. As Asik said above, just simply encrypt your data, and for f-sake don't create your own encryption algorithm, use something standard.

This thread is pointless, lets return conversation to your other thread or make a new one on the lines of 'help me design a secure chat client'.

[thatguyandrew1992]

This thread is useful because I was wondering the same thing!