Creating non-reverse-engineerable Java programs

Question

Is there a way to deploy a Java program in a format that is not reverse-engineerable?

I know how to convert my application into an executable JAR file, but I want t

Answer 1

As someone said above, reverse engineering could always decompile your executable. The only way to protect your source code(or algorithm) is not to distribute your executable.

separate your application into a server code and a client app, hide the important part of your algorithm in your server code and run it in a cloud server, just distribute the client code which works only as a data getter and senter.

By this even your client code is decompiled. You are not losing anything.

But for sure this will decrease the performance and user convenience.

I think this may not be the answer you are looking for, but just to raise different idea of protecting source code.

Answer 2

You could obfuscate your JAR file with YGuard. It doesn't obfuscate your source code, but the compiled classes, so there is no problem about maintaining the code later.

If you want to hide some string, you could encrypt it, making it harder to get it through looking at the source code (it is even better if you obfuscate the JAR file).

Answer 3

I'm tempted to ask why you'd want to do this, but I'll leave that alone...

The problem I see is that the JVM, like the CLR, needs to be able to intrepert you code in order to JIT compile and run it. You can make it more "complex" but given that the spec for bytecode is rather well documented, and exists at a much higher level than something like the x86 assembler spec, it's unlikely you can "hide" the process-flow, since it's got to be there for the program to work in the first place.

Answer 4

If you know which platforms you are targeting, get something that compiles your Java into native code, such as Excelsior JET or GCJ.

Short of that, you're never going to be able to hide the source code, since the user always has your bytecode and can Jad it.

Answer 5

With anything interpreted at some point it has to be processed "in the clear". The string would show up clear as day once the code is run through JAD. You could deploy an encryption key with your app or do a basic ceasar cipher to encrypt the host connect info and decrypt at runtime...

But at some point during processing the host connection information must be put in the clear in order for your app to connect to the host...

So you could statically hide it, but you can't hide it during runtime if they running a debugger

Answer 6

The short answer is "No, it does not exist".

Reverse engineering is a process that does not imply to look at the code at all. It's basically trying to understand the underlying mechanisms and then mimic them. For example, that's how JScript appears from MS labs, by copying Netscape's JavaScript behavior, without having access to the code. The copy was so perfect that even the bugs were copied.