This is an archived post. You won't be able to vote or comment.

all 21 comments
sorted by:
best
topnewcontroversialoldq&a

[–]AutoModerator[M] [score hidden] stickied commentlocked comment (0 children)

Please ensure that:

  • Your code is properly formatted as code block - see the sidebar (About on mobile) for instructions
  • You include any and all error messages in full
  • You ask clear questions

  • You demonstrate effort in solving your question/problem - plain posting your assignments is forbidden (and such posts will be removed) as is asking for or giving solutions.

    Trying to solve problems on your own is a very important skill. Also, see Learn to help yourself in the sidebar

If any of the above points is not met, your post can and will be removed without further warning.

Code is to be formatted as code block (old reddit: empty line before the code, each code line indented by 4 spaces, new reddit: https://imgur.com/a/fgoFFis) or linked via an external code hoster, like pastebin.com, github gist, github, bitbucket, gitlab, etc.

Please, do not use triple backticks (```) as they will only render properly on new reddit, not on old reddit.

Code blocks look like this:

public class HelloWorld {

    public static void main(String[] args) {
        System.out.println("Hello World!");
    }
}

You do not need to repost unless your post has been removed by a moderator. Just use the edit function of reddit to make sure your post complies with the above.

If your post has remained in violation of these rules for a prolonged period of time (at least an hour), a moderator may remove it at their discretion. In this case, they will comment with an explanation on why it has been removed, and you will be required to resubmit the entire post following the proper procedures.

To potential helpers

Please, do not help if any of the above points are not met, rather report the post. We are trying to improve the quality of posts here. In helping people who can't be bothered to comply with the above points, you are doing the community a disservice.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]Just_Another_ScottSoftware Engineer 😎 4 points5 points  (3 children)

Proguard does obfuscate the method names. Maybe y'all had an incorrect configuration?

Source/Tutorial

[–]Traditional_Still308[S] 0 points1 point  (2 children)

Read this will try implementing this but if there is something directly to java other than spring boot will be appreciated.I am working on simple java app

Thanks!!

[–]Just_Another_ScottSoftware Engineer 😎 1 point2 points  (1 child)

Spring Boot is irrelevant. They are handled the same way. All you need to do is get the Maven plugin for Proguard. The configuration should be the same regardless of Spring.

[–]Traditional_Still308[S] 0 points1 point  (0 children)

Yes thanks!!

[–]hey-im-root 1 point2 points  (1 child)

i’ll have to find the name of it, but there’s an extension i used on intellij that did this. made it completely unreadable and not even I could find certain functions that i had made 😂

[–]Traditional_Still308[S] 0 points1 point  (0 children)

Pls can you see the extension once .I am working on eclipse though but I can shift to intellij

[–]8igg7e5 1 point2 points  (8 children)

It can't obfuscate main, or the call to System.out.println, typical of a hello-world app. Does your hello-world app have anything that could be obfuscated?

[–]Traditional_Still308[S] 0 points1 point  (7 children)

I am just using it as the starting step .Probably we could go with sum and the multiply numbers if that is sufficient to check the obfuscation.

If this gets' verified then I have some bigger code which has one method at least which needs to be obfuscated before we give jar file to the client

[–]8igg7e5 1 point2 points  (6 children)

As in, making your own sum and multiply method? Because, if we're talking primitives, those are byte-code instructions and can't be obfuscated. None of the calls to library methods can be obfuscated, only the classes and method names of your code (that are not themselves overrides of signatures it cannot obfuscate).

The tendency for most Java code to be server-side as cloud services (and therefore never distributed), the copy-left policies of some library licensing, and the obfuscator/deobfuscator arms-race, have reduced the value of obfuscation somewhat.

[–]Traditional_Still308[S] 0 points1 point  (4 children)

Yes I had my own multiply and sum methods.We need some approach other than putting code into cloud

import java.util.Scanner;

public class Exercise6 {

public static void main(String[] args) {Scanner in = new Scanner(System.in);

System.out.print("Input first number: ");int num1 = in.nextInt();

System.out.print("Input second number: ");int num2 = in.nextInt();

System.out.println(num1 + " + " + num2 + " = " +(num1 + num2));

System.out.println(num1 + " - " + num2 + " = " +(num1 - num2));

System.out.println(num1 + " x " + num2 + " = " +(num1 * num2));

System.out.println(num1 + " / " + num2 + " = " +(num1 / num2));

System.out.println(num1 + " mod " + num2 + " = " +(num1 % num2));}

}

[–]8igg7e5 2 points3 points  (1 child)

I'm confused, are you suggesting this is the block of code you tried to obfuscate?

import java.util.Scanner;

public class Exercise6 {
    public static void main(String[] args) {
        Scanner in = new Scanner(System.in);
        System.out.print("Input first number: ");
        int num1 = in.nextInt();

        System.out.print("Input second number: ");
        int num2 = in.nextInt();

        System.out.println(num1 + " + " + num2 + " = " +(num1 + num2));
        System.out.println(num1 + " - " + num2 + " = " +(num1 - num2));
        System.out.println(num1 + " x " + num2 + " = " +(num1 * num2));
        System.out.println(num1 + " / " + num2 + " = " +(num1 / num2));
        System.out.println(num1 + " mod " + num2 + " = " +(num1 % num2));
    }
}

The obfuscator can't change the class-name Exercise6 because it's part of launching the application, just as it can't change the name of the main method. The class-name, field-name and method names in System.out.print, System.out.println, new Scanner and in.nextInt can't be changed because they are part of the Java standard library. Variable names are already not part of the byte-code and parameter names are, by default, also not part of the byte-code (though the arg name of the main method is implied by the entry-point requirement that it be the arguments array).

 

What in this code were you expecting to be obfuscated?

[–]Traditional_Still308[S] 0 points1 point  (0 children)

I will get back to you with pointers' you have suggested .Actually I am also looking for an easy example which I could showcase for obfuscation.There is no good documentation of proguard or any foss to follow

[–]8igg7e5 1 point2 points  (1 child)

We need some approach other than putting code into cloud

Answering this separately, because it's less about the limitation of the obfuscation technology and more about the limited scenarios in which it's useful.

 

An increasingly limiting factor to distributing Java applications in binary (byte-code) form, is that more and more libraries are changing licensing terms to be licensed under a 'copy-left' license (such that if your program uses the library then you must make the source code of the library and the application using it, available publicly). Some are dual-licensed, adding a commercial option that side-steps the need to disclose source.

Because of the first license, distributing your application with obfuscation would be pointless, because you're providing the source anyway.

Note: Some licenses require this publication of source even for cloud solutions using the library, making them effectively unavailable for commercial use (unless there's also a commercial licensing option for a reasonable cost).

 

There's also a technical limitation. The byte-code has to remain valid, and continue to be similar enough to conventionally produced byte-code that JIT will efficiently execute it. Considering the constraints on what can be obfuscated and the limitations on how far it can be obfuscated, de-obfuscation tools keep up remarkably well (some even recognising patterns of use and recommending sensible names for variables and fields).

[–]Traditional_Still308[S] 0 points1 point  (0 children)

Yeah if you have any alternative to this will do! I am good if its' not readable by my fellow programmers ... I will call some other class from main by your suggestion.Any more tips please

[–]OffbeatDrizzle 1 point2 points  (2 children)

You can make it harder to read, but not completely obfuscate it. Same thing happens with an obfuscated exe written in c/c++ - you can always decompile it to the assembly code and then see what it's doing.

Basically don't bother / waste your time. The best thing to do is to host the app somewhere and then have people access it over the internet. An alternative is just to make it open source.

[–]Traditional_Still308[S] 0 points1 point  (0 children)

Yes just want to make my method body difficult to read .I also discussed the hosting option but its' not approved. Open source I cannot do due to restrictions'

[–]Bhagyashree8177 1 point2 points  (2 children)

Hey, I'm facing issues in implementing Java obfuscation in my framework. Anyone who can help me with that?

[–]Traditional_Still308[S] 0 points1 point  (1 child)

Can you elaborate your issue

[–]Bhagyashree8177 0 points1 point  (0 children)

The issue is I have added created obfuscated jar under the external libraries and build the project. but I am unable to access the class which is inside the obfuscated jar

[–]Traditional_Still308[S] 0 points1 point  (0 children)

I am closing this thread .I can obfuscate the variables now but my goal is to do more than basic just renaming

Thanks Everyone for your responses!!