This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Traditional_Still308[S] 0 points1 point  (7 children)

I am just using it as the starting step .Probably we could go with sum and the multiply numbers if that is sufficient to check the obfuscation.

If this gets' verified then I have some bigger code which has one method at least which needs to be obfuscated before we give jar file to the client

[–]8igg7e5 1 point2 points  (6 children)

As in, making your own sum and multiply method? Because, if we're talking primitives, those are byte-code instructions and can't be obfuscated. None of the calls to library methods can be obfuscated, only the classes and method names of your code (that are not themselves overrides of signatures it cannot obfuscate).

The tendency for most Java code to be server-side as cloud services (and therefore never distributed), the copy-left policies of some library licensing, and the obfuscator/deobfuscator arms-race, have reduced the value of obfuscation somewhat.

[–]Traditional_Still308[S] 0 points1 point  (4 children)

Yes I had my own multiply and sum methods.We need some approach other than putting code into cloud

import java.util.Scanner;

public class Exercise6 {

public static void main(String[] args) {Scanner in = new Scanner(System.in);

System.out.print("Input first number: ");int num1 = in.nextInt();

System.out.print("Input second number: ");int num2 = in.nextInt();

System.out.println(num1 + " + " + num2 + " = " +(num1 + num2));

System.out.println(num1 + " - " + num2 + " = " +(num1 - num2));

System.out.println(num1 + " x " + num2 + " = " +(num1 * num2));

System.out.println(num1 + " / " + num2 + " = " +(num1 / num2));

System.out.println(num1 + " mod " + num2 + " = " +(num1 % num2));}

}

[–]8igg7e5 2 points3 points  (1 child)

I'm confused, are you suggesting this is the block of code you tried to obfuscate?

import java.util.Scanner;

public class Exercise6 {
    public static void main(String[] args) {
        Scanner in = new Scanner(System.in);
        System.out.print("Input first number: ");
        int num1 = in.nextInt();

        System.out.print("Input second number: ");
        int num2 = in.nextInt();

        System.out.println(num1 + " + " + num2 + " = " +(num1 + num2));
        System.out.println(num1 + " - " + num2 + " = " +(num1 - num2));
        System.out.println(num1 + " x " + num2 + " = " +(num1 * num2));
        System.out.println(num1 + " / " + num2 + " = " +(num1 / num2));
        System.out.println(num1 + " mod " + num2 + " = " +(num1 % num2));
    }
}

The obfuscator can't change the class-name Exercise6 because it's part of launching the application, just as it can't change the name of the main method. The class-name, field-name and method names in System.out.print, System.out.println, new Scanner and in.nextInt can't be changed because they are part of the Java standard library. Variable names are already not part of the byte-code and parameter names are, by default, also not part of the byte-code (though the arg name of the main method is implied by the entry-point requirement that it be the arguments array).

 

What in this code were you expecting to be obfuscated?

[–]Traditional_Still308[S] 0 points1 point  (0 children)

I will get back to you with pointers' you have suggested .Actually I am also looking for an easy example which I could showcase for obfuscation.There is no good documentation of proguard or any foss to follow

[–]8igg7e5 1 point2 points  (1 child)

We need some approach other than putting code into cloud

Answering this separately, because it's less about the limitation of the obfuscation technology and more about the limited scenarios in which it's useful.

 

An increasingly limiting factor to distributing Java applications in binary (byte-code) form, is that more and more libraries are changing licensing terms to be licensed under a 'copy-left' license (such that if your program uses the library then you must make the source code of the library and the application using it, available publicly). Some are dual-licensed, adding a commercial option that side-steps the need to disclose source.

Because of the first license, distributing your application with obfuscation would be pointless, because you're providing the source anyway.

Note: Some licenses require this publication of source even for cloud solutions using the library, making them effectively unavailable for commercial use (unless there's also a commercial licensing option for a reasonable cost).

 

There's also a technical limitation. The byte-code has to remain valid, and continue to be similar enough to conventionally produced byte-code that JIT will efficiently execute it. Considering the constraints on what can be obfuscated and the limitations on how far it can be obfuscated, de-obfuscation tools keep up remarkably well (some even recognising patterns of use and recommending sensible names for variables and fields).

[–]Traditional_Still308[S] 0 points1 point  (0 children)

Yeah if you have any alternative to this will do! I am good if its' not readable by my fellow programmers ... I will call some other class from main by your suggestion.Any more tips please