decompiling class files

  • Thread starter Aryeh M. Friedman
  • Start date
L

Lew

Yes, please.

Mike said:
What about generating empty Javadoc descriptions of all the methods?
(assuming there's enough debug information present to get the parameter
names right.)

Good idea.
 
A

Aryeh M. Friedman

Related question how can I prevent customers from decompiling (at
least in a understandable way) my code when I send it to them (most of
the time this doesn't matter since almost all my work is community
oriented [i.e. a blending of open-source and money])
 
L

Lew

Aryeh said:
Related question how can I prevent customers from decompiling (at
least in a understandable way) my code when I send it to them (most of
the time this doesn't matter since almost all my work is community
oriented [i.e. a blending of open-source and money])

How likely are your customers to do that, what is the risk if they do, and how
could you mitigate that risk without obfuscating your code?
 
A

Aryeh M. Friedman

Aryeh said:
Related question how can I prevent customers from decompiling (at
least in a understandable way) my code when I send it to them (most of
the time this doesn't matter since almost all my work is community
oriented [i.e. a blending of open-source and money])

How likely are your customers to do that

Depends on their honesty because for the most part they are other Java
coders.
, what is the risk if they do,

In the only case that matters it could invalidate a pending patent
application (for a search algorithem that is O(1) for time and space).

In all other cases the source comes along with the product (even the
trial versions).... see http://www.flosoft-systems.com/blogs/aryeh/index.php
(first three enteries)
and how
could you mitigate that risk without obfuscating your code?

No amount of obfuscating will deter a determined customer (one who
wants to avoid the per unit fee associated with linking against my
code)
 
L

Lew

Aryeh said:
In the only case that matters it could invalidate a pending patent
application (for a search algorithem that is O(1) for time and space).

How could it invalidate the patent if they're taking your code to do it?

IANAL so I really would like to understand this. How is it that patent
holders can come after people who've been using their stuff while the patent
was pending? Because they most assuredly have, even for clean-room
implementations.
No amount of obfuscating will deter a determined customer (one who
wants to avoid the per unit fee associated with linking against my
code)

So why obfuscate? Your honest customers won't hack, and your dishonest ones
won't let obfuscation stop them. Wouldn't lawyers be a better deterrent?

I worked for one company, for example, that gave proprietary source code with
their product under a non-disclosure agreement. Customers occasionally
violated the non-disclosure; when they did we found out and took a lot of
money from them.
 
A

Aryeh M. Friedman

How could it invalidate the patent if they're taking your code to do it?

IANAL so I really would like to understand this. How is it that patent
holders can come after people who've been using their stuff while the patent
was pending? Because they most assuredly have, even for clean-room
implementations.

Two reasons:

1. There is a one year time frame to file a patent after the concept
is "published" and source code (regardless of how accessed) is
"publishing"

2. Since I am a one person firm and very under funded (i.e. I am still
at the point of borrowing money to put food on the table sometimes) in
order to fund the patent process (about $20k) I need to license some
aspects of the algorithm (under NDA's).

3. Once patented I plan to release some aspects of it with open source
(not FOSS but the model I mentioned before) under a do not-modify and
re-release independant of me license... i.e. the user can make local
modifications but can not distrubute them... this is only on the
patented portions all other portions will be much more liberal.
So why obfuscate? Your honest customers won't hack, and your dishonest ones
won't let obfuscation stop them. Wouldn't lawyers be a better deterrent?

I worked for one company, for example, that gave proprietary source code with
their product under a non-disclosure agreement. Customers occasionally
violated the non-disclosure; when they did we found out and took a lot of
money from them.

I was thinking of using some form of public key system to encrypt the
code the license server or what ever fetches either the public or
private key (for this purpose they are interchangeable) from a server
in order to make the code executable.... now no amount of this will
prevent someone from say hooking a logic anaylizer up to the address
and data buses and decoding the instruction cycle... but short of that
I want to make it hard
 
?

=?ISO-8859-1?Q?Arne_Vajh=F8j?=

Aryeh said:
3. Once patented I plan to release some aspects of it with open source
(not FOSS but the model I mentioned before) under a do not-modify and
re-release independant of me license... i.e. the user can make local
modifications but can not distrubute them... this is only on the
patented portions all other portions will be much more liberal.

I recommend that you do not call it "open source" unless it meet
OSI definition of that word.

To avoid confusion both about open source and your license.

Arne
 
?

=?ISO-8859-1?Q?Arne_Vajh=F8j?=

Aryeh said:
I was thinking of using some form of public key system to encrypt the
code the license server or what ever fetches either the public or
private key (for this purpose they are interchangeable) from a server
in order to make the code executable.... now no amount of this will
prevent someone from say hooking a logic anaylizer up to the address
and data buses and decoding the instruction cycle... but short of that
I want to make it hard

If your program is to be run as a normal Java program, then the startup
code need to be standard Java byte code. The rest of the code need to be
decrypted to standard Java byte code by the starup code for it to run.

So the bad guys decompile the startup code, modifies it to save a copy
of the decrypted byte code on disk. Which can then be decompiled and
all license and integrity checks be removed.

Hopeless.

Arne
 
A

Aryeh M. Friedman

I recommend that you do not call it "open source" unless it meet
OSI definition of that word.

I call it that only for convince when referring to it by short
hand.... matter of fact the community of like minded developers I
mentioned in blog would probably yell at me more then you are for
doing it.
 
M

Mike Schilling

Arne said:
If your program is to be run as a normal Java program, then the
startup code need to be standard Java byte code. The rest of the code
need to be decrypted to standard Java byte code by the starup code
for it to run.
So the bad guys decompile the startup code, modifies it to save a copy
of the decrypted byte code on disk. Which can then be decompiled and
all license and integrity checks be removed.

I presume that it wouldn't be hard to take an open-source JVM (of which
there are many) and modify it to save a loaded class's bytecode to disk.
Run the result through your hand-dandy decompiler, and Bob's your uncle.
 
A

Almond

If your program is to be run as a normal Java program, then the startup
code need to be standard Java byte code. The rest of the code need to be
decrypted to standard Java byte code by the starup code for it to run.

So the bad guys decompile the startup code, modifies it to save a copy
of the decrypted byte code on disk. Which can then be decompiled and
all license and integrity checks be removed.

A piece of cake.
Hopeless.

Arne

--
The most powerful Usenet tool you have ever heard of.
NewsMaestro v. 4.0.6 - Dictionary Update/Expert Mode has been released.

* Significant improvement in symbol substitution mechanism
for verb tense and plurals.
* Expert mode.
* Miscellaneous improvements and bug fixes.
* Templates generator improvements.
* Multi-job support.

Note: In some previous releases some class files were missing.
As a result, the program would not run.
Sorry for the inconvenience.

Web page:
http://newsmaestro.sourceforge.net/

Download page:
http://newsmaestro.sourceforge.net/Download_Information.htm

Send any feedback, ideas, suggestions, test results to
newsmaestroinfo \at/ mail.ru.

Your personal info will not be released and your privacy
will be honored.
 
H

Hunter Gratzner

The whole patent system has nothing to do with logic. It is something
to keep lawyers busy.
Two reasons:

Maybe one should mention that the patent process is different in
different countries. IANAL, too, but see for an overview
http://en.wikipedia.org/wiki/First_to_file_and_first_to_invent
1. There is a one year time frame to file a patent after the concept
is "published" and source code (regardless of how accessed) is
"publishing"

Something like http://en.wikipedia.org/wiki/On-sale_bar ?
 
J

Joshua Cranmer

Aryeh said:
Related question how can I prevent customers from decompiling (at
least in a understandable way) my code when I send it to them (most of
the time this doesn't matter since almost all my work is community
oriented [i.e. a blending of open-source and money])

Almost all of the obfuscators I have seen are almost trivial to crack,
given a mediocre optimizer, which only does constant value propagation
and dead code elimination, and a good refactorer.

I gave some of my ideas for more powerful obfuscations in
(Subject: Re: Access the classes JAR
file as a ZIP?, Date: Oct. 31, 2007). Most of these revolve around
either making statements invalid in the JLS but valid in the Java VM
spec, or taking advantage of obscure notes in the VM instruction set.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top