Since they obviously dare not suggest what, exactly, they are doing,
my immediate guess is that they're full of crap.
That was my initial thought, and that's why I was surprised when I
failed to break into their encryption.
I already tried the following:
1) I ran the encrypted application with EVENT_CLASS_LOAD_HOOK, in
order to dump the classes there, and failed.
2) I altered the method
java.lang.ClassLoader.defineClass(ProtectionDomain ...) to dump the
classes there, and also failed.
Create a very simple application (one trivial class file for instance)
that you encrypt with their tool and then start looking into what they
actually do. Most probably, they just encrypt the class file and then
install a custom ClassLoader to decrypt it.
I already created an encrypted application (as you suggested).
The encrypted application consists of a dll file, and a jar file
containing entries that are probably my encrypted class files + an
additional class which has practically nothing in it (only a main
method which is calling a native method).
My idea is that they are doing the loading of the classes from the
dll, but even so, they must use some ClassLoader that is not
encrypted, and I couldn't even see that class.
If so, then find the
bootstrap ClassLoader they use to decrypt their own library (if they
require you to distribute such a library for your app to work) or find
the one they added to your app to decrypt your own class files.
I could not find any custom ClassLoader, but still it is impossible
that they are using the default (system) ClassLoader.
Decompile that class to start finding out what they do. Chances are
this will eventually lead you to the algorithm they are using, which
should let you decrypt everything else at your leisure.
I didn't succeed in decompiling anything besides the main class they
added to my encrypted application, which has practically no content.
At best, they have made considerable effort to make it difficult for
you to find out what's actually going on. I seriously doubt they've
found a bullet-proof way of securing the bytecode.
I also had serious doubts about that product, but I am already trying
for some time now to decompile a test application that I encrypted
with this product and till now, failed.
I have already seen some products that suggested java code encryption
in the past, and succeeded in breaking them in no time.
This JEncoder seems to work surprisingly different.
Is this JEncoder really does what it claims to ?
Regards,
Koleho.