Albert said:
Why do you bother to test this JEncoder? Why don't you use obfuscation instead?
Just search for Java Obfuscator in Google.
Which of the obsfucators actually work?
Most seem to mangle symbol names, but since a (thankfully small) part of
my day job is porting from FORTRAN, they're a good deal less mangled
than a lot of the names I've seen in source code.
The better ones seem to add lots of gotos and branches on constant
tests. An optimising compiler will sort out such control flow logic and
remove the spurious tests, so such code should be able to be decompiled
using the same logic- run it through a bytecode optimiser first. If the
code control flow is sufficiently obscure to fox something of the same
complexity as the class loader or the JIT compiler, then either it won't
verify or it will have a performance hit.
Some encrypt string literals. That may cause some inconvenience to
crackers, as they'd have to call the decryption algorithm included in
the obsfucated class, so the process isn't entirely one of static analysis.
I'm toying with a bytecode optimiser as part of a high level language
compiler for the JVM, and as part of the plan for that language's
debugger is to include decompilation so that anything in the JVM can
then be stepped through as though you had the source code written in the
higher level language (not for cracking as the only Java apps I've seen
cute enough to be worth copying have been open source, such as BCEL, and
it's generally patterns that I copy, not code). When I get something
running I'll be curious how it copes with inspecting and optimizing
spagetti-ized code.
Pete