B
Bent C Dalager
The usual case of this would be when you have only one customer (you
could be a defense contractor perhaps). I'm not so sure this is
enviable
Cheers
Bent D
The usual case of this would be when you have only one customer (you
could be a defense contractor perhaps). I'm not so sure this is
enviable
Cheers
Bent D
M
Mark Thornton
Eric said:
That would be true if people didn't sell or otherwise pass on the
results of their cracking. In the absence of legal measures, if someone
wants ten copies it could be worth paying 5 times the single copy cost
to crack the software.
There is one bullet proof method of protection: include enough bugs that
any user has to have a support contract for the software to be
effective. Hmmm rather like a central server based system --- you have
to ring the support line to obtain the 'key' to advance to the next step!
Mark Thornton
B
Brandon Blackmoor
No, Bent C Dalager wrote that.
D
David Zimmerman
Roedy said:
It comes with a Solaris .so and the build process builds a shell script
J
Joona I Palaste
^^^^^
Spelling mistake: should be naïve.
--
/-- Joona Palaste ([email protected]) ---------------------------\
| Kingpriest of "The Flying Lemon Tree" G++ FR FW+ M- #108 D+ ADA N+++|
| http://www.helsinki.fi/~palaste W++ B OP+ |
\----------------------------------------- Finland rules! ------------/
"Ice cream sales somehow cause drownings: both happen in summer."
- Antti Voipio & Arto Wikla
K
Koleho
Bent said:
You are right about that. That's why I posted my question in the
newsgroup in the first place, to get ideas of how to test this
JEncoder.
Regards,
Koleho
A
Albert
Why do you bother to test this JEncoder? Why don't you use obfuscation instead?
Just search for Java Obfuscator in Google.
P
pete kirkham
Albert said:
Which of the obsfucators actually work?
Most seem to mangle symbol names, but since a (thankfully small) part of
my day job is porting from FORTRAN, they're a good deal less mangled
than a lot of the names I've seen in source code.
The better ones seem to add lots of gotos and branches on constant
tests. An optimising compiler will sort out such control flow logic and
remove the spurious tests, so such code should be able to be decompiled
using the same logic- run it through a bytecode optimiser first. If the
code control flow is sufficiently obscure to fox something of the same
complexity as the class loader or the JIT compiler, then either it won't
verify or it will have a performance hit.
Some encrypt string literals. That may cause some inconvenience to
crackers, as they'd have to call the decryption algorithm included in
the obsfucated class, so the process isn't entirely one of static analysis.
I'm toying with a bytecode optimiser as part of a high level language
compiler for the JVM, and as part of the plan for that language's
debugger is to include decompilation so that anything in the JVM can
then be stepped through as though you had the source code written in the
higher level language (not for cracking as the only Java apps I've seen
cute enough to be worth copying have been open source, such as BCEL, and
it's generally patterns that I copy, not code). When I get something
running I'll be curious how it copes with inspecting and optimizing
spagetti-ized code.
Pete
M
Mark Lambert
Anyone who went to the Java Performance Myths presentation at JavaOne will
never use an obfuscator again because of the performance hit they will get.
The JVM looks for common bytecode patterns in order to optimize and if the
patterns have been obfuscated....
never use an obfuscator again because of the performance hit they will get.
The JVM looks for common bytecode patterns in order to optimize and if the
patterns have been obfuscated....