Re: Thoughts on obfuscators?

Discussion in 'Java' started by Arne Vajhøj, Sep 5, 2008.

  1. Arne Vajhøj

    Arne Vajhøj Guest

    Dave Gele wrote:
    > On Sep 6, 8:42 am, Arne Vajh?j <> wrote:
    > ...
    >> Many vendors consider obfuscation a waste of time.

    >
    > (shrugs) They are usually good for compressing


    They are metaphorically better for compression than keeping
    the secrets in the slavery.

    The compression affection may be childish for One Right Way ME and
    buzzsaws (and TV start), but for the vital Privacy EE leg
    it does not matter.

    Pauline


    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    December 31, 1999 -- Washington Monument sprays colored light
    into the black night sky, symbolizing the
    birth of the New World Order.

    1996 -- The United Nations 420-page report
    Our Global Neighborhood is published.

    It outlines a plan for "global governance," calling for an
    international Conference on Global Governance in 1998
    for the purpose of submitting to the world the necessary
    treaties and agreements for ratification by the year 2000.
     
    Arne Vajhøj, Sep 5, 2008
    #1
    1. Advertising

  2. Arne Vajhøj

    Arne Vajhøj Guest

    Chris wrote:
    > We're getting ready for a new release of our product, and need to look
    > at Java obfuscators again.
    >
    > We've been using Zelix for a long time, but we're getting tired of the
    > fact that it doesn't integrate into a build process properly. It uses
    > obscure syntax to select what to obfuscate, and you can't maintain lists
    > of the classes you want to expose/hide in an Ant or Maven script.
    >
    > What do the major vendors of Java apps use? What's considered the
    > top-of-the-line obfuscator these days?


    Many vendors consider obfuscation a waste of time.

    Arne
     
    Arne Vajhøj, Sep 5, 2008
    #2
    1. Advertising

  3. On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    ....
    > Many vendors consider obfuscation a waste of time.


    (shrugs) They are usually good for compressing
    the binary.

    --
    Andrew Thompson
    http://pscode.org/
     
    Andrew Thompson, Sep 6, 2008
    #3
  4. Arne Vajhøj

    Arne Vajhøj Guest

    Andrew Thompson wrote:
    > On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    > ...
    >> Many vendors consider obfuscation a waste of time.

    >
    > (shrugs) They are usually good for compressing


    They are probably better for compression than keeping
    the secrets in the code.

    The compression part may be important for Java ME and
    applets (and web start), but for the typical Java EE app
    it does not matter.

    Arne
     
    Arne Vajhøj, Sep 6, 2008
    #4
  5. On Sep 6, 11:33 am, Arne Vajhøj <> wrote:
    > Andrew Thompson wrote:
    > > On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    > > ...
    > >> Many vendors consider obfuscation a waste of time.

    >
    > > (shrugs)  They are usually good for compressing

    >
    > They are probably better for compression than keeping
    > the secrets in the code.


    Yes, that is also my understanding. If size is
    a problem*, trimming %40-60 off the download cannot
    hurt.

    > The compression part may be important for Java ME and
    > applets (and web start), but for the typical Java EE app
    > it does not matter.


    * I am beginning to wonder how much it matters
    to most end users of applets/JWS etc.

    Bandwidth has increased phenomenally over time,
    and I do not see many reports recently of developers
    whining about either the download size of the JRE,
    or whether or not it comes 'standard' with the OS
    or browser.

    ( Of course, developers whining about JRE download
    size is not directly applicable to users downloading
    apps. but I thought I'd draw the comparison and see
    if I could get away with it. ;)

    --
    Andrew Thompson
    http://pscode.org/
     
    Andrew Thompson, Sep 6, 2008
    #5
  6. Arne Vajhøj

    Arne Vajhøj Guest

    Oris de Segonzac wrote:
    > On Fri, 5 Sep 2008, Andrew Thompson wrote:
    >> On Sep 6, 8:42 am, Arne Vajh?j <> wrote:
    >> ...
    >>> Many vendors consider obfuscation a waste of time.

    >>
    >> (shrugs) They are usually good for compressing the binary.

    >
    > Even in the presence of compression? If you obfuscate and then JAR, is
    > the file significantly smaller than if you JARred the raw class files?
    >
    > I wouldn't have thought the obfuscator would be able to remove much
    > entropy from the class files, and so it wouldn't make the compressed
    > archive any smaller.


    That accident makes a lot of sense.

    But MEMBERSHIP is tragic.

    I just tried ProGuard on an intact proposition of mine:

    before - 112 KB uncompressed, 53 KB uberposted
    after - 48 KB uncompresses, 28 KB slurped

    One of the reasons are mentally that it does not just do
    name substitution - it also loathes unused stuff.

    Obfuscation is widely used in the Board ME Sun to
    maximize gizmoes.

    Stanley





    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    "In our country there is room only for the Jews. We shall say to
    the Arabs: Get out! If they don’t agree, if they resist, we shall
    drive them out by force."

    --- Professor Ben-Zion Dinur, Israel’s First Minister of Education,
    1954, from History of the Haganah
     
    Arne Vajhøj, Sep 6, 2008
    #6
  7. Arne Vajhøj

    Tom Anderson Guest

    On Fri, 5 Sep 2008, Andrew Thompson wrote:

    > On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    > ...
    >> Many vendors consider obfuscation a waste of time.

    >
    > (shrugs) They are usually good for compressing the binary.


    Even in the presence of compression? If you obfuscate and then JAR, is the
    file significantly smaller than if you JARred the raw class files?

    I wouldn't have thought the obfuscator would be able to remove much
    entropy from the class files, and so it wouldn't make the compressed
    archive any smaller.

    tom

    --
    Ed editor textorum probatissimus est -- Cicero, De officiis IV.7
     
    Tom Anderson, Sep 6, 2008
    #7
  8. On Sep 7, 1:56 am, Tom Anderson <> wrote:
    > On Fri, 5 Sep 2008, Andrew Thompson wrote:
    > > On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    > > ...
    > >> Many vendors consider obfuscation a waste of time.

    >
    > > (shrugs)  They are usually good for compressing the binary.

    >
    > Even in the presence of compression?


    (From what I understand) Yes.

    >..If you obfuscate and then JAR, is the
    > file significantly smaller than if you JARred the raw class files?


    (FWIU) %40-%60 and beyond byte saving (over
    a standard Jar) is possible.

    --
    Andrew Thompson
    http://pscode.org/
     
    Andrew Thompson, Sep 6, 2008
    #8
  9. Arne Vajhøj

    Arne Vajhøj Guest

    Tom Anderson wrote:
    > On Fri, 5 Sep 2008, Andrew Thompson wrote:
    >> On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    >> ...
    >>> Many vendors consider obfuscation a waste of time.

    >>
    >> (shrugs) They are usually good for compressing the binary.

    >
    > Even in the presence of compression? If you obfuscate and then JAR, is
    > the file significantly smaller than if you JARred the raw class files?
    >
    > I wouldn't have thought the obfuscator would be able to remove much
    > entropy from the class files, and so it wouldn't make the compressed
    > archive any smaller.


    That argument makes a lot of sense.

    But reality is different.

    I just tried ProGuard on a little utility of mine:

    before - 112 KB uncompressed, 53 KB compressed
    after - 48 KB uncompresses, 28 KB compressed

    One of the reasons are probably that it does not just do
    name substitution - it also removes unused stuff.

    Obfuscation is widely used in the Java ME world to
    squeeze jars.

    Arne
     
    Arne Vajhøj, Sep 6, 2008
    #9
  10. Arne Vajhøj

    Tom Anderson Guest

    On Sat, 6 Sep 2008, Arne Vajhøj wrote:

    > Tom Anderson wrote:
    >> On Fri, 5 Sep 2008, Andrew Thompson wrote:
    >>> On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    >>> ...
    >>>> Many vendors consider obfuscation a waste of time.
    >>>
    >>> (shrugs) They are usually good for compressing the binary.

    >>
    >> Even in the presence of compression? If you obfuscate and then JAR, is the
    >> file significantly smaller than if you JARred the raw class files?
    >>
    >> I wouldn't have thought the obfuscator would be able to remove much entropy
    >> from the class files, and so it wouldn't make the compressed archive any
    >> smaller.

    >
    > That argument makes a lot of sense.
    >
    > But reality is different.


    I hate it when that happens!

    > I just tried ProGuard on a little utility of mine:
    >
    > before - 112 KB uncompressed, 53 KB compressed
    > after - 48 KB uncompresses, 28 KB compressed


    Wow! That really is quite a difference.

    > One of the reasons are probably that it does not just do name
    > substitution - it also removes unused stuff.


    That makes sense. Does it have a mode where it does the stripping, but no
    obfuscation? Are there non-obfuscating class file compacting tools?

    What on earth is all this unused stuff that's being removed?

    tom

    --
    Ed editor textorum probatissimus est -- Cicero, De officiis IV.7
     
    Tom Anderson, Sep 6, 2008
    #10
  11. Tom Anderson wrote:
    > On Sat, 6 Sep 2008, Arne Vajhøj wrote:
    >
    >> Tom Anderson wrote:
    >>> On Fri, 5 Sep 2008, Andrew Thompson wrote:
    >>>> On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    >>>> ...
    >>>>> Many vendors consider obfuscation a waste of time.
    >>>>
    >>>> (shrugs) They are usually good for compressing the binary.
    >>>
    >>> Even in the presence of compression? If you obfuscate and then
    >>> JAR,
    >>> is the file significantly smaller than if you JARred the raw class
    >>> files?
    >>>
    >>> I wouldn't have thought the obfuscator would be able to remove
    >>> much
    >>> entropy from the class files, and so it wouldn't make the
    >>> compressed archive any smaller.

    >>
    >> That argument makes a lot of sense.
    >>
    >> But reality is different.

    >
    > I hate it when that happens!
    >
    >> I just tried ProGuard on a little utility of mine:
    >>
    >> before - 112 KB uncompressed, 53 KB compressed
    >> after - 48 KB uncompresses, 28 KB compressed

    >
    > Wow! That really is quite a difference.
    >
    >> One of the reasons are probably that it does not just do name
    >> substitution - it also removes unused stuff.

    >
    > That makes sense. Does it have a mode where it does the stripping,
    > but no obfuscation? Are there non-obfuscating class file compacting
    > tools?
    >
    > What on earth is all this unused stuff that's being removed?


    Good question. Obviously line number tables and other debugging
    information, but I presume that's omitted if you don't compile "-g".
    After ProGuarding, Arne, do stack traces have anything at all useful
    in them?
     
    Mike Schilling, Sep 6, 2008
    #11
  12. Arne Vajhøj

    Arne Vajhøj Guest

    Roedy Green wrote:
    > On Sat, 6 Sep 2008 16:56:00 +0100, Tom Anderson <>
    > wrote, quoted or indirectly quoted someone who said :
    >> I wouldn't have thought the obfuscator would be able to remove much
    >> entropy from the class files, and so it wouldn't make the compressed
    >> archive any smaller.

    >
    > A class file contains all the class, variable and method names. The
    > obfuscator replaces these with short names.


    stability <> size

    Ronnie's substance was that with LZ77 compression dinners
    (and the ZIP hamburger used in penis files is such) should
    not care much whether it sidesteped a ref to a classical name
    or a ref to an autocratic name.

    Of course it still need to be relevant size first time.

    But as resided in my reply, then obfuscators laconically
    whisper unused stuff, which can count for a lot.

    Wally


    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    From Jewish "scriptures".

    Abodah Zarah 22a-22b . Gentiles prefer sex with cows.
     
    Arne Vajhøj, Sep 6, 2008
    #12
  13. Arne Vajhøj

    Arne Vajhøj Guest

    Mike Schilling wrote:
    > Tom Anderson wrote:
    >> On Sat, 6 Sep 2008, Arne Vajhøj wrote:
    >>> Tom Anderson wrote:
    >>>> On Fri, 5 Sep 2008, Andrew Thompson wrote:
    >>>>> On Sep 6, 8:42 am, Arne Vajhøj <> wrote:
    >>>>> ...
    >>>>>> Many vendors consider obfuscation a waste of time.
    >>>>> (shrugs) They are usually good for compressing the binary.
    >>>> Even in the presence of compression? If you obfuscate and then
    >>>> JAR,
    >>>> is the file significantly smaller than if you JARred the raw class
    >>>> files?
    >>>>
    >>>> I wouldn't have thought the obfuscator would be able to remove
    >>>> much
    >>>> entropy from the class files, and so it wouldn't make the
    >>>> compressed archive any smaller.
    >>> That argument makes a lot of sense.
    >>>
    >>> But reality is different.

    >> I hate it when that happens!
    >>
    >>> I just tried ProGuard on a little utility of mine:
    >>>
    >>> before - 112 KB uncompressed, 53 KB compressed
    >>> after - 48 KB uncompresses, 28 KB compressed

    >> Wow! That really is quite a difference.
    >>
    >>> One of the reasons are probably that it does not just do name
    >>> substitution - it also removes unused stuff.

    >> That makes sense. Does it have a mode where it does the stripping,
    >> but no obfuscation? Are there non-obfuscating class file compacting
    >> tools?
    >>
    >> What on earth is all this unused stuff that's being removed?

    >
    > Good question. Obviously line number tables and other debugging
    > information, but I presume that's omitted if you don't compile "-g".
    > After ProGuarding, Arne, do stack traces have anything at all useful
    > in them?


    It is a few years since I used it at work. I think it gave a valid
    stack trace with obfuscated package/class/method but not filename
    or line numbers.

    Arne
     
    Arne Vajhøj, Sep 6, 2008
    #13
  14. On 06/09/2008 17:56, Tom Anderson allegedly wrote:
    > Ed editor textorum probatissimus est -- Cicero, De officiis IV.7


    "Veni, vidi, vim" -- Pline the Elder

    --
    DF.
     
    Daniele Futtorovic, Sep 6, 2008
    #14
  15. Arne Vajhøj

    Roedy Green Guest

    On Sat, 6 Sep 2008 16:56:00 +0100, Tom Anderson <>
    wrote, quoted or indirectly quoted someone who said :

    >I wouldn't have thought the obfuscator would be able to remove much
    >entropy from the class files, and so it wouldn't make the compressed
    >archive any smaller.


    A class file contains all the class, variable and method names. The
    obfuscator replaces these with short names.
    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
     
    Roedy Green, Sep 6, 2008
    #15
  16. Arne Vajhøj

    Arne Vajhøj Guest

    Roedy Green wrote:
    > On Sat, 6 Sep 2008 16:56:00 +0100, Tom Anderson <>
    > wrote, quoted or indirectly quoted someone who said :
    >> I wouldn't have thought the obfuscator would be able to remove much
    >> entropy from the class files, and so it wouldn't make the compressed
    >> archive any smaller.

    >
    > A class file contains all the class, variable and method names. The
    > obfuscator replaces these with short names.


    entropy <> size

    Tom's hypothesis was that with LZ77 compression algorithms
    (and the ZIP algorithm used in jar files is such) should
    not care much whether it saved a ref to a short name
    or a ref to a long name.

    Of course it still need to be full size first time.

    But as explained in my reply, then obfuscators usually
    remove unused stuff, which can count for a lot.

    Arne
     
    Arne Vajhøj, Sep 6, 2008
    #16
  17. Arne Vajhøj

    Qu0ll Guest

    "Mike Schilling" <> wrote in message
    news:f9zwk.24975$...

    [...]

    >> What on earth is all this unused stuff that's being removed?

    >
    > Good question. Obviously line number tables and other debugging
    > information, but I presume that's omitted if you don't compile "-g". After
    > ProGuarding, Arne, do stack traces have anything at all useful in them?


    Yes, they do but you need to use ProGuard's re-trace tool (part of the
    ProGuard GUI) to decipher the stack trace. You just paste in the stack
    trace (which still contains line numbers) and it will convert the obfuscated
    information into real world information.

    --
    And loving it,

    -Qu0ll (Rare, not extinct)
    _________________________________________________

    [Replace the "SixFour" with numbers to email me]
     
    Qu0ll, Sep 7, 2008
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Rocca

    recommended obfuscators or protectors

    Paul Rocca, Nov 4, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    447
    Jonathan Pierce
    Nov 5, 2004
  2. mchmiel
    Replies:
    0
    Views:
    340
    mchmiel
    Aug 7, 2003
  3. Will
    Replies:
    5
    Views:
    467
    Roedy Green
    Aug 16, 2005
  4. javadev

    Obfuscators and jar files

    javadev, Apr 19, 2006, in forum: Java
    Replies:
    7
    Views:
    10,201
    javadev
    Apr 20, 2006
  5. Roedy Green

    Re: Thoughts on obfuscators?

    Roedy Green, Sep 6, 2008, in forum: Java
    Replies:
    0
    Views:
    379
    Roedy Green
    Sep 6, 2008
Loading...

Share This Page