Laura said:
We have a little Java class file to ship to a client - it will be
package in a JAR.
For security reasons the class file has to be prevented from being
decompiled.
Can anyone recommend a free obfuscater? It has to be free as we have
next to zero budget and it will be used extremely infrequently.
When we ship the JAR to the client, will they need to have any info on
the obfuscater?
Thanks for your help.
Laura,
Up until recently, I was using RetroGuard (
http://www.retrologic.com/)
It was an outstanding tool, and easily integrated into Eclipse through
means of External Tools. But then when I hit their website for the
latest update, I found that they now charge $139/yr for the
non-commercial version. Well... I'm cheap, and I knew Open Source would
come through.
This lead me to ProGuard which was actually spawned from RetroGuard.
And, seeing as it's licensed under GPL it also fits within my budget
constraints.
You can find it at :
http://proguard.sourceforge.net/
You definitely want to read the documentation, and decompile the end
result yourself until you feel "safer" about what you've done. I say
"safer", because a reverse engineer with a keg of coffee, and nothing
better to do with their time is going to be able to make out what you've
done. But, hey, I wouldn't know anything about that.... heheheh.
And, no, provided you do it right, the client doesn't need to know about
the obfuscator.
Regards,
Pavel
<INSERT PLUG HERE> : Special thanks to Mark Welsh, Dirk Schnelle, Eric
Lafortune, and anyone else that maintains and donates to the ProGuard
project. Open Source would be 10000 times better if there were more
donations.
