Login/Register
Does compiling Java to native code protect the source code?
Asked Answered
Solved javadecompilinggcj
W

3

5

Now, I know that...

Anything can be reverse engineered, given enough time and resources.

However, would compiling your Java code to native code with a tool like GCJ make it more difficult to decompile? I mean, given a few minutes, I can decompile a .jar using JD-GUI, and it is relatively accurate. Most of the "Java to EXE" converters are just .exe launchers for the JVM, and while there are many benefits to the JVM, I have been led to believe that security of the source code is not one of them.

Bottom line: Can you use something like GCJ to compile your Java source (or .class) files to native machine code, and if so, will that protect it from decompiling?

EDIT: Ideally, it would be something more than just obfuscation. The specific project is a commercial game, so what we are looking for is a way to make it more difficult to get to the source code to begin with, not just understand it. Also, I'm not sure that Steam accepts .jars, and we are planning on submitting it to the new Green Light project.

Whoredom answered 30/8, 2012 at 19:38 Comment(2)
With source code obfuscator , yes!Prognostication
@Whoredom It seems that the programming language does not make any difference (see this older thread). Altitude for example is a Java game. What you'll need to do is use JNI if you need the steamworks-API, since it's only exposed as a C++ library.Exieexigency
R
4

Technically, yes. Using something like GCJ will make it harder to decompile, however keep in mind that you are losing some major benefits of using Java if you do this. Namely, you lose the ability to write cross-platform applications.

You could use an obfuscator to make the code harder to decompile AND still keep the benefits of using Java.

Renoir answered 30/8, 2012 at 19:42 Comment(0)
E
5

I wouldn't choose that approach just for source-security.

Check out some Obfuscator tools out there like ProGuard

If you want to see what those tools do to your source code, just try read the decompiled Minecraft jar if you have one on hand.

A downside to using this is, that if your code depends on using reflection, you'll have to configure the tools to ignore those functions/classes/whatever, as those will not be found at runtime otherwise.

Exieexigency answered 30/8, 2012 at 19:42 Comment(2)
Progaurd isn't an obfuscator per se, it's an optimizer. Optimization just happens to fool weaker decompilers.Godolphin
I don't think that's accurate, actually. ProGuard has separate optimization and obfuscation passes.Marotta
R
4

Technically, yes. Using something like GCJ will make it harder to decompile, however keep in mind that you are losing some major benefits of using Java if you do this. Namely, you lose the ability to write cross-platform applications.

You could use an obfuscator to make the code harder to decompile AND still keep the benefits of using Java.

Renoir answered 30/8, 2012 at 19:42 Comment(0)
P
0

a Source code obfuscator like this , this and this makes your variables, functions, etc... unreadable by other(has no logical meaning). You should read here too!

Prognostication answered 30/8, 2012 at 19:43 Comment(1)
What a scam. It doesn't have any features listed that you can't get more easily for free.Godolphin

© 2022 - 2024 — McMap. All rights reserved.