将java代码编译为exe(例如使用Launch4Java)是否可以确保代码不能被逆向工程?

发布于 2024-08-21 07:05:50 字数 125 浏览 9 评论 0原文

经过我自己的实验,我确信 Java 代码混淆在防止逆向代码工程方面并不安全。 因此,我转而使用 Launch4J 将我的核心 jar 文件之一捆绑到单个 EXE 文件中。 jar 文件还包含主要的入口方法。 这会再次保护代码逆向工程吗?

After experimenting myself, I am convinced that java code obsfucation is not safe in terms of preventing reverse code engineering.
So, I turn to using Launch4J to bundle one of my core jar file into a single EXE file. The jar file contains the main entry method as well.
Is this going to protect again code reverse engineering?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

愿得七秒忆 2024-08-28 07:05:50

如果计算机可以运行它,那么人类就可以对其进行逆向工程。

If a computer can run it, a human can reverse engineer it.

旧夏天 2024-08-28 07:05:50

Launch4J 不会将您的 Java 代码转换为本机可执行代码,它只是提供一个本机启动器来查找 JDK 并将您的 JAR 作为资源(无论是否打包在可执行文件中)。这只是一种便利,而不是安全。如果您的 JAR 位于可执行文件的外部,则有人可以像常规 Java 应用程序一样对您的代码进行逆向工程。如果您的 JAR 被打包到可执行文件中 - 据推测,有人编写了逻辑以将 JAR 包装在可执行文件中,并且有人可以编写逻辑以从可执行文件中解开 JAR(或使用可以从可执行文件中提取资源的众多工具之一) - 然后可以像常规 Java 应用程序一样对您的代码进行逆向工程。

Launch4J doesn't translate your Java code into native executable code, it just provides a native launcher that looks for a JDK and has your JAR as a resource (either packaged inside the executable or not). This is just a convenience - not security. If your JAR is external to the executable, someone can reverse engineer your code like a regular Java application. If your JAR is packaged into the executable - Presumably, someone programmed the logic to wrap the JAR in the executable, and someone can program the logic to unwrap the JAR from the executable (or use one of many tools that can extract resources from executables) - and can then reverse engineer your code like a regular Java application.

分开我的手 2024-08-28 07:05:50

简而言之,您无法阻止代码被逆向工程。

  • 您已经注意到混淆有什么好处(实际上没有什么好处
  • 类切片/组合(有目的地混合'匹配各种类以破坏代码的逻辑结构 )也不会那么有帮助,特别是当你必须调试这个怪物时。
  • 您也无法真正加密/混淆字节码,因为在字节码到达您的自定义类加载器之后,它已经恢复为完全可读的格式。 更多信息请参见此处

即使您的代码受到保护,它也可以被监控。也许在字节码级别,也许在 ASM 级别,这并不重要 - 重要的是当人们可以监视正在执行的代码时,它也可以被逆向工程。有些方法确实比其他方法花费更多时间,但并非不可能。

停止思考通过模糊实现安全,而是开始分析真正的安全等问题。并相应地修复它们。防止逆向工程——即使它不是徒劳的——也不会神奇地解决软件的问题。

Simply put, you can't prevent your code from being reverse engineered.

  • You've already noticed yourself what obfuscation benefits (nothing much, really)
  • Class slicing/combining (purposefully mix'n'match various classes to break the logical structure of the code) isn't going to be that helpful either, especially when you have to debug the monstrosity.
  • You also can't really encrypt/obfuscate the bytecode either because after the bytecode has hit your custom ClassLoader, it's already back in completely readable format. More information here.

Even if you'd get the code protected, it can be monitored. Maybe on bytecode level, maybe on ASM level, that doesn't matter - what matters is that when one can monitor the code being executed, it can also be reverse engineered. Some methods do take more time than others but there isn't a case where it would be impossible.

Stop thinking in the terms of security through obscurity and instead start analyzing the real security etc. issues you have and fix them accordingly. Preventing reverse engineering - even if it wouldn't be an exercise in futility - isn't going to magically fix the problems of your software.

我最亲爱的 2024-08-28 07:05:50

我已经通过 jar 对 exe(从 launch4j 生成)进行了逆向工程。
如果您错过了 jar 文件并且只有 exe,请按照以下步骤检查源代码。

  1. 假设你的exe名称是xyz.exe将其重命名为xyz.exe.zip
  2. 转到RAD/eclipse为ex: temp创建一个jave项目。
  3. 转到文件选择导入,导入窗口将打开。
  4. 转到“常规”并选择“存档文件”,然后单击“下一步”。
  5. 在存档文件窗口中,单击“浏览”并选择您的 zip(例如:xyz.exe.zip)。
  6. 在“进入文件夹”中,选择目标路径,我选择了创建的 jave 项目临时文件,然后单击“完成”。
  7. 您可以在上面的项目中看到所有 .class 文件。
  8. jd-gui中打开您需要检查源的.class文件,您可以看到src

I have performed reverse engineering on exe(generated from launch4j) over a jar.
Following are the steps which followed to check the source if you have missed the jar file and only have exe.

  1. suppose your exe name is xyz.exe rename it to xyz.exe.zip
  2. Go to RAD/eclipse create a jave project for ex: temp.
  3. Go to file select Import, Import window will get open.
  4. Go to General and select Archive File an click on Next.
  5. In Archive file window click browse and select your zip(for ex: xyz.exe.zip)
  6. In Into folder select destination path here I have selected created jave project temp an click on Finish.
  7. you can see your all .class file in the above project.
  8. In jd-gui you open the .class file which source you need to check, you can see the src.
苄①跕圉湢 2024-08-28 07:05:50

如果将可执行文件从 .exe 重命名为 .zip,您将能够查看所有 .class 文件以及从 .jar 重命名为 .zip 之类的内容,并且可以使用 http://java.decompiler.free.fr 人们仍然可以查看您的源代码。

If you rename the executable file from .exe to .zip you'll be able to view all .class files and stuff like renaming from .jar to .zip, and with an decompiler like http://java.decompiler.free.fr people will still be able to view your source-code.

罪歌 2024-08-28 07:05:50

它应该。然而,这样就忽略了 Java 的全部意义。

It should. However that would be missing the whole point of Java.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文