1. Copyright notice
This article describes how to use serial numbers to load encrypted class files.
The Resin hessian mentioned in this article is the registered product name of Caucho, which is owned by caucho.
This article can be reproduced, but the author's Blog address must be noted:
Http://blog.111cn.net/oldjavaman
2. Applicable objects of this article
As a technician, the technical details in this article involve the basic knowledge of the Java language. Before reading this article, you should understand the Java dynamic loading Class mechanism and general knowledge about Java encryption, in addition, this article assumes that you have the basic web development capabilities to understand the operation process of jsp and servlet.
3. How to read
You can download the Jar files and encryption tools used in this article at the following address:
Http://www.collegesoft.com.cn/download/licenceClient_1.0.3.jar
Download the encryption tool:
Http://www.collegesoft.com.cn/download/encryption.exe
Concerning the generation of serial numbers, we will not publish them publicly for the sake of protecting the company's products. Interested colleagues can use mail to communicate with me.
4. Overview
4.1. Reasons for encrypting Java source code
Java source code is compiled and executed in JVM. Because the JVM interface is completely transparent, Java class files can be easily converted to source code through the anti-compiler. Therefore, all algorithms and class files can be made public in the form of source code, so that the software cannot be protected. To protect the property rights, the following methods can be used:
(1) for "fuzzy" files, replace the file name and method with 000OOoo. Of course, if you have enough patience to convert these codes into codes that you can understand, not difficult.
(2) popular encryption tools encrypt source files, such as PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard ). In this case, the end user must decrypt the application before running it. However, after decryption, the end user has a non-encrypted class file, which is no different from the pre-encryption.
(3) encrypt Class files. During running, JVM uses a custom Class Loader to decrypt Class files. The mechanism of importing bytecode to Java runtime implies that the bytecode can be modified. Every time the JVM loads a class file, it needs an object called ClassLoader, which loads the new class into the running JVM. JVM provides ClassLoader with a class to be loaded (for example, java. lang. object) name string, then the ClassLoader is responsible for finding the Class file, loading the original data, and converting it into a Class Object.
The user downloads encrypted class files and decrypts them when they are loaded. Therefore, they can be seen as an instant encryptor. Since the decrypted bytecode file will never be stored in the file system, it is difficult for the hacker to obtain the decrypted code.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
