We know that Java is a cross-platform programming language whose source code (. java files) is compiled into platform-independent bytecode (. class files) and then dynamically linked at run time. In this way, the compiled class file will contain a signed table, which makes it easy to decompile the Java program. It is believed that every Java developer has used an anti-compiler such as Jad to decompile the Java class file to observe the structure and implementation details of the program. As a result, it is a common problem for developers to effectively protect their business investments in Java applications that require strict intellectual property protection.
The Java obfuscation compiler is then turned on to disrupt the symbolic information in the class file, making reverse engineering very difficult.
Jocky is such a good java obfuscation compiler.
There are many commercial and even open source confusing compilers in the industry, but there are a number of such or such problems. In general, the existing obfuscation is confusing a compiled class file, which requires compiling and confusing two steps. In fact, not all symbols need to be confused. If you are developing a class library, or if some classes need to be loaded dynamically, those public APIs (or those that are publish out) must keep the symbols intact, so that others can use your class library. Existing obfuscation provides a GUI or scripting way to configure the names of symbols that need to be preserved, but if the program is large, the configuration will become complex, and once the program is modified, the configuration is restarted. Some of the obfuscation can adjust the order of bytecode, making it more difficult to decompile, but the author experienced the confusion after the program run error situation.
The biggest difference between jocky and other confusing compilers is that it is directly from the source code, which means that the compilation process itself is a confusing process.
The Jocky obfuscation compiler is based on the Java compiler (JAVAC) provided in the Sun JDK, modifies the code generation process, confuses the compiler-generated intermediate code, and finally regenerates the class file, so that compilation and obfuscation can be done in a single step. Alternatively, you can insert a symbol hold directive in the source program to control which symbols need to be preserved, blending the obfuscation process with the development process, without requiring a separate configuration.
1.4 Jocky's role 1.4.1 code obfuscationAs mentioned earlier, confusing compilation is the primary use of Jocky. Let's take one of the simplest examples, the following simplebean is the source file that was obtained after the non-confusing class file was deserialized by Jad:
| 1public class Simplebean implements Serializable{ 2 3 private String name = "MyName"; 4 5 private List myList = null; 6 7 public void Simplebean (){ 8 myList = new ArrayList (10); 9} 10 One public void foo1 () { Mylist.add ("name"); 13} 14 private void Foo2 () { 16} 17 private void WriteObject (Java.io.ObjectOutputStream out) Throws IOException { 20 21} 22 (+} |
| < anti-compilation effects of non-confusing class files > |
The following is a Jocky-obfuscated class file that is generated after a jad decompile:
| 1public class Simplebean implements Serializable{ 2 3 Private String _$2; 4 5 Private List _$1; 6 7 Public Simplebean (){ 8 _$2 = "MyName"; 9 this; Ten JVM INSTR new #4 <class arraylist>; One JVM INSTR dup; JVM INSTR swap; 13 10; ArrayList (); 15 _$1; 16} -public void Foo1 (){ _$1.add ("name"); 19} 20 private void _$1 () { 22} 23 private void WriteObject (ObjectOutputStream objectoutputstream){ Throws IOException { 26} +} |
| <jocky confusing class file anti-compilation effect > |
JDK 5.0 has a number of new features on the syntactic level that can bring convenience to the development of simplified applications. such as generics, enhanced for loops, and autoboxing/unboxing. Unfortunately, if you use these new grammars to develop your application, it means that you cannot run on JDK 1.4, and JDK 1.4 is the most prevalent version of the VM at the moment. Fortunately, another feature of Jocky is the ability to compile applications written in JDK 5.0 syntax into a class file version on JDK 1.4 with parameter configuration. We can open the Jocky compiled class file in UltraEdit, and we can find that the value of the 8th byte (major version of the class file) is 0x30, that is, the decimal 48, which is the version of the class file that JDK 1.4 can understand (JDK 5.0 the default compiled class file version is 49). The premise is that some APIs not in JDK 1.4 are not available in the app.
Ii. usage of Jocky 2.1 general usageUsing Jocky is very simple, after getting jocky.jar, you only need to run Java-jar Jocky.jar can start the jocky obfuscation compiler, Jocky command line arguments and Javac exactly the same, but adds a new parameter-scramble, which is used as follows:
-scramble confusing all package private or private symbolsIn recent years, Ant has become the de facto standard for packaging tools in Java application development. In the application development process, we often have an ant script, through the script, can be used to compile, package, publish a series of processes. Therefore, the best entry point for Jocky is support for Ant.
Using Jocky in Ant is simple:
1. Copy the Lib\jocky-ant.jar to the Ant_home\lib directory.
2. Add such a line of code to the ant script to introduce the Jocky Task
3. Set some basic properties of the Jocky, including: The location of the Jocky.jar package, and the level of obfuscation, as follows:
4. When the Enable property of Jocky is set to True, the Javac compile command in the ant script is automatically replaced with the Jocky compiler, and when the Enable property is set to False, the Javac compile command reverts to normal settings, as shown in the example script:
| 1<project name= "Jocky" default= "Build" > 2<!--introduce Jocky Ant Task to make sure Jocky-ant.jar is in the Ant_home\lib directory-- 3<taskdef resource= "Jockytasks" > </taskdef> 4<target name= "Build" > 5<!--Set the position of the Jocky.jar and the obfuscation level, when enable is true, the Javac task is automatically replaced with jocky obfuscation compiler-- 6<jocky jar= "F:\Works2\Jocky\jocky1.0\lib\jocky.jar" enable= "true" level= "private" > </jocky> 7<!--The following compilation, you will use Jocky to confuse the compiler-- 8<javac destdir= "bin2" debug= "on" source= "1.5" target= "1.4" > 9<SRC path= "src" ></src> 10</javac> 11<!--When enable is false, the Javac task is restored to its normal settings, and the Jocky compiler no longer functions-- 12<jocky enable= "false" ></jocky> 13<!--The following compilation, the normal Javac compiler will be used-- 14<javac destdir= "bin3" debug= "on" target= "1.4" > 15<SRC path= "src" ></src> 16</javac> 17</target> 18</project> |
| <jocky example of ant script > |
Note: Jocky for Ant was developed on Ant 1.6.5 and is recommended for use with this version.
Jocky provides plug-ins for eclipse, allowing you to use Jocky directly in Eclipse.
1. Installation of the Jocky plugin:
Installing the Jocky plugin into eclipse is simple, just copy the eclipse/plugins/org.apusic.jocky_1.0.0 directory to the plugins directory in Eclipse. Or, in the Eclipse/links folder, specify the plug-in directory for the Jocky by means of link.
2. Using Jocky in eclipse:
Using Jocky in Eclipse is also very simple, any Java project, the selection project through the right-click menu, can appear jocky shortcut menu:
| <jocky Right-click menu in Eclipse > |
| <jocky property settings in Eclipse > |
In fact, when using Jocky in Eclipse, Jocky also builds the ant build file (the default name Jocky_build.xml) for the selected project first, and then confuses the compilation with Ant.
The following is an example of an ant build file that Jocky automatically generates in eclipse:
| 1<project basedir= "." default= "Build" Name= "Jocky.example.jocky" > 2<property name= "Jocky.jar" value= "F:\EclipseWTP1.0.8\workspace_jdk5_apusicstudio\org.apusic.jocky\jocky.jar" ></property> 3<property name= "Jocky.output.dir" value= "Jocky" ></property> 4<property name= "Jocky.scramble.level" value= "package" ></property> 5<property name= "target" value= "1.4" ></property> 6<path id= "Project.classpath" > 7<pathelement location= "Bin" ></pathelement> 8</path> 9<target name= "Init" > 10<jocky jar= "${jocky.jar}" level= "${jocky.scramble.level}" ></jocky> 11<mkdir dir= "${jocky.output.dir}" ></mkdir> 12<mkdir dir= "${jocky.output.dir}/bin" ></mkdir> 13</target> 14<target name= "clean" > 15<delete dir= "${jocky.output.dir}/bin" ></delete> 16<delete dir= "${jocky.output.dir}" ></delete> 17</target> 18<target depends= "Init" name= "Build" > 19<echo message= "${ant.project.name}: ${ant.file}" ></echo> 20<jocky enable= "true" ></jocky> 21<javac destdir= "${jocky.output.dir}/bin" target= "${target}" > 22<SRC path= "src" ></src> 23<classpath refid= "Project.classpath" ></classpath> 24</javac> 25</target> 26</project> |
| <jocky example of an auto-generated ant script in Eclipse > |
Note 1: Only Eclipse 3.1.1 and above are supported.
NOTE 2: If the Jocky plugin is not found in eclipse, delete the Eclipse installation directory/configuration/org.eclipse.update folder (maybe an Eclipse bug?).
In addition to controlling symbol obfuscation levels with the-scramble parameter at the command line, you can also use symbol hold directives in your source code to control those symbols that need to be preserved. The symbol hold directive is a Java document Comment Directive that can be inserted into the documentation comments of classes and class members, for example:
| 1/** 2 * This class should preserve. 3 * @preserve 4 */ 5public class Foo { 6/** 7 * You can specify which field should is preserved. 8 * @preserve 9 */ ten private int x; 11 12/** * This field was not preserved. 14 */ the private int y; 16 17/** * You can also preserve methods. * @preserve 20 */ public void Hello () {} 22 23/** * This method was not preserved. 25 */ $ private void Collect () {} 27} |
| < examples of using preserved directives > |
If there is no @preserve directive, the symbol is retained based on the level of confusion and the level of access to the member.
Symbol hold directives for classes can be accompanied by a retention-level parameter to control symbol retention for class members, including:
In fact, even without @preserve instructions, Jocky does not confuse some private-level methods that are specific to the Java language, such as WriteObject and ReadObject methods that have special effects when serializing. However, I strongly recommend that: for these special meaning can not be confused with the private level method or field, please use the @preserve directive to protect.
Note 1: It is recommended to use the IDE's Javadoc settings to assist in the writing of @preserve instructions.
As mentioned earlier, Jocky is a source-code-based obfuscation compiler, so Jocky does not support separate compilation, and all source files must be simultaneously confused and compiled. But in fact, if the obfuscation level is controlled at the private level, the restriction ceases to exist.
Jocky confusing Java code (protecting your Java project)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
