Java Program Code Obfuscation for Secure Software

What is the mean of Obfuscation?

Obfuscation (or beclouding) is the hiding of intended meaning in communication, making communication confusing, willfully ambiguous, and harder to interpret.[citation needed] The word comes from Latin obfuscatio, from obfuscare (“to darken”), from ob (“over”) and fuscare (“to make dark”), from fuscus (“dark”). Obfustication is a common variant, especially in British English.

 

Protect Your Java Code — Through Obfuscators And Beyond

Reverse engineering of your proprietary applications by unfair competition or malicious hackers may result in highly undesirable exposure of your algorithms and ideas, proprietary data formats, licensing and security mechanisms, and, most importantly, your customers’ data. Here is why Java is particularly weak in this respect compared to C++:

 

What is Progurad ?

ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names. Finally, it preverifies the processed code for Java 6 or higher, or for Java Micro Edition.

Refer-  http://proguard.sourceforge.net/index.html#manual/examples.html

 

How to Use Progurad with Maven for code Obfuscation ? 

It is possible to obfuscate Java Code using Maven targets. It is need to use compatible Maven Plugin with compatible Proguard Version.

It is very easy to use Proguard with Maven. Just need to add correct versions in pom.xml under plugin section.

 

 

Following is working example for Obfuscate java code using Proguard. 

Here jdk version is jdk 1.6.0_45.

1. You have to define compatible versions of Progurad maven plugin and Progurad base plugin.

2. It is possible to set Classes are not to obfuscate. (Public Classes are set as non obfuscate since that classes act as entry point to the Services)

 

Progurad with Maven – Plugin Entry.

Example:- pom.xml


<plugin>
            <groupId>com.github.wvengen</groupId>
            <artifactId>proguard-maven-plugin</artifactId>
            <version>2.0.6</version>
            <dependencies>
                <dependency>
                    <groupId>net.sf.proguard</groupId>
                    <artifactId>proguard-base</artifactId>
                    <version>4.10</version>
                </dependency>
            </dependencies>
            <executions>
               <execution>
                   <phase>package</phase>
                   <goals><goal>proguard</goal></goals>
               </execution>
            </executions>
            <configuration>
                <proguardVersion>4.4</proguardVersion>
                  <obfuscate>true</obfuscate>
                <options>
		<!-- Keep public classes non obfuscate mode-->
              <option>-keep public class * { public protected *; }</option> 
      		</options>
                <libs>
                    <lib>${JAVA_HOME}/jre/lib/rt.jar</lib>
                    <lib>${JAVA_HOME}/jre/lib/jce.jar</lib>
                </libs>
            </configuration>
        </plugin> 

 

 

 

Advertisements
Tagged with: , , , , , , ,
Posted in Obfuscation

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: