开发者

How to protect my jar resource from extraction?

I want distribute my *.jar file. I mean my application to be us开发者_StackOverflow社区e but i don't want user or anybody extract my resource(sound, pic, and others).

How to protect it?

thx


Invent a DRM mechanism and once they crack it, sue them to death.

No, honestly, what you are trying to achieve is really, really complicated - if not impossible. You would need to encrypt the resources in a way that the key to the encryption mechanism would not be contained within the jar itself (as in hardcoding it in your code - hackers love this).

So you would need your application to open some online connection to a server under your control that would need to be online all the time - and your users would hate you for doing that because of all the trouble this generates (just follow online discussions about recent PC games)... is it really worth it?


This is impossible to do in Java or any language. If something can be used by your program, it can be taken. You can make it a bit more difficult for people, but at the end of the day if they want to steal graphics / sounds they can.

You'd be much better off putting your effort into making graphics and sounds etc which people like and are user-friendly.


This website introduces a JAR protection tool and a protected JAR launcher. The tools work with Java 8 but not with e.g. Java 11. The ideas described in their user manual talks about a ClassLoader encryption method. The provided tools only come as a trial version though but I managed to successfully protect and launch a simple JAR.

secret.txt:

My secret

Main.java:

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;

import static java.lang.invoke.MethodHandles.lookup;
import static java.nio.charset.StandardCharsets.UTF_8;

public class Main
{
    public static void main(String[] arguments) throws Exception
    {
        final byte[] resourceBytes = getResource("secret.txt");
        System.out.println("Secret: " + new String(resourceBytes, UTF_8).trim());
    }

    @SuppressWarnings("SameParameterValue")
    private static byte[] getResource(String filePath) throws Exception
    {
        MethodHandles.Lookup lookup = lookup();
        Class<?> currentClass = lookup.lookupClass();
        try (InputStream inputStream = currentClass.getResourceAsStream("/" + filePath))
        {
            return toByteArray(inputStream);
        }
    }

    private static byte[] toByteArray(InputStream inputStream) throws IOException
    {
        ByteArrayOutputStream buffer = new ByteArrayOutputStream();

        int nRead;
        byte[] data = new byte[16384];

        while ((nRead = inputStream.read(data, 0, data.length)) != -1)
        {
            buffer.write(data, 0, nRead);
        }

        return buffer.toByteArray();
    }
}

JarProtector:

>"C:\Program Files\Java\jdk1.8.0_181\bin\java" -jar JarProtector.jar JarProtectorTest.jar

JarProtectorTrial started...
[1] protecting JarProtectorTest.jar
[1] file protected: JarProtectorTest.car
JarProtectorTrial successfully ended.

JarStarter:

>"C:\Program Files\Java\jdk1.8.0_181\bin\java" -cp JarStarter.jar;JarProtectorTest.car com.bfa.JarStarter Main
Secret: My secret



Our Flash and Java Antidecompilers use a keyless encryption, i.e. don't use hardcoding for encryption key. To make sure that it is sufficient to use any decompiler. Yes, I understand that standard EULA doesn't allow it, but we give such permission by individual request at http://www.bisguard.com/contacts.html
Goog luck

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜