How can I encrypt a Java Applet?

Michael August 17, 2011

How can the code for a Java Applet be encrypted or obfuscated so that it cannot be read by tools such JAD, Mocha and other Java decompilers?

  1. Anonymous
    August 18, 2011 at 7:28 am

    Using AES with Java Technology:
    The java cryptography architecture has full support for this. You could consider using AES for encrypting and decrypting using a pre-determined cipher key.

  2. Jeffery Fabish
    August 17, 2011 at 11:01 pm

    I don't know Java, however for C++ there are applications called "obfuscators" which uses extensive whitespacing, non-inclusve strings, entity renaming and opaque flow control (or Smoke and mirrors) to accomplish obfuscation. 

    One thing you should do is make your application environmentally aware. This is going to be a little bit less helpful for an interpreted language but it's still very helpful. Form a list of blacklisted processes that shouldn't be allowed to run, when your program starts it should check to see if any of these are running, and periodically while the application is running (i.e during a login). You may want to use an encryption library to encrypt your strings which make it harder to read the decompiled code, two fold.

    I also suggest that you make your variable names and function calls cryptic, or very hard to understand what it is they are responsible for doing. Of course, to circumvent developer confusion, document what each function call actually is for yourself. It can be done in Java, contrary to what Mulder said, but it severally limits your ability to use the Reflection API.

    In fact, since Java is a standalone langauge requiring very few dependencies on the OS alone, it's probably the best language to perform code obfuscation on. A good one is open source ProGuard. Here are some articles I'd recommend reading.

    Protect Your Java Code - Through Obfuscators And Beyond
    Protecting Java Code Via Code Obfuscation

    • Mulder
      August 18, 2011 at 3:56 am

      I'm sorry, but you cannot encrypt a Java applet and still have it work. Encryption is the practice of making something unreadable, and thus, unusable. If you encrypt something, you must decrypt it before you can use it, which makes encrypting Java applets pointless. the same principle applies to encrypting email; it must also be decrypted before you can read it.

      • Jeffery Fabish
        August 18, 2011 at 4:19 am

        Please, be respectful and research the questions before you answer. The process is called obfuscation. What do you think these tools do then? You think Microsoft would use dotfuscator if it rendered their code unusable? These days, even malware developers encrypt their programs using tools called "cryptors". 

        You can encrypt strings using encryption libraries. You can obfuscate your code using a variety of techniques. You're right, it must be decrypted before it can be read (which is what I said if you would actually read it), that's what an encryption library will do. You just disagreed with me to agree with me. 

      • Tina
        August 20, 2011 at 6:38 pm

        As far as I know email can be encrypted and decrypted. Why would the same thing not be possible for Java? It requires adequate tools of course.

  3. Mulder
    August 17, 2011 at 9:54 pm

    You can't do that. If you encrypt something, that makes it unreadable, so you can't read it, and neither can any application. There would be no point in encrypting a Java applet. 

Ads by Google