HomeDigital EditionSys-Con RadioSearch Java Cd
Advanced Java AWT Book Reviews/Excerpts Client Server Corba Editorials Embedded Java Enterprise Java IDE's Industry Watch Integration Interviews Java Applet Java & Databases Java & Web Services Java Fundamentals Java Native Interface Java Servlets Java Beans J2ME Libraries .NET Object Orientation Observations/IMHO Product Reviews Scalability & Performance Security Server Side Source Code Straight Talking Swing Threads Using Java with others Wireless XML
 

I remember how I first got into Java. A friend called my attention to these neat little mini applications that could be easily embedded into HTML files. These applets provided a quick way to jazz up even the most mundane Web pages. She showed me some UseNet groups that contained huge libraries of these applets. I soon learned how to go into their code and change (dare I use the word "hack"?) them to fit my needs. Those applets were nobody's property; they were just there for the taking. Some people would come up with clever ways of making them run more efficiently, and would post their findings for all to use. When working with pubic archives, this is all well and good. The problem is many people learned how to hack Java applications that were not public domain. They would download applications, decompile the source and hack it to look like their own.

Today's complicated Java application involves many hours of hard work. Many of us do so under the employment of a company that stands to gain or lose hundreds of thousands of dollars based on the success of the application. We can't take the risk of unethical people using our code to suit their own needs. At the same time, code has to be quick and neat. What we need is a development tool that makes it literally impossible to hack source code without sacrificing speed and efficiency. What's needed is DashO-Pro from preEmptive Solutions.

Obfuscation With Traditional and Advanced Methods
No program is totally safe from decompilers (to claim so would invite big trouble!), but DashO-Pro makes life as difficult as possible for them. Some of the methods used are:

  • The removal of extraneous debugging information from class files.
  • Removal of unused classes, fields and methods for maximum size reduction.
  • Renaming all possible methods, classes and fields. All methods, such as public and private, can be renamed as long as they don't override a method from a non-included class. This process does not effect methods such as init and paint. Renaming reduces all to one or two-character names. Since decompilers have the ability to rename unprintable names back to printable ones, DashO-Pro provides sophisticated renaming properties that can't be bypassed by decompilers.
  • The duplication of constant pool entries. This is a clever feature, as it won't rename multiply-used entries. Suppose the string "testing" is printed while there is a method called "testing;" the string would be printed as is but the method would be renamed.
  • The use of irreducible control flow graphs for obfuscation. These can't be produced in the Java language due to its control structure. Code is changed in such a way that it no longer has an equivalent sequence in Java at the source level.
More Than Just an Obfuscator, It's an Advanced Optimizer, Size Reducer and Packaging System
Anyone who has ever done programming knows the value of correct, efficient code. Traditionally, an optimizer is used to increase code performance. Optimizing tools for Java have been up until now immature at best. DashO-Pro implements many standard optimizing transforms unavailable in today's Java compilers, as well as some new transforms targeted specifically for Java bytecode.

One classic optimization is dead code elimination. DashO-Pro takes this to the nth degree by removing all unused information in your program. preEmptive Solutions has provided the following sample code to demonstrate DashO-Pro's removal techniques:

class MyClass {
int Z;
public static void main(String args[]) {
System.out.println("Hello World");
}

public void doesNothing() {
Z = 5;
OtherClass X = new OtherClass();
X.doOtherThings();
}
}

In this example, DashO-Pro's algorithms detect that the "doesNothing" method is never called: therefore, it is removed along with "OtherClass" and the "Z" variable. DashO-Pro's output only includes the absolute minimum set of classes, methods and fields required by your application. Your code size is minimized, often a desired feature for applets and other code that needs to move around the network.

Using DashO-Pro
DashO-Pro can be run as a command line or GUI application. When running as a command line program there are five runtime options that can be used with DashO-Pro:

  1. -f :force execution. This option, as the name suggests, forces execution, even when your application uses dynamic class loading (e.g,. by using the Class forName method). To use this option, it is necessary to specify all dynamically loaded classes in the configuration file; alternatively, you may allow DashO-Pro to automatically detect possible dynamically loaded classes.
  2. -v :verbose output. When this option is used information is given about the progress of the execution.
  3. -i :investigate only. This option tells DashO-Pro not to create any disk files. A report will be generated which specifies the candidates for removal.
  4. -q :run quietly. In this mode, DashO-Pro runs completely without printed output. Use this option for inclusion into application build sequences. The verbose option will be overridden here.
  5. <configfile> : configuration file. This allows the naming of a specific configuration file, which is required for running DashO-Pro. This is a handy option when using multiple, tailor-made configurations in DashO-Pro. Trigger methods are not entered on the command line, as they must be included in configuration file.
When using the GUI, it is not necessary to write a configuration file, as the GUI is really a front end to the configuration file. The interface is initiated by running the DashO-ProGui class from the jar file. The Windows enthusiast will be delighted to know that double clicking the icon will run the interface. I found the GUI to be well laid out and a snap to move around in.

Figure 1
Figure 1:  When using the GUI, Optimization can be as
simple as clicking on radio buttons.

DashO-Pro's triple feature of optimization, obfuscation and compression makes it an extremely valuable tool in the professional Java developer's bag of tricks. If you have a need to streamline and hide your code, it's a must have!

About the Author
Edward Zebrowski is a technical writer based in Orlando, FL. Ed runs his own Web development company, ZebraWeb, and can be reached on the Net at [email protected]

 

All Rights Reserved
Copyright ©  2004 SYS-CON Media, Inc.
  E-mail: [email protected]

Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.