Solved

Java Application USB Dongle

Posted on 2009-07-11
21
1,050 Views
Last Modified: 2013-11-05
I would like to protect my java application. Only user with usb dongle can use it. But something very disappointing is java can be decompiled. Seems like there is no way to really protect it. Any experienced java programmer can decompile the application and find the portion the control usb dongle and bypass it.

Is there other way to protect java application ?
0
Comment
Question by:CodeSnipper
  • 7
  • 5
  • 4
  • +2
21 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 24829607
You can raise the bar to reverse engineering by using a Java obfuscator
0
 
LVL 92

Expert Comment

by:objects
ID: 24829620
not without using a secure classloader, zelix help http://www.zelix.com, but still easy enough to workaround especially in your situation.
0
 

Author Comment

by:CodeSnipper
ID: 24830447
CEHJ,

Java obfuscator can stop beginner java programmer. A determined programmer still can hack the code. It is just a matter of time :)

0
 
LVL 92

Expert Comment

by:objects
ID: 24830456
You wouldn't even need to be that determined :)  
0
 
LVL 92

Expert Comment

by:objects
ID: 24830463
you really need something stronger than the protection provided by the usb dongle.

0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24830838
Depending on the nature of the application, you might be able to compile to a native executable with gcj. That would make it much harder to reverse engineer
0
 

Author Comment

by:CodeSnipper
ID: 24831007
CEHJ,

Hmmmm. I think gcj is very similiar to JSmooth. Let's me try it out.
0
 

Author Comment

by:CodeSnipper
ID: 24831019
CEHJ,

gcj needs run0tim lib to run the compiled application, where JSmooth will wrap everything into single file to run.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24831040
No: although i don't really know JSmooth, i can see from the blurb that it's just an exe wrapper. That will do little more than save someone the bother of executing the vm directly. It will be encapsulated into an exe file that most probably contains a verbatim copy of the class file(s).

gcj is completely different: it produces full native executables. There is essentially no Java left. This can be compiled both with and without (statically) shared libraries
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:CodeSnipper
ID: 24831138
CEHJ,

gcj does not support full set of java. Is there a list of supported classes ?
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24831173
0
 
LVL 17

Accepted Solution

by:
Thomas4019 earned 150 total points
ID: 24831245
Exclesior JET is a java "jar" to "exe" converter. It does appear to be able to protect you code.

http://www.excelsior-usa.com/jet.html
0
 
LVL 92

Expert Comment

by:objects
ID: 24832766
gcj is still going to be (a lot) less secure than your dongle, and is very limited in capabilities. We've never found it to be actually useful for anything more than toy applications.
0
 
LVL 2

Expert Comment

by:guneshraj
ID: 24834311
I would recommend Excelsior JET,
I used it before & its promising that is if you dong mind the hefty price tag & it does not work on Mac.
It also uses a different type of VM. The earlier versions that I used produced a huge executable file that it did not fit our small usb drive (32 MB at that time), the newer versions would strip the unused part of the jvm, thus the exe's are smaller.

You could also wrap your classes into 1 big EXE file that extracts to memory & runs the application with the standard JVM.

If you are a little exited, you could try IKVM & explore .Net options, that it would be slightly harder to decompile if the output is static & symbols removed.




0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24835146
The particular 'toy application' i use gcj for btw, is Eclipse, which i run after it's been compiled to native code with gcj ;-)
0
 
LVL 2

Expert Comment

by:guneshraj
ID: 24835196
CEHJ, have you tried gcj on Solaris & Mac/Osx?
Im curious to know its support for GUI/X applications.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24835217
No - only on Linux
0
 
LVL 92

Expert Comment

by:objects
ID: 24836461
Its support is limited, and its more crackable than a dongle.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24837733
What get cracked are application binaries, so the dongle has very little to do with it unless it's a special dongle with its own encryption system. In fact, if anything, using the dongle would theoretically make the app more crackable because of the usually relatively primitive file system on usb sticks
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now