Solved

Java Application USB Dongle

Posted on 2009-07-11
21
1,114 Views
Last Modified: 2013-11-05
I would like to protect my java application. Only user with usb dongle can use it. But something very disappointing is java can be decompiled. Seems like there is no way to really protect it. Any experienced java programmer can decompile the application and find the portion the control usb dongle and bypass it.

Is there other way to protect java application ?
0
Comment
Question by:CodeSnipper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 4
  • +2
21 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 24829607
You can raise the bar to reverse engineering by using a Java obfuscator
0
 
LVL 92

Expert Comment

by:objects
ID: 24829620
not without using a secure classloader, zelix help http://www.zelix.com, but still easy enough to workaround especially in your situation.
0
 

Author Comment

by:CodeSnipper
ID: 24830447
CEHJ,

Java obfuscator can stop beginner java programmer. A determined programmer still can hack the code. It is just a matter of time :)

0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 92

Expert Comment

by:objects
ID: 24830456
You wouldn't even need to be that determined :)  
0
 
LVL 92

Expert Comment

by:objects
ID: 24830463
you really need something stronger than the protection provided by the usb dongle.

0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24830838
Depending on the nature of the application, you might be able to compile to a native executable with gcj. That would make it much harder to reverse engineer
0
 

Author Comment

by:CodeSnipper
ID: 24831007
CEHJ,

Hmmmm. I think gcj is very similiar to JSmooth. Let's me try it out.
0
 

Author Comment

by:CodeSnipper
ID: 24831019
CEHJ,

gcj needs run0tim lib to run the compiled application, where JSmooth will wrap everything into single file to run.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24831040
No: although i don't really know JSmooth, i can see from the blurb that it's just an exe wrapper. That will do little more than save someone the bother of executing the vm directly. It will be encapsulated into an exe file that most probably contains a verbatim copy of the class file(s).

gcj is completely different: it produces full native executables. There is essentially no Java left. This can be compiled both with and without (statically) shared libraries
0
 

Author Comment

by:CodeSnipper
ID: 24831138
CEHJ,

gcj does not support full set of java. Is there a list of supported classes ?
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24831173
0
 
LVL 17

Accepted Solution

by:
Thomas4019 earned 150 total points
ID: 24831245
Exclesior JET is a java "jar" to "exe" converter. It does appear to be able to protect you code.

http://www.excelsior-usa.com/jet.html
0
 
LVL 92

Expert Comment

by:objects
ID: 24832766
gcj is still going to be (a lot) less secure than your dongle, and is very limited in capabilities. We've never found it to be actually useful for anything more than toy applications.
0
 
LVL 2

Expert Comment

by:guneshraj
ID: 24834311
I would recommend Excelsior JET,
I used it before & its promising that is if you dong mind the hefty price tag & it does not work on Mac.
It also uses a different type of VM. The earlier versions that I used produced a huge executable file that it did not fit our small usb drive (32 MB at that time), the newer versions would strip the unused part of the jvm, thus the exe's are smaller.

You could also wrap your classes into 1 big EXE file that extracts to memory & runs the application with the standard JVM.

If you are a little exited, you could try IKVM & explore .Net options, that it would be slightly harder to decompile if the output is static & symbols removed.




0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24835146
The particular 'toy application' i use gcj for btw, is Eclipse, which i run after it's been compiled to native code with gcj ;-)
0
 
LVL 2

Expert Comment

by:guneshraj
ID: 24835196
CEHJ, have you tried gcj on Solaris & Mac/Osx?
Im curious to know its support for GUI/X applications.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24835217
No - only on Linux
0
 
LVL 92

Expert Comment

by:objects
ID: 24836461
Its support is limited, and its more crackable than a dongle.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 24837733
What get cracked are application binaries, so the dongle has very little to do with it unless it's a special dongle with its own encryption system. In fact, if anything, using the dongle would theoretically make the app more crackable because of the usually relatively primitive file system on usb sticks
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question