2

BIS Guard's Java Antidecompiler is an application that you can purchase that claims:

Java Antidecompiler protects java byte-code against decompilers, any binary viewers/editors, prevents reverse engineering, and plagiarism of your software. It combines an obfuscation technique, java cryptography, and the original BIS Guard & Co. technology. The high protection level allows you to hard-code passwords, dates and other private data secure enough to protect your java applications from stealing. The new sonar algorithm prevents class loading interception, class dumping and all other existing to the moment hacker attacks. Code is completely encrypted and hidden both from hackers and from customers.

They vaguely explain how it works here, though, I tend to not be able to believe all that. Is it really possible to do all that? Also, is it possible to really "prevent class loading interception, class dumping and all other existing to the moment hacker attacks" The last thing is, this software is on a shoddy website and is barely found anywhere else on the web; is anyone able to vouch for its validity?

User
  • 33
  • 1
  • 5
  • 2
    My personal experience with obfuscators is that they don't work. Sure, they might produce fancy errors in the common bytecode debugging tools and sure, they might have some cool encryption/virtualization/whatnot - but in the end it's just bytecode in the jvm. The obfuscation factor is basically always zero simply because java is a VM language and at some point in time the code has to be executed. If you seek to protect your code from being looked at use a lawyer. They're much more effectice than software gimmicks. – BlueWizard Feb 21 '18 at 05:47

1 Answers1

8

No, these do not work in the way claimed. They do not and cannot prevent reverse engineering and decompiling. The most they can possibly do is obfuscate Java to make it more difficult to understand, but it will still always be possible to analyze manually. Any software that claims it prevents "all other existing hacker attacks" is snake oil, pure and simple. If code is running on someone's computer, they can see anything the code does, did, could do, and will do, and can influence it for testing at will.

See Link and Link, which mention techniques and tools used for obfuscating Java, and why it is often futile (or actively harmful) to do so for security or intellectual property reasons. If you absolutely want to obfuscate your Java in spite of the answers here, you should at least use a less sketchy product. The ProGuard software mentioned in the linked answer is free and open source.

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
forest
  • 64,616
  • 20
  • 206
  • 257