Your question is actually a very practical one, and there are actually
multiple approaches which will prevent make it extremely difficult for
someone to decompile your bytecode.
When you compile source Java code, known (and publicly available)
methods are used to create bytecode. This is where decompilers came
from - the fact that there is a method for compilation in general
means that it is possible to develop an algorithm for decompilation.
In fact, there are several utilities out there that do exactly that.
The process of obfuscation will convert bytecode into a logical
equivalent version that is extremely difficult for decompilers to pick
apart. Keep in mind that the decompilation process is extremely
complicated and cannot be easily 'tweaked' to bypassed obfuscated
code. Essentially the process is as follows:
1. Compile Java source code using a regular compiler (ie. JDK)
2. Run the obfuscator, passing in the compiled class file as a
parameter. The result will be a different output file (perhaps with a
This file, when renamed as a .class file, will be functionally
equivalent to the original bytecode. It will not affect performance
because a virtual machine will still be able to interpret it.
Here is an article describing this process in more detail and
introducing an early obfuscator, Crema:
(note that since the passing of the creator of Crema, this utility is
not being officially distributed)
Another discussion of decompilation and obfuscation is available at
the IBM developerWorks site:
Jmangle - The Java Class Mangler
"The Jmangle program helps discourage reverse engineering of Java
programs and software piracy by allowing the developer to mangle the
symbols used in the class file. Long descriptive names for classes,
methods and fields can be replaced by meaningless symbols making it
much more difficult to reverse engineer. Jmangle allows the developer
to selectively mangle just the classes internal to the application
while leaving desired public class, method and field names unmangled."
Mangle package, class, method and field names
Control mangling by access control (e.g., public, protected, private, friendly)
Control mangling options on a class by class basis
Strip debugging information
Insert string tags to secretly mark class files as yours
Output map of symbols to mangled symbols
Easy to use graphical user interface, see screenshot.
Command line interface, useful in Makefiles and build scripts
Reduces size of strings in class files for better performance
"Zelix KlassMaster is a utility written in Java that reads and
modifies Java class files. KlassMaster views, edits, obfuscates, and
unobfuscates. It will run on any platform that supports version 1.1.6
of the Java Virtual Machine. Zelix KlassMaster 2.0 builds on 1.0 by
providing a sophisticated name-exclude facility and an advanced script
interface called ZKMScript, complete with its own interactive wizard."
Download Zelix KlassMaster:
"Canner protects your code from reverse engineering by creating a
native Windows executable (EXE file) that contains an encrypted
version of all of your application's classes and resources. The
contents are decrypted in memory as they are requested by the JVM."
Download Cinnabar Canner:
Of course, there are several other similar utilities that you can use
as well. These utilities use many different techniques to obtain (more
or less) the same result. Collectively, they allow conversion to .exe
files (a different process), as well as obfuscation of .class and .jar
files. A comprehensive list is available in the Google Directory:
I hope that the information above gives you sufficient options to
protect your intellectual property. Please let me know if any of the
above information is unclear.
Request for Answer Clarification by
20 Nov 2004 17:14 PST
Thank you, but I need more info. I have looked at obfuscators, but
they aren't good enough because they dont hide the syntax, and more
importantly, they dont hide my constant values (<-- that is the most
valuable part of my program). A snooper could still get the jist of
The Canner app would be perfect... except my program has to run on Linux.
One of your links led to an app called JLock which says it actually
encrypts the code:
This sounds great, but they don't go into too much detail on their
site. Do you have any experience w/ JLock, or any similar products?
Thank you in advance, -t