Results 1 to 15 of 15
Like Tree1Likes
  • 1 Post By Fubarable

Thread: Java code (easy to decompile?)

  1. #1
    vociferor's Avatar
    vociferor is offline Member
    Join Date
    Jun 2011
    Posts
    6
    Rep Power
    0

    Default Java code (easy to decompile?)

    i'm considering using java as a means of developing proprietary software, and my concern is the ease with which pirates may have when they attempt to decompile it.

    Are there any reputable services that assist the java developer in lieu of achieving code obfuscation?

  2. #2
    Dark's Avatar
    Dark is offline Senior Member
    Join Date
    Apr 2011
    Location
    Camp Lejuene, North Carolina
    Posts
    643
    Rep Power
    4

    Default

    Decompilers:
    Google - Decompilers

    Prevention and tips:
    Google - Java Protection
    • Use [code][/code] tags when posting code. That way people don't want to stab their eyes out when trying to help you.
    • +Rep people for helpful posts.

  3. #3
    sunde887's Avatar
    sunde887 is offline Moderator
    Join Date
    Jan 2011
    Location
    Richmond, Virginia
    Posts
    3,069
    Blog Entries
    3
    Rep Power
    8

    Default

    Try here: Open Source Obfuscators in Java

    (disclaimer: I have not used any of these)

  4. #4
    Fubarable's Avatar
    Fubarable is offline Moderator
    Join Date
    Jun 2008
    Posts
    19,316
    Blog Entries
    1
    Rep Power
    26

    Default

    Some thoughts:
    • If someone has strong motivation to decompile/reverse-engineer your program, they're going to be able to do it regardless of the steps you take. Obfuscating might slow them down a little bit, but it's certainly not going to stop them.
    • The likelihood that you will need to worry about obfuscating your code is about the same as for me -- nil to very very low. I mean seriously, a minute ago you were asking about the difference between J2SE and J2EE, and so what are the odds that you're going to create in the next 2 years the next killer app? Sorry, but it's on par with me -- very low.
    Last edited by Fubarable; 06-19-2011 at 02:52 PM.
    KevinWorkman likes this.

  5. #5
    JosAH's Avatar
    JosAH is offline Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    13,541
    Blog Entries
    7
    Rep Power
    20

    Default

    More important then being able to decompile and steal some code is support, maintenance and upgrading services; you get none of them if you steal the code. Companies are much more willing to buy a product safely then stealing and using an illegal copy of some code. Don't worry about it, people can even steal binary machine code. What do they have then except for a large amount of bits? The moment they want an update, service or a possible enhancement they have nowhere to go to.

    kind regards,

    Jos
    cenosillicaphobia: the fear for an empty beer glass

  6. #6
    vociferor's Avatar
    vociferor is offline Member
    Join Date
    Jun 2011
    Posts
    6
    Rep Power
    0

    Default

    touche' JosAH, and these are the general arguments either for or against piracy-related concerns in the software industry.

    I personally feel that when we bring up concerns like, "support, maintenance and upgrading services" we are dealing with the personal (dis)comfort level of any particular pirate. If our software is incredibly intuitive to use (and any great piece of software should be) then support is not a huge factor. As far as bug-fixes are concerned: maintenance and upgrading services become important, but how critical are they really? (this varies from program to program as well as the particular use the pirate wishes to get out of your solution, either short term or long term)

    Basically, in a nut shell, what i'm saying is I do not believe these are such huge factors to your average everyday run off the mill pirate. Of which, there is an ever-growing population.


    when you say, "Companies are much more willing to buy a product safely then stealing and using an illegal copy of some code." you got that right! Especially if your solution is at the epicentre of their business functionality (particularly: financial management software, vendor-related software, or manufacturing and stock-related software). Even the technologically inept who own a company will be very hesitent to use a pirated version of your software, for the sake that it might "call home" and get shut down, or their company get sued (you know, for "damages" that come as a result of not paying for your product in the first place).

    Allow me to play the devil's advocate here though by saying: there are more INDIVIDUALS than Companies, and therefore more individuals willing to circumnavigate the concern of pirating your product.


    I personally feel: there are many who point out various reasons why piracy is "not an issue", though I personally believe it is otherwise, and feel strongly. Can anyone refute my concerns (not particularly concerning Java, but in the software industry in general)? If so, I would be very happy to hear!

    Thanks.
    Vociferor

  7. #7
    Dark's Avatar
    Dark is offline Senior Member
    Join Date
    Apr 2011
    Location
    Camp Lejuene, North Carolina
    Posts
    643
    Rep Power
    4

    Default

    Take Adobe Photoshop for example. The security on it is terrible, and its a costly program. So where do they make their profit? The businesses and those in that career field. The amateur that doesn't use the program for anything then some basic editing here and there can simply torrent a cracked version and be done with it. Now lets look at it from another angle, seeing as the person that just downloaded the cracked version wasn't going to buy it in the first place anyways how much profit did you lose?

    Now the same argument with pirating music. I know a lot of people who are unwilling to put out money on every new band that shows up demanding their presence be known. So they view the music before purchasing the cd to make sure they like the sound. Pirates themselves are only enablers for the public, yet in the full spectrum they barely hurt the market at all. The more protection you put into a piece of software the more inconvenient it is for the legit user.

    StarCraft 2, when I deployed required a connection to the internet. While I'm still out in this forsaken country I cannot play this game that I paid $60 for because I don't have a constant connection to the internet. The only reason they have this feature, is to make it harder for pirates to steal their game. Yet pirates already had semi-playable offline versions of the game within months of the release.

    I stand by Fubar's response, you can't make your software impermeable to piracy. You need to find a way that you would add protection without sacrificing ease of use.
    • Use [code][/code] tags when posting code. That way people don't want to stab their eyes out when trying to help you.
    • +Rep people for helpful posts.

  8. #8
    vociferor's Avatar
    vociferor is offline Member
    Join Date
    Jun 2011
    Posts
    6
    Rep Power
    0

    Default

    Quote Originally Posted by Dark View Post
    Pirates themselves are only enablers for the public, yet in the full spectrum they barely hurt the market at all.
    I strongly disagree with this statement.

    While there are ways to protect against this in the software industry, this is simply not true with what happened to the recording industry which has never been the same since the mass/popular usage of peer to peer networks.

    Quote Originally Posted by Dark View Post
    The more protection you put into a piece of software the more inconvenient it is for the legit user.
    It *can* be, but is not always (generally speaking). The outcome depends entirely on what has been implemented and how.

    in Java's case: there is a way to hide certain source files, then use *other* source files that make calls to those hidden source files located on a server the end-user will never see. However, with Java, there are sacrifices in speed in taking this route. And this is just one example (among many i'm sure) of how implementing security related-features can be disadvantageous for an end user.
    Which is, of course, not to say that this sacrifice in run-time speed is necessarily going to be a huge bummer for all Java programs... but i'm sure it becomes an issue if your code is not optimized for performance, or if it's a large-scale project.

    While there are also excellent examples in other languages where the implementation of security-related features DO NOT affect the end user's overall experience with the software to any incredibly negative degree.
    For instance, in PHP if you employ a means of obfuscating your code you may see an increase of say, 6k to 4MB in the overall size of your prog... but it's not going to be a speed-killer. (a crude example here, I know, just pointing out an idea)


    Again: it depends on WHAT and HOW

  9. #9
    Dark's Avatar
    Dark is offline Senior Member
    Join Date
    Apr 2011
    Location
    Camp Lejuene, North Carolina
    Posts
    643
    Rep Power
    4

    Default

    You suggested a protection method that would require an internet connection, hence ultimately destroying the usefulness of your product. Unless you are willing to pay for some ridiculous internet provider that allows you to surf the internet anywhere in the world, the portability of your product now resides to local areas. Unless your program directly involves with the internet, retrieving files from a server is a terrible idea. It just pisses off the legit consumers who paid for a limited product.
    • Use [code][/code] tags when posting code. That way people don't want to stab their eyes out when trying to help you.
    • +Rep people for helpful posts.

  10. #10
    Skiller is offline Member
    Join Date
    Jan 2011
    Posts
    67
    Rep Power
    0

    Default

    Quote Originally Posted by vociferor View Post
    While there are ways to protect against this in the software industry, this is simply not true with what happened to the recording industry which has never been the same since the mass/popular usage of peer to peer networks.
    Never been the same? Last time I checked they still make many millions of dollars each year and still sell millions of CDs, sure it's not as much as they could be making if there wasn't any piracy but the point is that even with piracy if you have a good product that people want then most people will still pay for it. So it really doesn't hurt things as much as some companies make out, those companies are usually just being greedy and don't want to post anything less than a record profit at the next end of financial year.

    However if you take a look at something that isn't particularly good due to DRM and see what happens to it's sales and reputation (see Spore, or most other games with excessive DRM) then clearly it's better not to use invasive DRM, unless said DRM provides valuable features to the user such as the case in Steam (game digital distribution software from Valve).

    Also if your software is popular enough to really be worried about piracy in the first place then it will be cracked and pirated regardless of what you do, the best you can hope for is delaying the crack from being released but that only matters if you expect most of your sales to be in the first week or two and if I assume correctly that you aren't from a big name company working on a big name product with millions being spent on advertising then you aren't going to get the majority of your sales within that small window of a few weeks that piracy protection methods buy you.

    Really all you need is the minimum protection, just enough to stop someone from being able to distribute it without a crack of some sort, it'll stop casual pirates from stealing your work but you won't have wasted large amounts of time and/or money on piracy protection only to find it's been pirated before you sell your first 100 units.
    Currently developing Cave Dwellers, a Dwarf Fortress/Minecraft style game for Android.

  11. #11
    vociferor's Avatar
    vociferor is offline Member
    Join Date
    Jun 2011
    Posts
    6
    Rep Power
    0

    Default

    Quote Originally Posted by Skiller View Post
    Also if your software is popular enough to really be worried about piracy in the first place then it will be cracked and pirated regardless of what you do, the best you can hope for is delaying the crack from being released but that only matters if you expect most of your sales to be in the first week or two and if I assume correctly that you aren't from a big name company working on a big name product with millions being spent on advertising then you aren't going to get the majority of your sales within that small window of a few weeks that piracy protection methods buy you.
    very valuable insight here, and thank you for this.

    ---

    however, I do highly disagree with you when it comes to the impact P2P networks have had on the music industry. While yes, these corporations are rich as eff-you-see-kay, the amount of money they are losing is Incredibly Significant. Not that i'm sympathizing with them specifically- just see yourself as a vendor of some product whose worth is brought down from 300 million a year to 30 million.

    Yes, 30 million is still A LOT of money to be earning per year on some product. But just because you're STILL getting a lot of money (albeit not collecting that extra 270 M, which you SHOULD be earning and are not earning, due to piracy) doesn't mean it's "okay" because "you're still making a heck of a lot of money".

    Have I misunderstood you on this point?

  12. #12
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    12,016
    Rep Power
    20

    Default

    Quote Originally Posted by vociferor View Post
    very valuable insight here, and thank you for this.

    ---

    however, I do highly disagree with you when it comes to the impact P2P networks have had on the music industry. While yes, these corporations are rich as eff-you-see-kay, the amount of money they are losing is Incredibly Significant. Not that i'm sympathizing with them specifically- just see yourself as a vendor of some product whose worth is brought down from 300 million a year to 30 million.

    Yes, 30 million is still A LOT of money to be earning per year on some product. But just because you're STILL getting a lot of money (albeit not collecting that extra 270 M, which you SHOULD be earning and are not earning, due to piracy) doesn't mean it's "okay" because "you're still making a heck of a lot of money".

    Have I misunderstood you on this point?
    The problem with figures like that (and the music industry uses them a lot) is that it implies that that 270 million is lost sales...

  13. #13
    Dark's Avatar
    Dark is offline Senior Member
    Join Date
    Apr 2011
    Location
    Camp Lejuene, North Carolina
    Posts
    643
    Rep Power
    4

    Default

    They have actually done studies, and the emergence of P2P networking did make the industry take a hit at first. However with the ease of P2P downloading look what companies came about? The iTunes store is a major one, it sells music as convenient as P2P downloading once was. With the current banning on P2P programs like KaZaA, Napster, Morpheus, and LimeWire you will find that almost every previous user has then resorted to legit means of purchasing music.

    The honest consumers outnumber the pirates, and if a pirate wants something then they will surely get it. An article released by MIT explained the use of software security and anti-piracy methods. It went to explain how software is currently being kept secure along with the pros and cons of each method. I wish I had the URL form of it but I only have a PDF.

    It goes to explain that while software shouldn't neglect security, it shouldn't have so much that it interferes with the program itself. It also mentioned what Skiller brought up, your security can only delay a crack or patch.
    • Use [code][/code] tags when posting code. That way people don't want to stab their eyes out when trying to help you.
    • +Rep people for helpful posts.

  14. #14
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    12,016
    Rep Power
    20

    Default

    Quote Originally Posted by Dark View Post
    It goes to explain that while software shouldn't neglect security, it shouldn't have so much that it interferes with the program itself. It also mentioned what Skiller brought up, your security can only delay a crack or patch.
    I seem to remember Valve saying they built security into the early Half Life releases in the knowledge that all they were doing was buying a few weeks. I think it was viewed as a success if they avoided a crack for a fortnight, since that was when they got the bulk of their sales.

  15. #15
    Skiller is offline Member
    Join Date
    Jan 2011
    Posts
    67
    Rep Power
    0

    Default

    Quote Originally Posted by vociferor View Post
    however, I do highly disagree with you when it comes to the impact P2P networks have had on the music industry. While yes, these corporations are rich as eff-you-see-kay, the amount of money they are losing is Incredibly Significant. Not that i'm sympathizing with them specifically- just see yourself as a vendor of some product whose worth is brought down from 300 million a year to 30 million.

    Yes, 30 million is still A LOT of money to be earning per year on some product. But just because you're STILL getting a lot of money (albeit not collecting that extra 270 M, which you SHOULD be earning and are not earning, due to piracy) doesn't mean it's "okay" because "you're still making a heck of a lot of money".
    The problem is that the company will have 0 proof that most of those "lost profits" exist and are entirely due to piracy. There are many reasons that the recording companies would be losing money during the rise of piracy like increasing numbers of competitors, the larger successes of independent artists, new digital outlets, internet radio stations playing more focused selections of music, youtube, creative remixes where the copyright no longer applies and probably most significantly the fact that music was more frequently listened to on portable devices without the space for CDs. The demand for music has also been dropping as other home entrainment options like TV, Movies and console or computer games become more popular and take up the time we otherwise might have listened to music. Piracy is an easy scape goat for these companies to hide lost profits from their inability to compete or provide new services to fulfill public demands. Granted most of that can't be proven either but what should be clear is that their profits would be trending down anyway, no doubt piracy did impact this but not to the extent these companies claim. There's also the fact that these companies treat the number of downloads as being equal to the number of sales lost which is blatantly incorrect, several anonymous surveys (though most targeted at game piracy) have shown that the majority of pirates roughly (between 70% and 90% depending on the survey) would not have bought the product they pirated at the current price if piracy was not an option anyway so they don't actually represent lost profit at all, but many would have bought it if it was as easily available and reasonably priced. Steam released some stats a while ago about their weekend deals saying that when prices were halved sales more than doubled when they were 75% off they had something like a 1500% rise in sales :O, which shows that these kinds of digital products are overpriced and people are willing to buy them at lower prices.

    Also don't forget the backlash that the record companies (in particular sony) received when they tried to protect their music from piracy, there were many lawsuits as what they did was in many places illegal and circumvented a lot of security, and they lost a lot of customer confidence and sales after that which I wouldn't be surprised to hear if it ended up being around the $50m to $100m per year mark, I know I stopped buying CDs after that just in case, and no doubt that was lumped in to the "lost profit due to piracy" bin along with the $20m+ I'd estimate the development of the piracy protection solutions would have cost. And even then IIRC it only took a few weeks for pirates to circumvent anyway (and that's circumvented for all future CDs from that point on too).

    Oh and while gathering some links I also remembered hearing that in some countries these companies can get some tax back on claims of lost profit due to piracy so if that's correct it's in their interests to blow piracy out of proportion as much as they can, they basically get paid to do it.

    Here are a few links to some sources supporting some of my arguments:
    Most pirates say they'd pay for legal downloads | News.com.au
    Gabe DICE Keynote: Steam Holiday Sale + L4D 50% Off Sales Data + Valve Comics! - NeoGAF
    Sony BMG copy protection rootkit scandal - Wikipedia, the free encyclopedia
    Album sales decline as downloads are up - Business - US business - msnbc.com
    Accounting for the big plunge in "music sales": the digital singles effect

    BTW just to clarify, I do think piracy is having a significant impact but no where near what these companies claim, I'd estimate it's only somewhere between 10% and 30% of what they claim, the rest of it BS and their inability to meet the needs of their consumers.


    I find piracy is a really interesting topic, especially since it's so relevant to me as a game developer :).

    Quote Originally Posted by Tolls View Post
    I seem to remember Valve saying they built security into the early Half Life releases in the knowledge that all they were doing was buying a few weeks. I think it was viewed as a success if they avoided a crack for a fortnight, since that was when they got the bulk of their sales.
    Yer that sounds about right, in the games industry as much as 70% of the total sales of a game can happen in the first week or 2 so making sure there's no pirate version available during that period can actually be quite helpful for sales as long as it doesn't negatively impact the game. But there are cases where they go too far to protect the game like in spore and you end up scaring customers into getting the pirate version instead. The classic example is spore which got pwned by millions of 1 star reviews on Amazon.com most of which were only because of the piracy, and then there was the problem that while I had to wait for the release and then experience many problems with my legit version (galaxy edition at that) and the DRM it had, my friends were playing it several days earlier and their pirated versions did not have any of the issues I was having.
    Last edited by Skiller; 06-20-2011 at 06:36 PM.
    Currently developing Cave Dwellers, a Dwarf Fortress/Minecraft style game for Android.

Similar Threads

  1. Writing easy to follow code...
    By N00Bie in forum New To Java
    Replies: 11
    Last Post: 02-21-2011, 10:40 PM
  2. Decompile a *.class file?
    By AVatch in forum New To Java
    Replies: 3
    Last Post: 12-03-2010, 04:03 PM
  3. What's an easy way to test this code?
    By twiggy62 in forum New To Java
    Replies: 2
    Last Post: 02-10-2010, 09:41 AM
  4. New to Java and have an easy question
    By JBOY08 in forum New To Java
    Replies: 1
    Last Post: 11-19-2008, 07:40 PM
  5. Easy Java Assg help!
    By aimeelawrence in forum New To Java
    Replies: 2
    Last Post: 09-19-2008, 10:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •