| - |
Obfuscators |
License managers |
Saffeine |
| Products |
DashO and Zelix KlassMaster are the most widely known. |
FLEXlm, SentinelLM, Java License Kit. |
Saffeine offers feature driven license management and code protection. |
| Distribution package (jar) |
Jar file structure stays the same - only class file names can be changed.
It is still easy to explore the archive using a jar command
included in JDK, WinZip or FAR manager. Any class can easily be extracted
independently and replaced by a modified version. |
N/A |
Jar file is completely reorganized. Real class files are moved into
secure storage and only a small piece of secure runtime stays open. To see
the real executables would require design of a custom utility. It is also
more difficult to replace a class in secure storage, it would be necessary
to completely remove the runtime, extract all code from secure storage and
create another jar archive. |
| Decompiling code |
Class and method names are mangled. Limited obfuscation for code flow.
There are a lot of tools already available for hackers to decompile and
disassemble the code. |
N/A |
Real code is hidden behind a secure runtime. Only runtime code is
available for any decompiler or disassembler. Protected code can be only
accessed by a custom utility and only if the intruder has a complete
license. The decryption key represents the license, and it is impossible to
break this in a reasonable amount of time. |
| Disassembling code |
Java bytecode for method implementation mostly stays the same and is
still available for disassembling. |
N/A |
| Verification of the features enabled in the license |
N/A |
Proprietary API used in custom code to verify and enable/ disable the
licensed features. There is still an "if" statement that is quite easy to
change to "always true". |
Verification of enabled features is not required because the license
includes keys for decryption of enabled features only. No code is used to
verify if a particular feature is available or not. |
| License validation code |
License validation logic can be decompiled or disassembled. To
try and make this difficult, a developer has to repeat the code multiple
times in different parts of the protected application. Application complexity
therefore increases as does development and testing time. |
No code is required to check if a given feature is enabled or not. If
there is no key to decrypt the particular feature, it will be practically
impossible to break the protection in any reasonable amount of time. |