Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Obfuscation As a Protection of Intellectual Property

Obfuscation is the process of transforming bytecode to a less human-readable form with the purpose of complicating reverse engineering. It typically includes stripping out all the debug information, such as variable tables and line numbers, and renaming packages, classes, and methods to machine-generated names. Advanced obfuscators go further and change the control flow of Java code by restructuring the existing logic and inserting bogus code that will not execute. The premise of the obfuscation is that the transformations do not break the validity of the bytecode and do not alter the exposed functionality.

Obfuscation is possible for the same reasons that decompiling is possible: Java bytecode is standardized and well documented. Obfuscators load Java class files, parse their formats, and then apply transformations based on supported features. When all the transformations are applied, the bytecode is saved as a new class file. The new file has a different internal structure but behaves just like the original file.

Obfuscators are especially necessary for products and technologies in which the implementation logic is delivered to the user. That is the case for HTML pages and JavaScript where the product is distributed in source code form. Java doesn't fare much better because, even though it is typically distributed in binary bytecode, using a decompiler as described in the previous chapter can produce the source code—which is almost as good as the original.

  • + Share This
  • 🔖 Save To Your Account