Commonly used protection technology
Due to the high level of abstraction Java byte code, so they are more likely to be decompiled. This section describes several commonly used methods for protecting a Java bytecode not be decompiled. Typically, these methods can not absolutely prevent the program from being decompiled, but only increase the difficulty of decompilation, because these methods has its own environment and weaknesses.
1. isolation Java program
The easiest way is to let the user can not access to the Java Class program, this method is the most fundamental way, there are many ways to achieve concrete. For example, developers can be critical Java Class on the server side, client access to services through the relevant interface to access the server, rather than direct access to the Class file. So there is no way hackers decompile Class file. Currently, standards and protocols provide services through the interface more and more, such as HTTP, Web Service, RPC and so on. But there are not many applications for this protection, such as for stand-alone operation of the program can not be isolated from a Java program. This protection shown in Figure 1.
1 a schematic view of FIG isolation Java program
2. Class files are encrypted
to prevent Class files directly decompiled, many developers Class some key files are encrypted, e.g. etc. registration code, serial number management related. Before using these encrypted category, the program first needs to be decrypted for these classes, these classes are then again loaded into the JVM them. Decryption of these classes can be done by the hardware, you can also use the software.
When implementing, often by developers to complete the custom ClassLoader class loads encrypted class (note that for reasons of security, Applet can not support custom ClassLoader). Custom ClassLoader locate the encrypted first class, then decrypts the decrypted last class loading them into the JVM. In this protection mode, custom ClassLoader class is critical. Because it itself is not encrypted, so it may become the target of hacker attacks first. If the relevant decryption key and algorithm are overcome, then the encrypted class can easily be decrypted. This protection is shown in Figure 2. 
FIG. 2 a schematic diagram for file encryption Class
3. converted to native code
to native code conversion program is also an effective method for preventing the decompilation. Because the native code is often difficult to decompile. Developers can select the entire application is converted to native code, the key can also choose to block conversion. If only a key part of the conversion module, Java program in the use of these modules, need to use JNI technology make the call.
Of course, in using this technology to protect Java programs, but also at the expense of cross-platform features of Java. For different platforms, we need to maintain different versions of native code, which will increase the software support and maintenance work. But for some of the key modules, sometimes this approach is often necessary.
In order to ensure that these are not native code modifications and alternative often necessary to digitally sign the code. Before using these native code, often we need to authenticate these local codes to ensure that these codes are not hackers changed. If the signature is checked by the relevant JNI method is called. This protection is shown in Figure 3. 
Figure 3 a schematic view of the conversion to native code
4. obfuscated
obfuscation Class file is reorganized and processing, such that the pre-processed code to accomplish the same functionality codes (semantics) after treatment. But the code is obfuscated are difficult to decompile, decompile after that is derived code is very difficult to understand, obscure and therefore difficult to draw people decompile real semantics of the program. In theory, if the hackers have enough time, it confused the code may still be cracked, even at present some people are developing tools deobfuscate. But from a practical standpoint, due to the diversified development of technology confusion, confusion mature theory, or through Java code obfuscation can well prevent decompile. Here we will detail obfuscation techniques, because confusion is an important technology for protecting Java programs. FIG 4 is a diagram of code obfuscation. 
4 a schematic view of FIG code obfuscation
Several technical summary of
the above techniques have several different applications, each has its own weaknesses, Table 1 is more relevant characteristics.
Obfuscation techniques introduced
in Table 1 different protection techniques comparison table
So far, for the protection of Java programs, obfuscation techniques or basic protection methods. Java obfuscation tool is very much also, including commercial, free, open source. Sun also offers its own obfuscation tool. They mostly of Class file obfuscate, there are few tools for source code is processed first, and then to Class processing, this increased the intensity of obfuscated. Currently, more successful obfuscation tool includes JProof company 1stBarrier series, Eastridge's JShrink and SourceGuard such as 4thpass.com commercially. Obfuscation key in accordance with certain confusion can be classified as follows, respectively for the symbol confusion (Lexical Obfuscation), data obfuscation (Data Obfuscation), confusion control (Control Obfuscation), preventive confusion (Prevent Transformation).
Symbol confusion
there is a lot of information not relevant to program execution in Class itself, such as method names, variable names, the names of these symbols often with a certain meaning. For example, a method named getKeyLength (), then this method is probably used to return the length of the Key. Symbol Obfuscation is to disrupt this information, this information becomes without any sense of representation, for example, all the variables are numbered from vairant_001; For all the methods are numbered from method_001. This will decompile bring some difficulties. For private function, local variables, may generally change their signs, without affecting the operation of the program. But for some interface name, public functions, member variables, if there are other external modules need to refer to these symbols, we often need to retain these names, or an external module can not find these names of methods and variables. Thus, most of obfuscation tool for symbolic confusion, provides a wealth of options, allowing users to choose whether or not, how to sign confusion.
Data obfuscation 
5 changes the data access
Data is confusing data used by the program were confused. The method also has a variety of confusion, changing the data store can be divided and encoded (Store and Encode Transform), changing the data access (Access Transform).
Changing the encoded data storage and data storage can disrupt programs used. For example, an array of 10 members, 10 open variables, the names of these variables and disrupted; and a two-dimensional array into a one-dimensional array and the like. For a number of complex data structures, we will disrupt its data structure, for example instead of a complex with a plurality of classes and the like.
Another way is to change the data access. For example, when accessing the array index, we can certain calculations, FIG. 5 is an example.
In practice, obfuscation, these two methods are usually used in an integrated, while disrupting data storage, but also disrupt the way data access. After confusion of data, semantics of the program is complicated, and this increases the difficulty of decompilation.
Control confusion
control confusion is to control the flow of the program were confused, so that the control flow of the program more difficult to decompile, change the flow of control usually need to add some additional computational and control flow, so the performance will bring some negative program influences. Sometimes, a trade-off between performance and degree of confusion program. Control confused most complex technology, skills are up to. These techniques can be classified as follows:
increase confusion by adding additional control, a complicated control flow, the semantics of the original program can be hidden. For example, performed in order for the two statements A, B, we can add a control condition B is performed to determine. Increase the difficulty of disassembly in this way. But all interference control should not affect the implementation of B. FIG 6 will be given in three ways, increased confusion control for this example. 
FIG 6 is controlled to increase three ways confusion
It is also an important method to control flow obfuscation control flow reorganization reorganization. For example, the program calls a method, the confusion may be the method of embedding the code to the calling program them. In turn, the program can also be a piece of code into a function call. Further, the control flow for a cycle, control flow can be split to multiple cycles of, or transformed into a recursive process cycle. This method is the most complex, staff research is also very much.
Preventive confusion
this confusion is usually for some special decompiler designed, in general, these techniques exploit weaknesses or Bug decompiler designed to confuse the program. For example, some decompiler for Return subsequent instructions not to decompile, while others will just confuse the program code on the back of Return statement. The effectiveness of this confusion for the different role decompiler also less the same. A good tool to confuse, confuse often integrated use of these technologies.
Case Study
In practice, the protection of a large-scale Java programs often require the integrated use of these methods, rather than using a single method. This is because each method has its weaknesses and application environment. These methods make use of the comprehensive protection of Java programs more effective. In addition, we often need to use other security-related technologies, such as security authentication, digital signatures, PKI and so on.
Examples of this paper is a Java application, it is a SCJP (Sun Certificate Java Programmer) exam simulation software. The large number of simulation applications with the subject, all the questions are stored in the encrypted file. Because it brought exam is a core part of the software, it is about access and access exam has become very core classes. Once these classes are related to decompile, all exam will be cracked. Now, let us consider how to protect these exam and related classes.
In this example, we consider the use of integrated protection technologies, including native code and obfuscation techniques. Since the release of the software primarily on Windows, therefore conversion to native code, only need to maintain one version of native code. In addition, the confusion of a Java program is also very effective for applications that are distributed independently.
In the specific program, the program will be divided into two parts, one is written by a native code module exam visit, the other one is the other modules of Java development. This higher level of protection of title management module is not decompiled. For Java development module, we still want to use obfuscation techniques. Referring to the schematic embodiment of Fig. 
Figure 7 SCJP protection technology solutions map
for the title management module, because the program is mainly used under Windows, so the use of C ++ developers access module exam and provide some access interface. In order to protect access interfaces exam, we also added a initialization interface for initialization before each use exam access interface. Its interface is mainly divided into two categories:
1. Initialization Interface
Before using the exam module, we must first call the initialization interface. When calling this interface, the client needs to provide a random number as a parameter. Bank management module and the client by the random number, according to a certain algorithm to generate the same SessionKey simultaneously, for all subsequent encrypted data input and output. In this way, only authorized (active) clients able to connect the correct connection, generate the correct SessionKey, information for accessing the exam. Illegal difficult for customers to generate the correct SessionKey, and therefore can not obtain information exam. If you need to establish a higher level of confidentiality, two-way authentication technology can also be used.
2. Data access interface
after authentication is completed, the client can access a normal exam data. However, the input and output data are data encrypted by the SessionKey. Therefore, only the right bank management module to be able to use the Bank Management module. 8 shows a timing chart of FIG bank management module, and other parts of the interactive process.
Original Address: http://www.cnblogs.com/dartagnan/archive/2011/03/24/2003434.html