September 2, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Java Language Integrity & Security: Fine Tuning Bytecodes

  • April 4, 2007
  • By Matt Weisfeld
  • Send Email »
  • More Articles »

The second step in obfuscating this code is changing all the methods to a. By this time. it may seem that you are being a bit boring by changing everything to simply a. However, this is the point; make the code boring and more difficult to read. And, as you are finding, boring code can also provide security and performance advantages.

Rather than provide a complete and separate code listing for both Steps 2 and 3, and in an effort to save some space (your own performance requirement), you will combine the listing for both steps.

Where Step 2 changed all the methods names to a, Step 3 changes the class names to a as well. In this case, there is only a single class name, CompanyApp. Listing 6 shows what the code looks like with all the programmer defined names listed as simply a.

public class Performance {

   public static void main(String args[]) {

      a app = new a ();

      app.a(2001);
      app.a(3001.0);

      System.out.println();

   }
}

class a {

   private int a = 1001;

   public void a(int number) {

      int a = number;

      System.out.println("nInside Employee");
      System.out.println("companyID      = " + this.a);
      System.out.println("employeeNumber = " + a);

   }

   public void a(double bal) {

      double a = bal;

      System.out.println("nInside Finance");
      System.out.println("companyID = " + this.a);
      System.out.println("balance   = " + a);

   }
}

Listing 6: The Example Application, Obfuscating the method and class names

Another interesting issue here is that the two may have the same name, a ; however, they actually do have different signatures.

   public void a(int number)
   public void a(double bal)

Because the first method passes an integer and the second a double, you have the luxury of being able to name them the same. If they both had the same signature, they would have to have unique names. There are a lot of subtle issues that you can take advantage of, from both a practical and an academic perspective.

When the Listing 6 application is executed, you get the exact same results that you obtained with the more readable code, shown in Figure 3; however, you now have code that is somewhat more difficult to understand and has a bit better performance.

Obviously, these examples are meant to represent the concepts behind the techniques and for small applications like these, the effect is not that great. Yet, when these techniques are extrapolated for much larger applications, the benefits can be significant.



Click here for a larger image.

Figure 3: Example Application Output after Obfuscation (same result)

There is also the issue of the strings in the println() method.

   System.out.println("amount  = " + a);
   System.out.println("balance = " + b);

These strings convey some of the intent of the code. You can even hide their meaning by using attributes for the string descriptions and loading them via parameters, file or database loads, or even user inputs.





Page 3 of 4



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel