All geek questions in one place

Encrypted Java Class Loader

I will get to the point, so you do not need to read a lot.

Basically, I have an AES-128bit Encrypted Jar file. I want to create a launcher so that I can load this encrypted Jar into memory and run it (using the key).

I have a simple class loader, although if I do not decrypt it in the directory and run it, it obviously will not do what I need (decrypt and load memory).

TL DR: I need to make an encrypted can of AES-128bit in memory.

Any help is greatly appreciated, feel free to ask questions!

+6
source share
2 answers

For an example of code on how to load jar / class from byte[] (which should be the result, you will get it after decrypting it in memory / there is no need to save it anywhere in the file system) see http://www.javaworld.com /javaworld/jw-10-1996/indepth/indepth.src.html

Basically you need to use defineClass to achieve what you want.

BUT READ OUT that this does not provide real security, since everything ends (after decryption) as Java bytecode in memory and can thus be accessed / managed / stored, etc.

A bit of security could be realized by implementing a custom JVM and / or preliminary JIT code so that it is native ... for some information, see for example How do I create an encrypted Jar file?

+8
source

This article is a good read that perfectly illustrates why air protection of your code is simply not possible. You can make it harder, very hard, even if you are as low as possible, for example. compile your code into native instructions that are not (cleanly) represented using ordinary language constructs.

But you must remember that in any case, your encrypted data must be decrypted using some key, and this key will be, at least briefly, but the important point is that it will be, in the end, in memory. There is no way around this with common operating systems and hardware. So, as a hacker, you can always go back to extracting the key from memory and work back from there. Not what average users are capable of, but it is certainly possible.

+1
source

Source: https://habr.com/ru/post/899856/

More articles:


All Articles