I need to upload some files on my server.To problem is that the files are encrypted(.p7s extension) and i want to decrypt them first.
This is the application i'm using to remove the encryption
There is anyway to remove the encryption directly from my java code?I read something about bouncycastle library, but i really don't know how to use it.
Thanks in advance.
There is a Application called Keytool to read those files. The app is distributed with every java sdk. The code is implemented in Java, so you should be able to debug the application.
No need for bountycastle, even if the documentation is better.
Related
I have looked at this answer provided here, and here, and here
The answers provide some useful information but I wanted to know if there are better ways to do it.
I have built my apk and I used pro guard, but when i decompiled the apk, everything was the same as they were before the compression.
The name of the classes and some variables were obfuscated but a Newbie could have looked at the code and would understand how the app works.
In my app I want to hide the core network communication between the app and the server. For example, the address of the server, the JSON format etc.
I came across something as way to protect from decompilation is putting the java.class files into jars and then signing them and then add them as a library to my app.
My question is:
Is it the correct way to do it ie. using the jar signing ?
No. Jar signing is used to make sure the file isn't tampered with. You can still decompile it.
Rather than wasting time worrying about decompilation, you should concentrate on something useful. Obfuscation is used to save space in Android, not to prevent people from looking at your code. Besides, did you really create something so special that you need to protect it? (Be honest now)
As we know that a java jar file can be easily reverse engineered to get the source code, how should I distribute my twitter app which has been made using twitter4j so that on decompiling the jar file, the user is not able to get the app key and secret?
You can use a obfuscator program like one of the below suggestions:
http://proguard.sourceforge.net
http://www.yworks.com/en/products_yguard_about.html
http://www.e-t.com/jshrink.html
http://home.comcast.net/~shvets/Programs/Tools/CafeBabe/
Hi I have a game made in Java and Slick2d and I have a folder that contains all of my resources (images, sounds, etc) and I was wondering how to encrypt them so people can't edit them? I tried MD5 but I'm not really sure how it works and I'm not worried about people breaking into the code because I have spliced the jar into an exe file. Also if I need to know how to decrypt the files so that they can be used in the code please explain that too.
There is no way to protect the images/resources, all you can do is make it slightly harder. If you deliver your images/resources to the client then they can always decrypt them, after all the client has to display them unencrypted at some point in time.
Btw.: MD5 is a hash-algorithm, it is used to check if data is undamaged.
MD5 is a hash function which is irreversible and two input may produce the same output.
in case the content of the files is not 'secret' you can use MD5 for a verification process, this should be quite easy.
Create a hashtabe (or just a table) with the hashes of all the resources your application uses
Once the applet lanched create an hash for each of the files and compare it with your table, if its not the same, someone has changed the content of your jar file.
I'd recommend to keep the hash table within the code so it will be harder to modify
If you are using your resources, you have to decrypt them then the client can use them, because they are being used in the game.
I want to make setup file for java swing application .
I am creating the setup by writing the script file and selecting the source file as jar and other necessary resources .
Now i want to make my jar disable to extraction .
Is there any way from which i make sure so that no can access the resources from my jar file either the class files or images etc.
thanks in advance
You can make it harder to get your resources, but you can't make it impossible. That's not a Java problem, by the way, but a general one of distributed software. In order to access your resources, your program (or in the case of Java the runtime environment) must be able to unpack them. Even when you encrypt them somehow, the program needs to include the decryption key and the decryption algorithms. A determined user can find these through reverse engineering, and use them to get your resources.
You could try obfuscating your codes.
This is the one I have used for obfuscate.
http://www.zelix.com/klassmaster/
You could find more tools for that.
You can use java webstart, your jars will be kept in cache so very its hard to access.
Java Web Start Guide
I am currently creating some little Framed application in java.
When we clean an built a main project with netbeans (therefore creating a jar file), does it create a secured jar file ?
What I mean is that mine contains some tables with keys and I don't want that future users can be able to watch these key logs.
So is the code totally hiden ? In case not, how can we "protect" jar files please?
Thank you in advance for your help, please let me know if I wasn't clear enough.
EDIT : I am currently under windows 7
It isn't at all protected. It's just an archive (built on ZIP) of .class -es and other resources, metadata, etc.
You could try and obfuscate java bytecode with tools like Proguard. That would give you some protection, that is - it would make reverse-engineering more difficult.
My suggestion would be to encrypt the files that have the sensitive information, before you jar them. Let the application decrypt them when it needs to use the data. Use a ramdom-looking encryption key so people will be unlikely to figure it out by listing the strings in your class files.
Although this does not prohibit someone from viewing the contents of the jar file there are mechanisms that provide tamper evidence and prohibit someone from creating an additional jar that appends methods to your package.
This is called signing and sealing.