Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I am looking for method to hide my plugin's javascript with complex obfuscator but i read everywhere that it is not possible to hide javascript completely.
I want to know that is there any way to hide java script with cryptography?
can any one make the algorithm which can be adopt by every web hosting like they have php , jommla, java, magneto etc in which we can encrypt our javascript with our own secret key and we add this key in our license manager in our hosting and on user side we can add license manager client in our applications which need to connect our server and get that key to run our application.
Doing this would be almost exactly like deobfuscating the code. If you obfuscate the code, and provide it only on pages when you're logged in, then this would accomplish pretty much the same task. At some point, you'd need to fetch this key to decrypt it to run it on the client, and when that happens, someone can easily reverse engineer the decryption code and get to the code that's being run on the client side.
Simply put: If it's run on the client side, at some point, you'll have to get it into a state that the compiler can read. At this point, someone can inject code to fetch that code, and reverse engineer the output.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm trying to develop an app with self-encryption for android.
The idea is following:
app should perform it functions (for example display "Hello world!") but...
the app code stored fully (partially) encrypted, i.e. "all what can be encrypted should be encrypted", so it can not be read by simple disassembling in a right way (i.e. it is literally encrypted (by AES for example) so it is represented to system as a number of random commands/symbols or smth. incorrect).
the "part" of the app should be decrypted before execution;
unused "parts" of the app should be decrypted after usage;
all operations mentioned above should be done by app itself.
So the core idea is self-encryption.
I know what is obfuscation so please don't mention it. The same thing with any side apps. I'm not going to spend all rest of my life in reverse-engineering))). So...
What is the right way to self-encrypt Android (JAVA) code?
How can be implemented the algorithm mentioned above?
Please provide any code snippets if u are able to do such things OR any links/information/articles/pseudocode/ideas
I thing the idea is great and really interesting, plus many people will be glad to know how to protect their apps.
[EDITED]
Thanks #Pace and #JimmyB for custom ClassLoader idea. I'll try to implement it. Also my thanks to #xalo which proposed metamorphic engine concept, I'll dig into this theme because i think it will satisfy my goal to a greater extent.
You shouldn't try to self-encrypt your app, it will add a lot of complexity for not so many protection.
In fact, hacker just have to reverse your decryption routine or to dump memory once the app is running.
Best way to protect against reversing as Java/Android app is obfuscation.
You can also look into remote metamorphic engine concept https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Amro-Abdelgawad-The-Remote-Metamorphic-Engine.pdf
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I created a Java programm which works on the serverside to communicate with an Android-App over Sockets. Now I want to check wether it is secure to hacking. I also asked in the Security.SE forum but this is programming related. So what do I need to look for in my Java-program to make it heavy to be exploided?
The first thing to check would be the server it's running on. You can cerainly checkout the https://www.owasp.org/ website. It is always a good source of security threats. Then there are a lot of pentesting tools https://www.kali.org/ has many of them built in.
But the most important might be how you've designed your API, I mean you're not very specific about what you need to know but some rules that will certainly apply:
secure the communication
make sure id theft is as hard as possible
never store userpasswords yourself(use a tokenbased system like oauth)
Obfuscation via proguard makes the program harder to reverse engineer.
Obfuscation combined with Ahead-Of-Time Compilation
1) Obfuscate names and encrypt strings using the tools not relying on the application being delivered in bytecode form. Make sure to disable control/data flow obfuscations.
2) Compile the obfuscated application down to optimized native code.
see link
http://www.excelsior-usa.com/articles/java-obfuscators.html
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am new to angularjs , can anybody guide me in performing CRUD operations in MYSQL and display in html form using angularjs... to be more precise... I want to store information to customer details such has name,consumer number,contact,address and update the same whenever necessary using java..
Hello and welcome to SO,
I created this diagram in order to make you feel more comfortable with the subject.
As you may see I didn't mention any language: Client, Server nor Database, because the language itself has nothing to do with REST APIs.
Instructions - begginer:
(If you are using PHP, I'd recommend SlimFramework, which is the light, scale, easy to start with, PHP Framework).
1) Pick a server-side language.
2) Create a Database Resource.
3) Pick a Server Side Language.
4) Create 4 Scripts that each does one of each:
Create,Read,Update,Delete.
5) Connect endpoints with each of the scripts, URL -
GET,POST,DELETE,UPDATE.
6) Verify that you can access each of them from the web (authenticated
or not).
7) After you verified that endpoints are working, time to connect
Angular:
7a) First try to create buttons for each action, and link it with
$http.get, $http.post, $http.delete, $http.put actions.
7b) Once it's working you might wanna step up and use ng-resource or
restangular.
P.S: I didn't supply much code information since once you understand what I stated on top, you'd realize that writing code for that isn't really hard.
After you complete these ,
You might wanna start with: Server side and Client side authentication, Performance, Multiple resources and collections, CORS and preflighted requests, and so on.
Good Luck.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I am beginning to write a basic "study-buddy" program as a side project. One important feature I want to implement is that the program can access the state of other programs running to prevent you from accessing them / yell at you. For instance, if you had Chrome open to Facebook, or if you launched a video game.
First off, is this even possible/reasonable to accomplish in Java? Second, specifically with Chrome, how can I access the programs state from another program that I am writing? More generally, how can I access ALL programs running on the computer and check to see whether anything violates "study-permissible" programs?
I would put this as a comment, but my reputation point is not enough.
One way is using the commands the operating system provides. You can run a command with
Runtime.getRuntime().exec("<command name>");
This will give you the related process and you can get the output of that process just as manually running the process. Then, you can utilize the output.
Basically if the OS provides you that information manually, you should be able to get the information within Java.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Hi I want to create a small web application which will take inputs such as 80 and 120 and return the GCD of those numbers. I want to write the logic in Java. When the user enters 80 and 120 and clicks on calculate button, the values must be passed to the algorithm and return the answer to be displayed on the application again. How do I link the java algorithm to the html page in order to achieve this? Kindly suggest. Is there no other way of doing this other than creating a Java applet for this and deploying it on the application? Kindly help.
Use "Applets" if you want the Java code to run in the users browser and not on a remote server.
Applets are, however, a waning technology due to the numerous attacks that has gone through the JVM to avoid the security checks in the browser, so your users will most likely not see the experience you want them to. Additionally I believe that the ability for the Java program to interact with its surrounding page has been crippled again for security reasons.
Your best bet is to use Java for server side code only (which it is quite fine for - Google Application Engine is perhaps the easiest way to get started) and to use JavaScript for client side code.