I am currently working on a project that utilizes the jfreechart library. I am currently using the jar file for this library by adding it in my build path. However I do not need the entire functionality of the library. I would like to carve out only those sections of the library I have used my code and obviously the dependent code.
My ultimate aim is to reduce the size of the project. I have to meet some size targets and using the entire 7 mb jar library is not an option.
I wanted to know if there is a way to do this apart from manually checking for dependencies?
I would ideally like to apply any suggested method to the jar file of the library but if there is a convenient way to detect unused code in the source code I am willing to import the source code into my project.
I apologize if my request is a repeat or a stupid question.
Thanks,
Sudipto
Unfortunately, you can't do this without (arguably) violating the JFreeChart license.
JFreeChart is licensed under the Lesser GNU Public License, and one of the tenets of that license is that the end-user should be free to modify or replace the licensed software embedded in your software. If you cherry-pick classes from JFreeChart and incorporate them into your JAR, you make it difficult for your users to exercise their right to replace the embedded JFreeChart classes. This is certainly against the spirit of the LGPL.
For more details, refer to the GNU LGPL and Java page.
If you want to do this kind of thing with JFreeChart, you will need to get permission from the copyright holder. If your supervisor is really keen to keep the download size down, a large cash donation to the JFreeChart project might help them come around to his way of thinking. (Disclaimer - I have no connection whatsoever to the project.)
This can indeed be hard to determine because execution paths of an application can differ per run. However there is the Instrumentation interface which can show you all the classes currently loaded by the JVM. That should give you an idea which classes to keep. As long as you have run all the possible outcomes of the application.
Generally speaking, this is of course a bad idea, but since you've asked...
Related
I got the Java classes from an APK after using some tools like dex2jar and JD-GUI. As everybody knows Java byte code can be converted to Java classes back so mostly it is optimized and obfuscated through some tools (like ProGuard is used in the case of Android) to make it secure from others. So what I got is obfuscated code and I want to make it error-free, readable, understandable so that I can further modify it for my own purpose (for my personal use only, I don't mean to violate any copyrights). So any help i.e advices, tools, helping material to make this obfuscated code much closer to what was written by a developer or to make it error-free and understandable will help me a lot. Currently my focus is about to reversing obfuscating techniques used by ProGuard like when I tried reverse engineering on my own projects and found that:
int resource values can be altered with ids by matching through the R file which is generated with reverse engineering.
The if/else conditions mostly converted to while(true) and some continues and breaks.
Inner classes mostly broke up to separate files
So, any other techniques and helping material for the above mentioned ways which can describe how to properly reverse them will be very helpful.
There isn't a magical tool that will refactor obfuscated code into a buildable project. Most likely, you won't be able to decompile and de-obfuscate an APK to be clean and maintainable code. This is a good thing.
There are tools which are better than dex2jar and jd-gui. One of them is apk-deguard, which claims to reverse the process of obfuscation. From their about page:
DeGuard
DeGuard (http://www.apk-deguard.com) is a novel system for statistical
deobfuscation of Android APKs, developed at the Software Reliability
Lab, ETH Zurich, the same group which developed the widely used JSNice
system. Similarly to JSNice, DeGuard is based on powerful
probabilistic graphical models learned from thousands of open source
programs. Using these models, DeGuard recovers important information
in Android APKs, including method and class names as well as
third-party libraries. DeGuard can reveal string decoders and classes
that handle sensitive data in Android malware.
You should use Enjarify, which is owned by Google, instead of dex2jar. Also, apktool is good for decompiling an APK's resources, which is not handled by dex2jar and enjarify.
Other tools include jadx, procyon, fernflower, show-java, smali/baksmali.
You will need a good IDE for refactoring. JEB looks like a good tool for refactoring. This is a paid tool mostly used by Android security researchers.
This should help:
DeObfuscator
Reverse engineering is a difficult task (i would say subtle art), mostly hit and miss, especially with obfuscated code, what you can do is to focus in some special function, that seems pretty obvious and start from there, renaming and refactoring classes, also a good IDE may help you a lot (my personal recommendation: NetBeans).
I'm looking for an update library for the software I am developing. It's a small software, but I'd like to imbue it with some nice features. One of those is auto-update. I've developed 2 class library to do this job for me, but I'd like a more robust library, becuase it's missing some features. Between the features the library could have, these could be in it:
Generate a difference file based on the old version (jar for example). Given the current version of the jar, and the new jar file, generate a new jar that will be downloaded by the clients, puting only the files that were changed since the last update.
Check some kind of checksum. Each file inside the JAR have it's own checksum, or the whole jar having a checksum.
Generate those checksum. If possible, while attending to the first item. File by file, or jar by jar, given the new files.
It would be nice if it could deal also if the input is a folder or a jar.
Merge the current jar with the downloaded one.
P.S.: I'm not writing a web-based (that runs in a browser) application.
Thanks for the attention.
Found the perfect solution for my needs in this answer: java web start alternative
Please take a look at this software https://code.google.com/p/getdown/ It claims it can be GCJ and be used to update also non-Java applications. But this does fills my expectations!
There are many possible ways of doing that. In fact, you already pointed what you need. While developing such a solution isn't a big deal, there are also many libraries and products that already do that.
Some examples are already stated in similar questions, like:
Autoupdate Feature in a Java Swing Desktop App
or
Design of auto-updating software
One example, out of a simple google web search is Autoupdate+
One thing to remember is that the install/update software doesn't necessarily need to be written in Java itself...
There are few open source projects/APIs/libraries that we use in our project (Spring, Struts, iBatis etc.) and I want to understand their design and how they work internally.
What is the best way to understand these projects? Note that I am already using these libraries in my project. And I know the input-output interaction/configurations for these libraries. What I don't understand is how these APIs/libraries work internally.
The problems I face is:
Finding the entry class of the library. Is there any way I can know the entry class for the library - something which is kicking the whole API?
Tools/Plugins to use in Eclipse to get an overview of the design of the library. Going through each and every class of the library, can be a very daunting task. Is there any tool you would like to recommend which can generate the class diagrams of the API in Eclipse.
Thanks in advance!!
UPDATE: I need some inputs on eclipse plugins which can help me in getting an overview/class diagram of the library
I always use the same strategy for this: I never try to "understand" the code base as a whole, and I usually try to follow the request flow. I read enough of the documentation to determine what is necessary to use the application, and I read that code (Keep all source code loaded in your IDE).
For example, in struts you'll be installing a servlet filter in web.xml. Start reading the filter and follow the path a single request takes through your stack.
Likewise for spring, there are two main entry points, the filter and "getBean", both of which are mentioned real early in the documentation. Read those two.
For both of these cases you'll find one or two classes that represent the "core" of the framework real quickly. Read those really well and let actual use cases & needs drive your further exploration.
Approaching "understanding" of an open source library (or any other code base for that matter) by trying to find all the pieces is usually not a very good way of approaching these things, it will usually just lead nowhere because a lot of these things contain too much code. When following the request flow I find making diagrams can also be quite distracting, it tends to draw attention/focus away from understanding (and since my understanding increases rapidly most of them are out-of-date even before they reach the printer).
Nice question!!!, what I've done, specially in the case of Spring, apart from consulting the Documentation and their API's is to attach the sources of the project to my project on Eclipse, that way I'm able to navigate through the source code, not just the API. Its been quite helpful specially in the case of the Spring-Security project, there were some concepts that I just couldn't understand until I inspected the source code.
That's one of the advantages of using Open Source libraries.
Regards.
Tools like Structure101 (http://www.headwaysoftware.com/products/structure101/index.php), and Lattix (http://www.lattix.com/) let you analyze code and produce architecture diagrams / dependency matrices.
This is not exactly class diagram - the main focus is on layering. So the entry point is usually the topmost layer.
But then again, as I specified above, you will notice that some libs are just a mess, and these tools will not be helpful enough.
See the S101 online demo: http://www.structure101.com/java/
This for example is the Sonar project architecture: http://www.structure101.com/java/tracker/sonar/1.11.1/arch.html
Your best bet for those three would be to consult the official documentation (make sure you are looking at the version you are using) or to get a book on the technology.
Most APIs don't have a class with a main method; they're running in the webserver called by the server itself. Unless they're running as their own server, they won't have a main method.
I've had several classes - university level - on Java.
However, what these classes lack is some practical approach to Java - or, to programming as a whole. Things you can only learn in a business.
However, since I am not allowed to use Java on the workfloor, I don't get to learn this now - even though I would like to.
So I guess what I'm asking for is any number of plain have-to-know Java resources. Things concering, for example, what Ant is and why and how to use it; using revision control systems from your IDE; standard Java libraries you would use often ... Anything that would help with actual software development, really.
As some side information, I've been using Eclipse for about four years now, and I feel at home there.
I have a system that works fairly well for class assignments and for projects as well. Firstly, I create one Eclipse project per class. This way I can re-use classes from previous assignments. You can also customize your classpath by adding another project as a library.
I use the Maven plugin for Eclipse M2Eclipse. Not only does this give you the ability to search for libraries and add them easily but the exec:java plugin is an easy way to execute your code from the command line. It's helpful because when it executes your code, it uses a classpath that includes all linked Maven dependencies. If you aren't using external libraries, you might not need Maven but I've found it to be helpful to learn in preparation for the job market. It's fairly simple to start with plus there are a ton useful plugins for open source projects.
Next, for revision control I recommend Subclipse. You can get a free SVN account with a single login from Unfuddle.com. Link that up to your Eclipse environment and Import your project.
When I want to get a particular class specification, I go to Sun's Java documentation.
Another excellent resource that will certainly give you the reference material (searchable!) to answer any java question would be this torrent containing ~100 ebooks on Java, sorted by directory on various topics (like Ant, Eclipse, or Swing).
I have made a java project and want to deliver it to a client but I don't want to deliver it as a jar file as the client can see the source code easily by unpacking the jar file.
How can I pack my java project so client cannot look at the source code or cannot change the source code?
One more thing, Can I integrate a key functionality so that client can only access that software by first registering it with the key provided by me?
Second, can I integrate another functionality through which the software can run only on a single machine through that key?
Remember, the software should still have the cross-platform functionality and if it is not possible then how can I made it for Debian Linux as I have made it on Windows.
To your first point. Why not only jar up the class files? These are in byte code so the client will not be able to view the source.
As to providing a key. This can be done and there are libraries that allow this, but be careful as , to my knowledge at least, there has yet to be developed a DRM system that hasn't been cracked. and most users do not like software restricting what they can do. The same point applies to your third question.
Obfuscators
There are some simple things you can do to make it a bit difficult for a client to get hold of your source code and to enforce per-host (etcetera) licensing. For example, obfuscators make it harder to reverse engineer bytecode files, and license managers support a range of restrictions based on the "keys" that you generate and supply.
The problem is that none of these protect you against someone who is determined to subvert the restrictions are trying to impose. For example, no obfuscator can prevent someone figuring out where your code calls a license manager, and once they know that they can modify the code to subvert any license checking.
Short of locking down the entire execution platform (e.g. turning of the client's ability to run debuggers, read physical devices and so on), there is nothing you can do about this.
A more viable strategy is to include appropriate protections in the software license that you require the client to sign. And accept that there is a risk that you may need to take clients to court if they willfully violate the license agreement.