de.schlichtherle.util
Class ObfuscatedString

java.lang.Object
  de.schlichtherle.util.ObfuscatedString

public final class ObfuscatedString
extends Object

A utility class used to replace string literals in Java source code with an obfuscated representation of the string. Client applications should use this class to implement the LicenseParam, KeyStoreParam and CipherParam interfaces in order to make it considerably hard (although still not impossible) for a reverse engineer to find these string literals while providing comparably fast operation and minimum memory footprint.

To use this class you need to provide the string literal to obfuscate as a parameter to the static obfuscate(java.lang.String) method. Its return value is a string which contains the Java code which you should substitute for the string literal in the client application's source code.

Please note that obfuscation is not equal to encryption: In contrast to the obfuscation provided by this class, encryption is comparably slow and expensive in terms of resources - no matter what algorithm is actually used. More importantly, encrypting string literals in Java code does not really increase the privacy of these strings compared to obfuscation as long as the encryption key is still placed in the Java code itself and tracing the calls to the JVM is possible. Hence, obfuscation is selected in favour of encryption.

In order to provide a reasonable level of security for your application, you should always obfuscate the application code too, including this class. Otherwise, a reverse engineer could simply use the UNIX "strings" utility to search for all usages of this class, which would render its use completely pointless! In case you're looking for a Java code obfuscation tool for this task, please consider ProGuard, available and usable for free at http://proguard.sourceforge.net.

This class is designed to be thread safe.

Author:

Christian Schlichtherle

obfuscated

private final long[] obfuscated

The obfuscated string.

UTF8

private static final String UTF8

ObfuscatedString

public ObfuscatedString(long[] obfuscated)

Constructs an obfuscated string.

Parameters:

obfuscated - The obfuscated string.

Throws:

NullPointerException - If obfuscated is null.

ArrayIndexOutOfBoundsException - If the provided array does not contain at least one element.

See Also:

obfuscate(String)

appendHexLiteral

private static void appendHexLiteral(StringBuffer sb,
                                     long l)

main

public static void main(String[] args)

Obfuscates each given argument.

Parameters:

args - The command line arguments.

obfuscate

public static String obfuscate(String s)

Returns a string containing obfuscated string generating Java code which you can copy-paste into your source code in order to represent the given string. Obfuscation is performed by encoding the given string into UTF8 and then XOR-ing a sequence of pseudo random numbers to it in order to prevent attacks based on character probability. The result is encoded into an array of longs which is embedded in some Java code which would produce the original string again. The sequence of pseudo random numbers is seeded with a 48 bit random number in order to provide a non-deterministic result for the generated code. Hence, two subsequent calls with the same string will produce equal results by a chance of 1/(2⁴⁸-1) (0 isn't used as a seed) only!

As an example, calling this method with "Hello world!" as its parameter may produce the result "new ObfuscatedString(new long[] { 0x3676CB307FBD35FEL, 0xECFB991E2033C169L, 0xD8C3D3E365645589L }).toString()". If this code is compiled and executed later, it will produce the string "Hello world!" again.

Parameters:

s - The string to obfuscate. This may not contain null characters.

Returns:

Some obfuscated Java code to produce the given string again.

Throws:

IllegalArgumentException - If s contains a null character.

toBytes

private static void toBytes(long l,
                            byte[] bytes,
                            int off)

Encodes a long value to eight bytes in little endian order, beginning at index off. This is the inverse of toLong(byte[], int). If less than eight bytes are remaining in the array, only these low order bytes of the long value are processed and the complementary high order bytes are ignored.

Parameters:

l - The long value to encode.

bytes - The array which holds the encoded bytes upon return.

off - The offset of the bytes in the array.

toLong

private static long toLong(byte[] bytes,
                           int off)

Decodes a long value from eight bytes in little endian order, beginning at index off. This is the inverse of toBytes(long, byte[], int). If less than eight bytes are remaining in the array, only these low order bytes are processed and the complementary high order bytes of the returned value are set to zero.

Parameters:

bytes - The array containing the bytes to decode in little endian order.

off - The offset of the bytes in the array.

Returns:

The decoded long value.

toString

public String toString()

Returns the original string.

Overrides:

toString in class Object