Re: Obfuscating methods

On Sep 12, 8:14 am, cmurthy <Chandrika.Mur...@xxxxxxxxx> wrote:
I'm not a hardcore JAVA programmer though.
But why aren't the code Obfuscated?

Why should they? And please don't give us that "trade secret" thing.
The majority of all code varies from bog standard code to junk code,
and the only trade secret is the mediocre or disgusting code quality.
It is usually the junk code authors who think they need to obfuscate,
so they can hide the disgusting code quality. Another larger set of
people who thing they need to hide something are the ones using stolen
code, e.g. non-compliant usage of GPL code is becoming epidemic.

C code can be disassembled, Java code decompiled. The difference? Java
decompilation can be done faster than C disassembly. Obfuscation slows
down Java decompilation. But it does in no way prevent decompilation.
A villain can still get your oh so precious code. They can get it with
C code, they can get it with Java code, they can get it with
obfuscated Java.

Above, did you intend to say that Obfuscating the code doesn't matter
to them at all?

I don't know what Andrew intended. In my opinion obfuscation doesn't
gain you anything, except that it delays decompilation by a few days
or weeks.

Stating the issue i'm facing, I have created/used Java Wrappers around
a few API's written in C.
As a matter of Security issue,

Security? Did you say SECURITY? You have no fucking clue about
security if you think obfuscation of any kind will protect your APIs.
And we are not even talking about Java obfuscation here. A simple
assembler debugger can reveal your oh so precious C APIs. No one would
even have to look at the Java wrappers.

we need to use some kind of Obfuscation
for protecting the code from being reverse engineered.

No, you don't.

First, there is a great chance that there is objectively no secret at
all in your code worth protection.

Second, in the unlikely event that there is something to hide, then
you are vastly underestimating the abilities, talents, determination
and resources of people being interested in it. Whether it being the
proverbial lonely hacker, interested competing businesses or
government agencies.

Third, your best bet for protection is the law and product quality.
That first of all requires that your software adheres to the law (e.g.
no usage of GPL code without releasing all source, etc.).

Do you suggest any of the better Obfuscators being used commercially?

I am not Andrew, but I don't suggest obfuscation. It is a waste of
time and money. And even worse, it gives you a false sense of
security.

.