bfuscate. According to the Merriam-Webster dictionary
, obfuscate is a transitive verb meaning to darken, to make obscure or to confuse. In the software engineering business, obfuscation refers to "the deliberate act of nondestructively changing either the source code of a computer program or machine code when the program is in some compiled or binary form, so that it is not easy to understand or read
." Evidently, the author of this last definition must have seen some of my late-night code and decided that the adjective "deliberate" should be added to the definition lest someone mistake plain-old poor quality coding for obfuscated code. All kidding aside, obfuscation can be a serious tool in Java programming.
In J2ME, obfuscation can help protect applications that are deployed to millions of devices. Importantly, but often forgotten, obfuscation can also help developers with some other equally important issuesnamely application size and performance.
These two issues are especially sticky when you're developing for small mobile devices. However, though this article deals strictly with Micro Edition apps, most Java applications could stand to take advantage of the better security, smaller footprint, and improved performance obfuscation provides. You'll find out what obfuscation does to J2ME code and why more developers should use obfuscation when delivering applications. You'll also look at how tools and IDE's provide obfuscation and see that not all obfuscators are created equal (there are various obfuscation methods of which you may not have been aware).
There are three reasons why you should consider obfuscation:
Protection of Intellectual Property
- Protection of intellectual property
- Footprint reduction
- Improve runtime performance
You've just created that killer J2ME application. You made a deal with a device manufacturer to put your application on millions of cell phones. With your application literally in the hands of so many people, how do you protect your intellectual property? If you think it takes special tools and training to reverse engineer your application, think again. Look inside your Java SDK bin directory. That javap.exe
tool in the bin directory is a Java class file dissassemblerprovided with the freely available SDK download. Getting a hold of your intellectual property is as easy as getting a hold of your class files and running:
Obfuscators help protect your property and make it harder to decompile code. The key and operative words in protection are "make it harder." Obfuscation is not encrypting your intellectual property with crypto. It only makes the code that comes out of a decompiler like javap.exe
harder&3151;often much harderto understand and reverse engineer. Most of the obfuscator vendors will use the term "nearly impossible" when referring to the ability to reverse engineer code that has been obfuscated with their tool. While nearly impossible is good enough for most applications, it shouldn't be confused with completely secure.